Are Ledger Devices Safe to Use? Is Ledger Compromised? A Rational Discussion | The CryptoDad 

CrytoDad, you did a good job! Thx!

in term of educating people, cryptodad is objective and honest. Thanks cryptodad.

thank you CryptoDad boomer! we have featured your video in recent boomer on base article :) cheers

I appreciate that. I forgot to mention that I've been using ledger devices since 2017 and have never had any issues either.

@@CryptoDadI have found Ledger to be a reliable and secure option for me, and I have not experienced any issues with hacking or security breaches, as some users have reported. Despite exploring other cold wallet options, I continue to rely solely on Ledger due to its proven track record of security and performance. I want to emphasize that my statement is based on my personal experience and is not influenced by any affiliation or promotion with Ledger. Thank you and keep up the good work!

Yes. One of the issues I have with this, is that a lot of newcomers are being scared away by people pushing this narrative.

@@CryptoDadmostly Trezor fanboys and employees of other hardware wallets. Heavy is the head that wears the crown.

These new people are repeating opinions they heard from qualified security experts in the field that have many valid concerns about Ledger security. If you learn about crypto security a bit more you also might understand what they're talking about.

Facts you cannot deny: Ledger for a long time promoted their products stating it would be "physically impossible" to extract the private key from their devices since their "secure element" chip was, again, designed in such a way that would make it unfeasible. By design. "Physically impossible". And then, some years later, they launch a "service" that does exact that --extracts the key from the device. The fact that they say you need to agree and give them permission to do so is irrelevant --Ledger lied and should not be trusted ever again.

I appreciate that

Could have been in the software years ago and you did not even know it. A Ledger is 1000 times more secure than a hot wallet.

Both very concerning. I’m still paying the consequences of the email hack!!! I like Crypto Dad but I’ve abandoned Ledger.

Recover isn't the problem. Adding key extraction capability to Ledger hardware is the problem. Ledger Recover should have required separate hardware so their Nano hardware would stay truly "cold" and Recover hardware could have been "hot/semi-hot." People don't want to admit this, but Ledger hardware wallets aren't cold wallets anymore. I'm really surprised to see Crypto Dad, who I considered to be honest and trustworthy, suggest otherwise. He knows better. Hardware wallets should be able to share signatures, but never keys. Never keys. I'm also shocked that he suggested trusting Ledger until their hardware gets hacked. Ledger hardware has already been hacked, but their bounty program requires signing NDAs to keep those hacks private. I know Crypto Dad knows this as well. This video was very disappointing. I wish Bitcoin didn't have so many influencers who care more about brands than security.

@@asteriskesque How do you know that it was not there from the beginning?

@@onepunchvegan866 You're right, and you're proving the point that closed-source code can't be trusted, because you can't verify what's in it.

Yet.

Yes, I totally agree it was a violation of one of the basic tenants of self custody to offer a seed backup feature to the cloud. It would have been great if they would have had two product tracks. As you mentioned, one with, and one without the recover feature. For whatever reason, they decided to integrate it going forward on all of their devices. In their defense, the Ledger recover seed exportation process can only be initiated locally by the user and is in fact totally optional.

Thanks!

No need to limit yourself to one device or one particular brand. It's probably obvious, but I own several crypto hardware devices. And I use them all in different circumstances.

My pleasure!

Much appreciated!

Drives me crazy when they say that

Ohh, I can't argue with you there. If you're uncomfortable with some of the features of the device, then definitely find something else. I'm just trying to address the issue of people claiming that the device is able to do this without the user's intervention.

Yes, this ^. The attack surface is greater. Also, if you are BTC only, then multi coin support increases it further.

Thanks for the vote of confidence. I’m glad what I said was able to help you.

That means a lot to me!

I appreciate that!

Thanks for the sub!

Yes, thank you. I have been meaning to expand on some of the more advanced features of the ledger STAX. I have some raw video. I just need to get it edited and posted.

Thank you. I won't call you crazy for being security minded. In fact, you are in really good company. Andreas Antonopoulos is also leery of Bluetooth in hardware wallets. Recommended Video: Bitcoin Bitcoin Q&A: Are Hardware Wallets Secure Enough? Andreas M. Antonopoulos: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-3zNVDIz6Snw.html

I have never used ledger live on a Linux machine. But really, the device is in charge of security. Ledger live is just the public interface. I'm sure it's just as safe to use as the Windows or Mac version of ledger live.

You’re gonna hesitate yourself right out of your crypto. Updates are there for a reason. They are to improve security. Add new features & fix bugs. They’re there for your own benefit. Avoiding updates is not viable strategy. It’s best practice to keep your device and software up-to-date. Pretty soon. The device will become unusable if you stop doing updates. And then you will need to purchase a new device and do a restore. You can avoid this scenario by keeping your device up-to-date. If you’re worried, I would run the recovery check app on your device to verify that your recovery phrase is valid. Once you have done this, you should have no qualms about running updates on your device.

It depends on the situation. But conceivably they could do it within the hour. If you still have access to your crypto, I would immediately transfer it somewhere else. You want to get all of the crypto out of that device that you've exposed. After that you can wipe it And set it up as new. Then you can move your crypto back in.

I gave you links to their white papers that describe an excruciating detail how this service works. Just check the description of the video. But in a nutshell, when you sign up for the service, you upload your biometrics and those are stored in the cloud. The only way to initiate the restore process is by verifying your identity by using your biometrics. They check to make sure they match the ones you uploaded during the backup process.

🏅🏅🏅🏅

Yet you say there has been no evidence of malicious code…..precisely because it’s not open source.

Facts you cannot deny: Ledger for a long time promoted their products stating it would be "physically impossible" to extract the private key from their devices since their "secure element" chip was, again, designed in such a way that would make it unfeasible. By design. "Physically impossible". And then, some years later, they launch a "service" that does exact that --extracts the key from the device. The fact that they say you need to agree and give them permission to do so is irrelevant --Ledger lied and should not be trusted ever again.

It's not so much that Leger would be stealing crypto, but rather it presents an opportunity for Governments to utilize this to seize a person's assets. As we are seeing the demands for stricter KYC, centralizing on/off ramps, backdooring encrypted chats, the disdain towards self-custody etc, the ability to seize the assets directly by giving Leger a court order is too tantalizing. It's not a conspiracy theory either; I'm Canadian and can attest Governments seize assets and bank accounts to shut down something as simple as showing up to a protest or donating to a GoFundMe. What was reassuring from that whole affair was the Canadian government, disgruntled, admitting they could not seize crypto assets that were taken off exchanges by the truckers. If Leger had been a Canadian company, pressured would have been applied to them to harvest seed phrases already.

@@rogerbk08 sounds like you’re still mad at your ex-girlfriend for changing her hairstyle. So Ledger decided to upgrade their product. big deal. The back up service is optional.

Yes, your argument is impeccable. I appreciate you contributing to the discussion. And I totally respect your position. I'm not trying to sway you one way or the other. But for some of the people that might be reading these comments, I did want to bring up a few points. Yes, Ledger is expecting a level of trust in their product. But so is every other hardware wallet device manufacturer that uses a secure element chip. The only part of Ledger's code that is not open source is the OS space that interacts directly with the secure element chip. Everything else is open source. github.com/LedgerHQ/ledger-live github.com/LedgerHQ/wallet-api github.com/LedgerHQ/ledger-secure-sdk developers.ledger.com/docs/device-app github.com/LedgerHQ/ledger-secure-os github.com/LedgerHQ/ledger-secure-os/blob/main/dashboard/src/dashboard_recover.c And the reason that this is closed source, is because they have signed an NDA with the secure element chip manufacturer. But even this closed source code undergoes rigorous 3rd party testing. So ledger is really not asking you to trust them completely. The same holds true with every other crypto hardware wallet. They all use secure element chips to prevent tampering. Now there are a few outliers like Bitkey and Cypherrock, BlockStream Jade. But they use a completely different scheme that relies on mult-device authentication. But the major players like Trezor, Tangem, Ledger, and yes, even Ellipal, and Keystone 3 Pro. All employ secure element chips. There seems to be this dichotomy of opinion that goes something like this: 1. Ledger bad! Because their code is closed source and they want us to trust them. 2. Everyone else good, because their code is completely transparent and open source. This is a way over-simplified argument. As I mentioned, these other companies employ secure element chips, which are, by design, secret and designed to prevent tampering. I've also seen a lot of people and I'm not accusing you of this opinion. But it's something like this: My packaging is stretched in a weird way. I'm worried my device has been tampered with. What should I do? Return it? But I also want my device to be completely open source and transparent. In other words, I'm worried about tampering, but I want my device to be completely open source and transparent. Well, unfortunately, you can't have both. The secure element chip is what makes the device tamper proof. That's why Trezor has started adding them to their newer models. (Trezor Safe 3 & Trezor Safe 5) They want to avoid this debacle: blog.kraken.com/product/security/kraken-identifies-critical-flaw-in-trezor-hardware-wallets What made this hack possible was the open source architecture of the Trezor devices. A secure element chip prevents this kind of local tampering hack. So open-source (opensource.org/) is great for giant software projects like Debian Linux. But the concept doesn't really apply to a security device that needs to be both secure and tamper proof. And don't get me started with the prevalence of customer database hacks. You read about a new one almost every month of the year. I've said enough. And I know it doesn't excuse ledger when I say that it happens to other companies. But people seem to single out Ledger acting like they're the only ones that have ever had their customer database hacked. Remember Target 2013? Remember Equifax 2017? Remember Microsoft 2019? And the 2020 ledger database hack involved their public-facing e-commerce website. This was not their internal code base that runs the Ledger device. The integrity of the Ledger device was not affected.

Sounds like a well measured approach. Thank you for taking the time to comment.

That's a great idea, it's been a while since I've done an engrave video. I'm assuming you've already seen my setup. ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KspVwt-zGz8.html and cash out: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KrBS-EnzVjM.html

Well, in this video I basically covered the claims, but the elephant in the room is the ledger recover service. This is where the whole controversy started. Ledger is offering a service that allows an end user to export their private key for cloud storage. I thought that most people would criticize the security of the process. But as it turns out, the criticism became more fundamental of ledger as a company. They were accusing Ledger of using the service to compromise the device. Or they felt that the only way to implement this service put regular users at risk. Basically, the Ledger recover service is optional. But that hasn't made anyone feel any better about the fact that Ledger is allowing their device to export the private key externally.

@@CryptoDad Thank you :) .

Yes, there is definitely a PR component to this whole controversy.

That’s all I’m saying. If the company had disclosed that the capability was there from the beginning, it wouldn’t have been an issue and customers could and would have a more informed choice in their purchase. So regardless if it is secure or not is irrelevant at this point because the “good will” is eroded. And I also pre-ordered the new stacks but I’ll never use it with this revelation. Caveat Emptor.

Why is everyone telling that Tangem is open source? Only the Tangem app is open source (like Ledger Live), but the firmware of the card is completely proprietary. Ledger has additionally to Ledger Live also the apps running on their wallets on Github as well as parts of their BOLOS firmware (esp. the parts regarding Ledger Recover). Only Trezor, Bitbox, Keystone, OneKey and some Bitcoin only wallets have also full open source firmware. SafePal has open sourced the firmware of their X1 wallet, but only parts of their app.

Thanks!

Yeah, great overview. I agree with that also; crypto should be private and personal. However, the government wants to stick their nose in and have us declare every trade and transfer on our taxes. So since technically they know everything we’re doing, why worry about a back up company. Ha ha. But I think I also mentioned this is a natural progression for self custody towards mainstream adoption. It’s funny how Ledger and Trezor are both coming at this issue. Trezor just announced their new product line along with a new backup protocol that streamlines the seed phrase word list to make the words more unique and less ambiguous. They’ve also come up with a multi share backup that addresses the single point of failure when managing seed phrases. So both of these companies are addressing the issue that humans tend to screw up self custody. Interesting times!

⁠​⁠​⁠​⁠​⁠​⁠@@CryptoDadThe Government always stick their noses in... There is no such thing as freedom anymore, it’s sad really. There’s pros and cons to that, however it still doesn’t mean Ledger should take the option away - what I mean when I say that is, if I want to be able to have control of my keys and not allow anyone access even if I will go prison for it, atleast I have that option if that makes sense? Ledger isn’t doing this because of taxes they’re allowing people to remove their control of their assets and this is what people in the crypto space don’t want. I believe Ledger is doing it firstly to generate more revenue as a company, and secondly, maybe for marketing to new people in crypto. If this recover stuff is ever enforced, our freedom of choice has been stripped away. As humans want to be able to make a choice even though majority of us will make the right choices it’s about having the option to make a bad choice lol. Anyways I don’t know if there is any back door or whatever, it’s just most upsetting that they did this whilst my Stax was purchased in 2022 and if I wanted a refund when they announced this, they would only give crappy FIAT and not my Ethereum back. Hahaha - I rant abit in my Stax unboxing lol - I laugh but I’m in pain inside lool. Regarding the taxes, the government do know everything and that’s fine as a law abiding citizen we will pay our taxes and get a good accountant hopefully to minimise tax legally. Better yet go to a tax free country if you want to pay no tax. Interesting that you say that regarding Trezor - do you mean the Shamir Back up? Or have they come out with something like ledger recover?? That would be insane if they did. Can’t find that anywhere on google lol. But if you mean the Shammirs Backup (SLIP39), that is the best form of seed phrase generation in my opinion. It’s not only the Trezor that does that by the way, the Keystone also does this. I own a keystone (well 2 actually) and it’s one of the best HODLing wallets I’ve got, I say this whilst I own an Ngrave. In the future once I obtain a larger subscriber count on my RU-vid channel, maybe we can do a collaboration or something regarding BIP39/SLIP39 lol. I’ll send you a message via email in the future sometime if that’s ok.

Yes, I have often thought this myself, and though similar to ledger critics, I cannot prove this. I have often felt that a lot of the trolls on Reddit were paid by other wallet companies. Now I’m revealing my own paranoid fantasies.

Yeah, I'm sure that's what they're referring to. But through all of my research, and spending time reading all of their white papers, the service appears to be totally dependent on user intervention. www.ledger.com/blog/part-1-genesis-of-ledger-recover-self-custody-without-compromise (there are 6 in total... a totally bland and boring read) In other words, it cannot be initiated remotely or locally without the end user (the person who knows the pin), authorizing the service on their device by using the buttons. And it does not appear that this creates any way for Ledger, the company, to serendipitously extract your private key without your knowledge or intervention. I think this is what people are calling the back door. I feel it is nonexistent. but DYOR

Yes, I totally agree with you. The customer database leak was a major fumble on their part. And you're a savvy person that is being annoyed by all of the spam and phishing emails. I can only imagine how bitter the people are that were actually taken in by some of these scams and had their wallets drained.

The Coldcard has a secure element chip so although all of its software is open source, there is an element of secrecy inherent in using the device since the secure element chip is closed source. As far as Blockstream Jade goes, it claims to have a virtual secure element that is in effect open source. help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element So it may be the closest thing to a completely transparent hardware wallet. But personally, and this is just my opinion, (although I pretend that its fact), I don't believe that any wallet is completely transparent and any hardware wallet requires some level of trust on the part of the user. This is not a deal breaker for me, It's just a fact of life. Many people believe that they MUST be using a wallet that is fully open source and transparent and many believe that they are but I think they are mistaken in most cases (the Blockstream Jade device appears to be a welcome exception) However, both the Coldcard and the Blockstream Jade are Bitcoin only so if you want to manage other cryptocurrencies then you're going to have to make a informed decision on using a crypto hardware wallet that supports other cryptos besides Bitcoin.

​@@CryptoDad What about AirGap Wallet? The one you install a vault app on an off-line cellphone or tablet and the wallet app on your daily phone. It is air gapped meaning transactions are authorized through QR codes.

Well, the short answer would be other crypto hardware wallet companies hiring trolls to discredit Ledger. But on a deeper level, after the FTX collapse, people were rushing into self custody. I think this made the powers-that-be nervous. And so suddenly the top crypto hardware self custody company was being attacked as unsafe. I know that sounds like a paranoid conspiracy, but that might be one motivation for discrediting Ledger.

I'm really sorry to hear that this happened to you. But most of these cases involve inadvertently revealing your seed phrase to a scammer or interacting with a malicious smart contract on a shady web site.

Honestly just off the top of my head, I'd try to swap it for something and see if the something like uniswap or w.e can see any amount of doge In your wallet(tied to that address).

You might wanna check out this video. It has some pointers on syncing up your device to your phone or computer. Perhaps using some of these techniques you might be able to re-gain access to the account. Barring that you may have written down your seed phrase incorrectly originally and now it does not give you access to the original crypto. However, if your seed phrase that you used is valid, the chances of it being incorrect are pretty small. So I think maybe you should try these troubleshooting tricks: How to Recover Your Lost Crypto Using the Ledger Device vs Using Ledger Live ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-tcspePxhkhk.html

@@coffee3986 Thanks for the reply

@@CryptoDad Yes, the it is the correct seed as all the other crypto exist in the wallet when used, thanks for your help. I think purchasing the stax may be the way forward. I find the original ledger nano 2 button nauseating to use

Well, strictly speaking if you're not using the ledger recover service, then you don't need to worry about any one stealing your key or subpoena-ing it. It is entirely optional. And although many claim that the existence of the service opens up ledger's ability to extract your private key without your knowledge and consent, I believe this is a paranoid fantasy. Now if you ARE using the Ledger Recovery Service, part 4 of the white paper shows that the only way to perform the restore is through user verification using biometrics. Otherwise the key remains encrypted. (In other words, it would be useless for law enforcement to subpoena Ledger, Coincover or Escrow Tech. Even if they fit two shards together, the key would still be encrypted) www.ledger.com/blog/part-4-genesis-of-ledger-recover-controlling-access-to-the-backup-identity-verification

@@CryptoDad The "paranoid fantasy" could be avoided if they really go Open Source. Maybe this is the key that would settle things: looking at the code and making sure that the use of the recovery service is a personal decision. But I think they have been "Opensourcing" for 3 years and nothing has happened.

I agree with your contention. But I don't believe "open source" is possible or applicable when we're talking about hardware wallet devices. So call me a heretic, because everyone is following the "open source is best" religion out there. But if a wallet employs a secure element chip, it is by definition not fully open source even if all of their software and firmware is open source and posted on Github. There are a lot of other hardware wallet companies that are throwing that term around, so they sound good. But most of these companies employ secure element chips in their devices. So there is an element of secrecy when using the device. I see no problem with this. I believe it is standard security practice to employ a secret design to avoid tampering. This is how most security devices work, such as atm card chips, credit card chips and smart employee ID cards. You want the design to be secret to avoid people from tampering. There is a company called Blockstream Jade that has what I consider to be one of the closest things to a fully open source wallet/device. Here is their article where they talk about the fact using closed source secure element chips is not fully open source and their solution: help.blockstream.com/hc/en-us/articles/13745404122265-Does-Blockstream-Jade-have-a-secure-element Basically, this article gives tacit approval to my opinion that a secure element chip is not open source by design. I'm not sure how applicable this technique is to mainstream hardware wallet devices. But it may be a promising direction. I don't know that this technique is ready for mainstream adoption or all the other hardware wallet companies would be rushing to adopt it. As it stands, I think the secure element chip is the go-to security mechanism for most hardware devices. And the Blockstream jade wallet is BTC only. So it's not very practical for managing multiple cryptos. Back to the point of our conversation. People are worried about some kind of back door built into ledger because they are not following their open source religion. My contention is third party testing is enough to satisfy me that the device does what it says it does.

Did you mean to say Tangem is the BEST? Or are you saying Tangem is the BEAST? Or that Tangem is both? It is a great wallet!

Indeed, I have dealt with a few people that have received similar calls. It's really sad that these scammers manipulate people by people by using fear and greed. I'm glad you were able to withstand the attempt.

Yes, I totally agree. I think with some people opinions morph into religions. And now you're challenging their fundamental beliefs once they've formed an opinion.

I think I made it pretty clear in the video that ledger does not have a system to access your seed key. I know that all of those white papers are quite a bit of reading, and it took me several hours to get through it. But nowhere in there does it mention that Ledger has access to your seed key.

The white paper may say Whatever you want, but they offer a way to retrieve the seed phrase, for a monthly price. There is that possibility.

According to part four of their white paper series, this would be impossible, since the key is encrypted, even Ledger doesn't have access to it. (in unencrypted format). The only way to perform a restore is by the user verifying their identity. I understand your concern, and this is a very common concern when talking about the ledger recovery service. Here is a link to the white paper where they discuss the restore process and how it can only be initiated by the user: www.ledger.com/blog/part-4-genesis-of-ledger-recover-controlling-access-to-the-backup-identity-verification

@@CryptoDad OK, thanks for your response. (I distrust government more than I distrust the executives at Ledger)

⁠@@CryptoDad I wouldn’t just go by what they have on paper, and I would listen to the very own words of the ceo who said that if a judges ordered it by court, on behalf of the government?? Then ledger would give up the private keys of sed customers, that in itself is a red flag. They’ve already proven that they’re not honest, so when they’re actually honest? People tend to over look what’s being said, even Canadian government already asking people to register their ledger, an I’m wondering for what? Naaa I don’t trust none of that idc how long they been around listen to the source themselves tell you they will and can do it.

I plan on doing a separate video about whether to use ledger recover, or not. I wanted to try and keep this video separate. In fact, the points I made in this video we’re going to be my lead up to my discussion about the pros and cons of ledger recover. But then the subject matter took on a life of its own. I personally would never use ledger recover, but I understand why they decided to offer it. I’m planning on doing another balanced coverage of whether or not someone should use ledger recover.

Thanks for sharing. A lot of opinions out there about this. And yes, ledger described the functionality of their device as the "private key never leaving during use". So ledger decided to improve their product to meet customer needs, so they added the cloud backup functionality. Some people call this lying, some people call it just improving their product. But it's really just an opinion one way or the other. I wouldn't call closed-sourced criminality. That's a bit extreme. Ledger's code base is proprietary, just like Microsoft, Apple and almost every other software company out there. It was a design choice early on in the life of their product. Open source is not a silver bullet. It also has its own vulnerabilities. Not everything in the crypto space is black and white. There are essentially three main risks that come with using open-source software from a security perspective: Open-source software development is decentralized. This means that there is essentially no authority that is ensuring the safety of any given fork of the software. Crypto wallets inherently access sensitive information, and vulnerabilities discovered in the source code can be exploited by attackers before a patch is released. Electronic chips that allow the firmware to be open-source generally lack security measures that can be used to secure data stored on them.

Well, since you put "any circumstance" in caps, you've basically turned it into a theoretical question. I don't think any crypto hardware wallet can claim it is impossible to see (or access) the seed phrase in "any circumstance". As I mentioned, this is a risk game. You're just trying to minimize your risk. There's no way to totally eliminate it.

The data breach had nothing to do with the hardware, though, and its hardware has never been breeched, unlike Trezor that has had a hardware breach (yes, it was patched by firmware) The data breach was names and addresses and emails, etc, still extremely lousy by ledger, and they sat on the situation before telling people, which also was not good

Yes, you are correct. It is cause for concern. And I know it doesn't really make it any better to say that large data breaches are happening on a regular basis with even bigger companies that should be keeping your data safe like Equinox and Target. In Ledger's defense, their customer database was being managed by a 3rd party. And that was completely separate from their internal security mechanisms for guarding the ledger internal code and the security protocols they have in place for software and firmware rollouts.

Almost as if he avoided talking about it on purpose. This video proved nothing

I mentioned to another commenter that this particular video was going to be an aside in a longer video discussing the ledger recover service. It basically took on a life of its own, and so I decided to simply post it as a standalone video. I plan on doing another video on the pros and cons of ledger recover. But although I personally would never use ledger recover, I think they took great care to create a system where exporting the private key was possible but still completely optional for the end users that don't want to use their service

Yes, I understand your feelings. And there’s definitely an element of ledger, abandoning their previous user base to shift their business strategy to onboard newer, more inexperienced users that require back up and handholding. You can call it arrogant, but I think they just saw the way the winds were blowing and decided to, try to appeal to a larger audience.

Ah yes, the old "we wouldn't know they are doing it because they're doing it in secret" argument. Which incidentally does not require a shred of proof.

@@CryptoDad Lol, everyone is free to use what they want. Just don't come crying once you get burned.

They saw a need. So many of their customers were calling them because they had lost access to their crypto because they lost their seed phrases or written them down incorrectly. (Because people are human). So they endured years of people screaming and crying to their tech support, demanding their crypto back. They had to tell them "There's nothing we can do" because, you know, self custody. So they decided to figure out a way that they could offer a service that would allow a customer to back up their private key for cloud storage. So sure, it's antithetical to crypto enthusiasts because it violates the basic principle of self custody. But Ledger is not the guardian of crypto policy. They're a company that makes a hardware device. They decided to add a new feature to their device called the Ledger recovery service. It's completely optional. How was that lying? They just added a new functionality to their device that it wasn't there before. Because they saw a market opportunity.

​@@CryptoDadit's lying because at first they said they cannot get the keys, and now they say it is possible. See how that's a lie? First they said it is impossible, and now it is possible.

@@manowatis1557 they made it possible by modifying the device. How is that so difficult to understand? Have you ever seen a phone that had an upgrade? Have you ever seen a computer that had an upgrade? Have you ever seen refrigerator that added an ice dispenser? Come on. You’re telling me you think this product should’ve just stayed exactly the same for 50 years without ever being modified to appeal to a broader market?

And by the way, they still can’t get your keys. That’s ridiculous. Only the user can export the keys. You’re listening to too many rumors about the service.

@@CryptoDad That's really a lame excuse --they claimed for years that the "hardware" was built in such a way that it was "physically impossible" to get the seeds out, i.e. a simple software change/update wouldn't do the trick because there was a physical, material gap that could not be bridged by sofware... that is what they said, it was there in their ad material, there are videos of their people saying it. It's like Samsung stating their TVs can't listen to you because there are no microphones bult-in to the sets, and 3 years later you find out the microphones were there since the beginning. Samsung can claim they never activated the microphones so they could listen to you, but they lied about the hardware. Ledger lied.

Well, basically, I felt it needed to be said. There is a small core of people that will not be swayed by anything I say here. But I am appealing to a lot of the newcomers out there that are being fed a lot of FUD surrounding Ledger. Nothing is black or white. And from your comment I can see I left you with the impression that there is no way to tell either way. This is true to a certain extent. But I think the extensive testing that I mentioned should mitigate some of the concerns that people have surrounding security issues. But you touch on an important point here. Nothing can prove to be completely safe and secure. So making a decision about a crypto hardware wallet must involve risk management. There will always be some risk. But if you focus only on the unknowns then you might as well not use any hardware wallets because they all involve some level of risk.