When I mentioned Santa Clause, I was referring to the fact that people believed the Ledger Nano device was %100 cryptographically trustworthy on its own. That was a fairy tale, like Santa Clause. Ledger never said that was the case, people just believed it. The truth is that the secure chip element that derives and stores the private key is proprietary technology and not open source. Therefore it requires a level of trust in the company. (No disparagement intended for people who still believe in Santa Clause)
I noticed they changed the format for the numbers for entering the pin on the device and because of that I have not been able to figure out how to choose the right numbers and enter the correct pin. Can you please help me CryptoDad? I need help. Thanks!
I just don't understand why Ledger don't simply drop this and make a separate ledger with different software for dumb people. They should have emailed us to give the best way forward.....till then, I am not updating firmware or Ledger Live. REMEMBER, these are the guys that let our email addressed and other info get posted online because of a database hack, so the last thing we need is them helping hackers.
Ive been following you for atleast 4 years ...i told you years ago you remind me of a college professor i had ...calm voice concise honest information...i agree over reaction like everything on crypto media for views...thats not you professor ...lol i like tangem its different and its ease of use is second to none but i still use ledger .....
Firmware updates and trust are essential aspects of using a Ledger Nano X. What's your perspective on these issues? Let's start a constructive conversation below! Like, share, and subscribe to stay updated with the world of crypto.
I used the 25th pass phrase to generate an hidden wallet, and I don’t tie it to a PIN just in case it keeps it in memory. It’s a pain having to key in the pass phrase every time but that’s for ease of mind.
@megafirefly what do you mean tie it to a pin I don't understand please can you explain as this could be useful for me. Would you say its safer to import your seedphrase and pass phrase from trezor and use it on ledger as there are coins like icp and arweave that are not on trezor but on ledger so I've got to use the ledger
Thanks. I was looking for an update about this topic after the news and fears spread on the cryptoverse. You are the only one that I know who did an update following all the hype one month ago. That speaks about professionalism and reliability with your content.
Don't we KNOW that Ledger's latest firmware update installs a backdoor because they announced it? It is what makes their "Recover" service possible, enabling them to extract your private keys upon your request or the request of an identity thief or government agency.
correct me if i'm wrong but i would imagine all cold storage wallets can access if they wanted to, only difference is ledger is offering a custodial service with this ability
I started with ledger and I liked it, no issues until this backdoor was revealed. I moved all crypto off of it to tangem. I've worked hard for the money that I have invested in crypto. I'm not going to put trust in ledger or anyone else who isn't transparent and open source from this point forward.
Any recommendations for best transfer options? I usually find it cheaper to use exchange such as kucoin. Although CB has upped their game with regards to advance trading thus alleviating heavier fees
@@Web3Prep all exchanges charge fees for transfer plus network fees but if you really want to save money convert into LTC, xlm, or XRP and send to your cold storage but when you do that it’s a taxable event.I do it sometimes usually I just pay the fees
@@techwrightauto you’ll like it a lot man it’s easy to access all your money just buy a faraday cage for your backups and hide them don’t put more than one together because if the feds raid your house and they find two they’ll steal your money if they find one they can’t do anything with it
Im just worried that Ledger is bending to government control and this is the first step. Ledger appeared at a WEF forum a while back, my alarm bells are ringing very loud.
For We the People...and us in crypto....we should be pushing back against WEF etc across the board. We make the mistake of just sitting and watching and reacting vs being proactive. I think in general us crypto small fish get neutered by the influencers that just tell us to sit and wait for the lambo to drop from the sky. smh.
My Concern is not with Ledger stealing Crypto it is more with Ledger creating a way for governments to get control of peoples assets. One of the main points of crypto is to get out from under repressive government control over your finances.
Totally agree which is why I would never use their recovery service. Not only does it require KYC, which links your crypto to your identity, but remote storage however cryptographically secure can be requested/demanded by any government.
Yes, but as I understand, you do not need to opt in for Ledger to have the "ability" to retrieve keyphrase. The new firmware sets up the framework. They announced that it can be done, and now they can be compelled by governments to provide the keyphrase they announced that they can extract. Not YOUR key, not your crypto.
Thank you for the video and the open discussion on the firmware update. I kept using Ledger and updated the firmware today. I still believe that Ledger is a safe option for me (compared to other choices)
I think you are missing the point. Beyond they lied. We have no idea what is in this firmware. As far as we know the code really does leave a back door. And my biggest problem is they said they were going to opensource this stuff. But still today the firmware isn't open source. Meaning both you and I have no idea how this new service works and we have to go on a "trust me bro" from ledger. And you said many have to know about a firmware update in the company. Same with what happen with FTX, Bernie Madoff, and so on. There was people around them that were bad actors, and then an outward group that was legit. The inner group 100% knew what was going on. To me, it is extremely simple. Don't release the firmware update unless if you open source it.
I agree that their firmware (or their secure element chip to be more specific) is not open source. But they never claimed that it was. Hence they never really lied about it. And as I mentioned, most of the other major hardware wallets have secure element chips in their wallets also. The Ledger Live software is open source and many other hardware wallets have open source app and desktop software. But the heart of most crypto hardware wallets is the secure element chip. Which is manufactured by third parties and does not run regular code like Python, Java, or C++. These chips run assembly code which is very specialized. It does not lend itself well to the open source model. These chips are also proprietary, closed source by design.
It is a backdoor, the third key is the same for all ledger users. Govt can just confiscate it, which means hackers can find a way in as well. Encryption either works or it doesn't. Ledger fundamentally broke it.
According to ledger the last key (along with the necessary 2 out of 3 Shamir shards) is based on the identity information provided by the user, so it would not be the same for every device.
As a CISSP security expert, I will say that your laissez-fair attitude is just a little bit foolish. Ledger has admitted that the hardware key can be extracted from the Ledger X after upgrading to the latest firmware. Trezor hardware has successfully been hacked. You are entirely correct when you say that diversification is important. I have a half dozen hardware wallets and diversify my assets between them. Ledger, however, has been removed from my collection until more information comes out. And I don’t own a Trezor. Crypto already has risk, it is smart to do a risk assessment, know where your risk tolerance is and remove the items that cause you to fall below your tolerable risk. But with Ledger’s history of being hacked and now their ability to get your hardware keys, I can’t bring myself to trust them enough in what is supposed to be a trustless environment.
So, I bought a Nano about 2 weeks before the big announcement... How would I know wether or not my Nano came pre-installed with the new firmware? Where could I find the firmware serial numbers on the device and/or online? Any help would be appreciated 👍
As far as I know, there's no way to read it from the outside of the device. The only way to find out which version of the firmware it's running is to go through the setup process. Once you get it set up and connected to ledger live. You can go into the "my ledger" section on the left and it will tell you what version of the firmware you're running. The latest version of the firmware is 2.2.2. The first version since the "recover service" was 2.2.1. The last version before any recovery service functionality was added is 2.1 .0.
Ok Sir, one question. when you connect your ledger device using bluetooth to the wallet you are online, correct. So it is possible to be hacked. You are transferring your crypto to the wallet and expose your security.
The whole point of crypto (Bitcoin anyway) is to have complete control over your money. I don't remember Satoshi saying in the whitepaper anything about trusting to a certain extent some company with your private keys.
I was thinking the same thing....Ledger is so convenient for staking (maybe some others are as well) I may keep it for that, and move other stuff to something else.
Do you think that adding a 25th word phrase would creates a different account ?? and if that phrase was created as temporary, meaning it will not be saved on the device but creating the account at the time of the login only, which negate the backdoor claims?? what is your opinion on that? Can you please make a video on that topic?
That's a very good point. But if ledger themselves say that technically a malicious firmware upgrade can steal your seed phrase. So I will assume even the info about the temporary account in the device can be stolen (at the time when you are using it) by making the user sign in to something (the user pressing both buttons) by keeping some other usual text on the screen(by trick), the firmware in the back can send it to your ledger live app and out through the internet. Here we are talking about a malicious back door entry in the ledger's firmware working in conjunction with a malicious update in the ledger live app as well.
I am glad that Trezor was my first hardware wallet. I would still use ledger but not as a primary hardware wallet, more like an extra wallet. I would treat ledgers like a good software wallet. I think that incident has forever tarnished their reputation
trezor is even worse LOL if someone steals your trezor he can easily hack it through his PC. if someone steals your ledger, he cant cuz it has a Security Element in it. that is also closed source which he wont know which and what code it has to crack it.
I don't know about easy I watched a video on someone hacking an old Trezor to get old crypto out of the owners wallet and it took him like all day and he was an experienced hacker
@@Methuselah969V yeah which is easy for someone who is not experienced to pay an experienced guy to crack it for him. thing is its hackable, vs ledger that isnt. plus you still get the same backdoor in trezor like u do with ledger, which is u need to trust the company that pushes firmware to your trezor just like ledger company pushes to ledgers.
@@helioshyperion8077 You can use a passphrase and Nobody can crack it without the passphrase. This effectively adds an extra word to the seed phrase, creating a brand new 'Hidden wallet." A passphrase protects your Recovery Seed and is not stored anywhere, meaning if someone compromised your Recovery Seed (by stealing your Trezor and hacking it), they would not be able to access your accounts - unless they also knew your passphrase.
If Ledger has access to your private keys, they can just set-up a new device with it and take full control over your Crypto. It's not a backdoor, it's more like leaving the front door wide open.
They don’t need to setup a new device. All anyone needs is your private key and some software to access your wallet. That being said, the private key never leaves your device without you utilizing the service and using the physical buttons on the device to allow the private key to be exported. Ledger is not stealing your crypto. This is merely a service for people who are less tech and security savvy that would likely lose their recovery key or don’t feel they have a secure place to store it. Ledger is trying to give people options to help protect them from themselves.
@@F16_viper_pilotoh thanks for this reply. So I don’t have to share my private keys with them right? What I’m afraid of is someone hacks or takes ledger by force and take our private keys
@@MetalBum Well, they offer it as an optional paid service, so I presume there are steps one needs to go through to establish a connection between you and the device and then to create and transmit the shards. If their intent were nefarious and they could just take your keys then you have to ask yourself for what purpose and why bother advertising a service when they could just not tell people at all.
Hi man i have nano x and i send some doge coin but it stuck and said not confirmed i update ledger live but not my nano x you think if i update my nano x my balance will fix?
Hey dad, any chance of a vid on transferring btc from Ledger S to Blockstream Jade? Would it be the same as in your vid on transferring from Ledger to Trezor? Thanks for your work, cheers🤗
Does Ledger remove your crypto apps when it updates the hardware wallet? I ask because you mentioned that you were reinstalling all your app's that were on the device before.
So that's TWO layers of Trust we must inherently accept: (1) Trust in Ledger, and (2) Trust in the third party Secure Chip Manufacturers (whoever they are). Nothing in crypto is ever 100% secure. Diversify hardware wallets I guess.
FYI: (from Google generative AI) STMicroelectronics makes the secure element chip for Ledger Nano. The chip is military-grade and is used in credit cards and passports. It's protected by a PIN code that you set. A secure element (SE) is a microprocessor chip that can store sensitive data and run secure apps. It acts as a vault, protecting what's inside the SE from malware attacks.
So then is it more secure than Tangem card, as you recently just talked about it and I got the impression that you thought it was quite secure. Thank you for your response
opting in allows them. but the point is that it was stated that it is not even possible for them to do it and that they never will. now they can? means also hackers can if it is generally possible. thats hardcore.
Yeah that was just a personal interjection in the heat of the moment for the people in the chat stream who were telling me I was wrong. I don't think it takes away from my overall rational for doing the firmware update. But, I defiantly understand it is not for everyone. That is why I did several migration videos form Ledger to other hardware wallets like Trezor, Keystone, and Ngrave Step-by-Step Guide: Migrate Crypto from Ledger to Trezor Hardware Wallet: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-j7l_9xAAIw8.html What to do with your Ledger Nano X NFTs? Transfer to Nifty X: Unboxing & Setup Ultimate NFT Wallet!: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-2xZ3U73sOdE.html Safely Migrate Crypto Assets from Ledger Nano X to D'CENT Biometric Wallet | Ultimate Guide: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-PakQ1f4mtvI.html Securing Your Crypto: Migrate from Ledger to Keystone Pro Amid Security Concerns: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-jGIlie9W5Qg.html Unboxing & Secure Setup Guide for NGRAVE ZERO +GRAPHENE Backup: The Ultimate Offline Crypto Wallet: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KspVwt-zGz8.html
Love you Channel brother I don't trust doing mobile crypto I don't trust QR codes and I don't trust Bluetooth and NFC so how do I get XDC off and an exchange without using those or a third party wallet
If ledger splits private keys three ways and keeps them encrypted in cloud services, if they get into hands of bad actor, our crypto can be stolen by the bad actor. When they have private keeps, they don't need hardware wallet to move crypto out. You can argue whatever you like, but only until your assets are lost.
I'm using the Ledger Nano S (Original) My biggest problem with this is they can wirelessly transmit your seed phrase. I don't like that and that is a big deal! I know technically they can't do it with the Ledger Nano S but in the future I will most likely be going multisig!
cryptodad thank you for your service. You know that We highly trust you . Can you be kind enough to tell us if you didn’t get paid to do this for ledger?
No, they did not pay me to do this video. They have never paid me. I do get commission when people purchase Ledgers through my affiliate links, but they have never paid me directly to produce content.
"can" does not mean "will" or "does". Also, the keys cannot be exported remotely. They can only be exported by the user, just like when you sign a transaction. But if you think they are stealing your private key, just use a passphrase. If you use a passphrase the seed phrase is useless to anyone else. How to Protect Your Bitcoin using a Ledger Nano Secret Passphrase: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-D3xIsdtmgck.html
You said exactly what I was thinking about this hi-drama over nothing since the beginning. That's why I never migrated or worried about this. It's so foolish think that way. BTW, thanks for confirmation dad!
I picked up a Trezor imported my Ledger seed… Not all Crypto is viewable. One ETH Legacy account, ATOM, TRX….etc😮 I have also been doing some soul-searching, I am also updating my NanoX I will use both companies products, it always good to have a backup!😇
I did a video on how to access your additional ETH accounts on a Trezor device: Using Custom Derivation Paths for Secondary Ethereum Accounts on Trezor: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-PFBxkisU90A.html
Hi dad,😊 I have a question, how come the prices are different on the ledger? Like it says BTC at 28.something 🧐 Does that mean that I can swap my coins to BTC at that price??🤔 And my account also ceeps going down. Wile all coins are up.
The dollar value that you see in Ledger Live is just an estimate. The price you get will depend on which exchange you use or which third party service you choose within Ledger Live Swap or Buy/Sell. Ledger does not trade cryptos. they use 3rd party services for that.
Eventually you will be forced due to compatibility issues. I had to update mine today because I could access any eth or erc-20 tokens. I just figure, long as I dont opt in, I should be fine. But now I do wanna get another brand of cold storage wallet just so all my eggs arent in that one basket
I agree that ledger is probably safe, but your statement about not being able to do anything without the device is inaccurate. If, for instance, the government subpoenaed Ledger and Ledger gave them your private keys, they could just import them into a new device.
I agree, if you use their Backup Service, then the government/law enforcement can compel them to reveal it. If you don't use the service, Ledger (the company) does not have access to your seed.
It sounds like you don't have an Internet connection. You might want to reset your modem, reboot your computer and do the normal kind of troubleshooting that you do to make sure you have an Internet connection
I 've read about the Ledger Recover, but i'm concern about passphrase. When I using Ledger Recover Service, it's can recover 24-seed-phrase + passphrase or only 24-seed, Thank you!
@@CryptoDad oh, thank you, if so the Ledger Nano still safe to use, I prefer Ledger to the another hardware wallet, Ledger is powerful, support many chains, flexible.
So what is the point of this new Ledger Recover Service, would it not just provide another potential security/privacy risk? From Ledger Firmware Update... “At the moment, a passport/national identity card issued by the European Union, the United Kingdom, Canada or the United States is required to subscribe to the service.” One of the most important benefits to an independent sane society is that crypto, for the most part, is decentralized... if you already have a Secret Recovery Phrase (probably more than one copy), why would you NEED or WANT an ONLINE service connecting your hardware wallet to your GOVERNMENT issued, monitored and controlled IDENTIFICATION? AND, why is it a Firmware update that probably can’t be removed instead of just an App? I trust current Ledger devices but won’t be updating the Firmware to their Ledger Recover Service!
I just received my Nano X 7/11 yesterday I set up and took my crypto off the exchange and sent to my wallet address on ledger live and Nano X (I know it stays on blockchain) now today I tried sending to and setting up new account now I can’t do anything because it tells me I have to update the firmware by connecting it to desktop I don’t have one that is whole reason I got ledger live app and Nano X so I could do it with phone now my crypto is like being held hostage do you know of another way thx $tuck
Hi. First off thank you for all your videos. Can you direct me to a video that covers how to transfer funds from one ledger nano X to another ledger nano X (completely new address…not additional access to original address). Thanks.
I would recommend this video that shows you how to manage more than one device in one copy of Ledger Live. Once you have that set up, you can transfer between the accounts. Master Your Ledger Nano Devices Managing Multiple Wallets in Ledger Live ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-IDuiuPiY3eg.html
Firmware 2.2.3 for Nano X is out, which includes Ledger Recover service (the feature that ruins Ledger's trustworthiness). Is there anybody updated their device to 2.2.3 and does it work fine *without opting in* recover service?
very good video! ledger is safe guys, dont worry. people habe to trust other people little bit more. if you dont trust anyone its better to buy gold and silver instead of crypto 😮
Hello sir, i tried to login to my ledger live since i haven't been on it for many months. As i typed my password it said it is incorrect which is impossible, do you have any suggestion? Is it because i haven't updated the ledger live? I already contacted ledger support but until i get an answer i thought i should reach out to you!
You can do a clean install of Ledger Live and set up a new password. You will need to reconnect your ledger device and set up the accounts again. How to Re-Install Ledger Live on a New Computer (Latest Version 2021): ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-sIeB4xS4ZfQ.html