Good day! Have you come across the concept of the Ledger…
– Oh my goodness, please refrain from using offensive language.
Wait a moment; we won’t bore you with a repetitive summary. This post serves as a brief reflective piece for your consideration and to potentially ease your concerns. If you’re already up to date, feel free to scroll down to the “What now?” section.
Unfortunate events surrounding Ledger
A few days ago, Ledger announced the introduction of a service called Recover. It enables users who voluntarily sign up and subscribe to utilize it as a backup for their private keys. The service divides the user’s seed phrase into three encrypted fragments, which are then sent to third-party companies… something along those lines. Ledger, in particular, made assertions about their utilization of a secure element, and six months ago, they published a post stating: “A firmware update cannot extract the private keys from the Secure Element.”
To put it bluntly, they essentially deceived us, to our face, once again. Truly, they acted foolishly.
However, the problem lies elsewhere – any hardware wallet can have firmware programmed to extract the seed, as it appears after this deceptive act. The issue is that Ledger is not open-source, so it’s impossible to verify whether this is happening, regardless of how many assurances they provide regarding the absence of a backdoor.
– Trezor has the capability to do the same thing, but since it’s open-source, you can somewhat examine it;
– GridPlus is similar to Ledger in this regard, but they have made promises to open-source their technology soon.
Ultimately, it all depends on your individual threat model. But if we choose to entrust our information to Ledger, it’s important to recall the incident of the Ledger data leak in 2020, which exposed users’ information, among other things…
You were already aware of their potential to do so; you simply didn’t consider it!
Remember the time when you happily downloaded new integrations for different chains on Ledger? However, some of these chains were not previously included in the old encryption list. Therefore, they were considered new additions. Well, this wouldn’t have been possible unless this “backdoor” existed. Essentially, developers from around the world continued to install those updates without a second thought.
So, what now? Are there any alternatives to consider?
Try to refrain from updating the firmware for as long as possible. When Metamask ceases to function with older versions… well, seek out another extension like Frame or similar options. That’s one possibility. In this case, you have to assume that the developers at Ledger haven’t deceived us yet and haven’t installed a backdoor in the firmware.
Alternative options include Lattice1 and AirGap. Simply search for them online and learn more.
What now?!; the government might be monitoring me.
Introducing Gnosis Safe. If you prioritize maximum security, create a safe. Make it a 3/5 configuration in case you fear losing 2 out of 3 keys. You have to trust that the contracts are secure, considering the significant amounts they hold nowadays… we all hope they are. It’s similar to the situation with Saylor, where if he were to get hacked, the consequences would be quite severe.
Be cautious not to harm yourself, unless you genuinely enjoy “DP”…
“Enhancing your security measures can take you a long way, but it’s crucial to ask yourself: Are you truly worth the effort and knowledgeable enough to make the right choices? Non-developers face a high risk of unintentionally jeopardizing their security. Are your resources substantial enough to justify the investment?
– Using a VPN like NordVPN may offer a false sense of security.
– Double-encrypting something can be counterproductive.
– Revealing your real name in apps can compromise your safety.
How anonymous can you truly be, considering you’re not anonymous at all? Avoid going overboard with extreme measures; the outcome is rarely favorable. However, if you’re curious, the CIA offers insights on these matters – you can check it out.”
For those seeking to conduct comprehensive and thorough due diligence, here are a few additional resources to explore:
– https://twitter.com/Mudit__Gupta/status/1659071865762230274
– https://twitter.com/notsofast/status/1658538053219016707
– https://twitter.com/PixSorcerer/status/1658511668853501952
Shemhamforash 