When I mentioned Santa Clause, I was referring to the fact that people believed the Ledger Nano device was %100 cryptographically trustworthy on its own. That was a fairy tale, like Santa Clause. Ledger never said that was the case, people just believed it. The truth is that the secure chip element that derives and stores the private key is proprietary technology and not open source. Therefore it requires a level of trust in the company. (No disparagement intended for people who still believe in Santa Clause)
I noticed they changed the format for the numbers for entering the pin on the device and because of that I have not been able to figure out how to choose the right numbers and enter the correct pin. Can you please help me CryptoDad? I need help. Thanks!
I started with ledger and I liked it, no issues until this backdoor was revealed. I moved all crypto off of it to tangem. I've worked hard for the money that I have invested in crypto. I'm not going to put trust in ledger or anyone else who isn't transparent and open source from this point forward.
Any recommendations for best transfer options? I usually find it cheaper to use exchange such as kucoin. Although CB has upped their game with regards to advance trading thus alleviating heavier fees
@@Web3Prep all exchanges charge fees for transfer plus network fees but if you really want to save money convert into LTC, xlm, or XRP and send to your cold storage but when you do that it’s a taxable event.I do it sometimes usually I just pay the fees
@@techwrightauto you’ll like it a lot man it’s easy to access all your money just buy a faraday cage for your backups and hide them don’t put more than one together because if the feds raid your house and they find two they’ll steal your money if they find one they can’t do anything with it
I just don't understand why Ledger don't simply drop this and make a separate ledger with different software for dumb people. They should have emailed us to give the best way forward.....till then, I am not updating firmware or Ledger Live. REMEMBER, these are the guys that let our email addressed and other info get posted online because of a database hack, so the last thing we need is them helping hackers.
Im just worried that Ledger is bending to government control and this is the first step. Ledger appeared at a WEF forum a while back, my alarm bells are ringing very loud.
For We the People...and us in crypto....we should be pushing back against WEF etc across the board. We make the mistake of just sitting and watching and reacting vs being proactive. I think in general us crypto small fish get neutered by the influencers that just tell us to sit and wait for the lambo to drop from the sky. smh.
Ive been following you for atleast 4 years ...i told you years ago you remind me of a college professor i had ...calm voice concise honest information...i agree over reaction like everything on crypto media for views...thats not you professor ...lol i like tangem its different and its ease of use is second to none but i still use ledger .....
My Concern is not with Ledger stealing Crypto it is more with Ledger creating a way for governments to get control of peoples assets. One of the main points of crypto is to get out from under repressive government control over your finances.
Totally agree which is why I would never use their recovery service. Not only does it require KYC, which links your crypto to your identity, but remote storage however cryptographically secure can be requested/demanded by any government.
Yes, but as I understand, you do not need to opt in for Ledger to have the "ability" to retrieve keyphrase. The new firmware sets up the framework. They announced that it can be done, and now they can be compelled by governments to provide the keyphrase they announced that they can extract. Not YOUR key, not your crypto.
Don't we KNOW that Ledger's latest firmware update installs a backdoor because they announced it? It is what makes their "Recover" service possible, enabling them to extract your private keys upon your request or the request of an identity thief or government agency.
correct me if i'm wrong but i would imagine all cold storage wallets can access if they wanted to, only difference is ledger is offering a custodial service with this ability
i dont think its so much as there is no santa claus the thing was that we found out ledger was not as we were told it was by ledger . whats with the santa thing .
I am referring to the fact that people believed the Ledger Nano device was %100 cryptographically trustworthy on its own. That was a fairy tale, like Santa Clause. Ledger never said that was the case, people just believed it. The truth is that the secure chip element that derives and stores the private key is proprietary technology and not open source. Therefore it requires a level of trust in the company. (No disparagement intended for people who still believe in Santa Clause)
Thanks. I was looking for an update about this topic after the news and fears spread on the cryptoverse. You are the only one that I know who did an update following all the hype one month ago. That speaks about professionalism and reliability with your content.
Thank you for the video and the open discussion on the firmware update. I kept using Ledger and updated the firmware today. I still believe that Ledger is a safe option for me (compared to other choices)
It is a backdoor, the third key is the same for all ledger users. Govt can just confiscate it, which means hackers can find a way in as well. Encryption either works or it doesn't. Ledger fundamentally broke it.
According to ledger the last key (along with the necessary 2 out of 3 Shamir shards) is based on the identity information provided by the user, so it would not be the same for every device.
If Ledger has access to your private keys, they can just set-up a new device with it and take full control over your Crypto. It's not a backdoor, it's more like leaving the front door wide open.
They don’t need to setup a new device. All anyone needs is your private key and some software to access your wallet. That being said, the private key never leaves your device without you utilizing the service and using the physical buttons on the device to allow the private key to be exported. Ledger is not stealing your crypto. This is merely a service for people who are less tech and security savvy that would likely lose their recovery key or don’t feel they have a secure place to store it. Ledger is trying to give people options to help protect them from themselves.
@@F16_viper_pilotoh thanks for this reply. So I don’t have to share my private keys with them right? What I’m afraid of is someone hacks or takes ledger by force and take our private keys
@@MetalBum Well, they offer it as an optional paid service, so I presume there are steps one needs to go through to establish a connection between you and the device and then to create and transmit the shards. If their intent were nefarious and they could just take your keys then you have to ask yourself for what purpose and why bother advertising a service when they could just not tell people at all.
I am glad that Trezor was my first hardware wallet. I would still use ledger but not as a primary hardware wallet, more like an extra wallet. I would treat ledgers like a good software wallet. I think that incident has forever tarnished their reputation
trezor is even worse LOL if someone steals your trezor he can easily hack it through his PC. if someone steals your ledger, he cant cuz it has a Security Element in it. that is also closed source which he wont know which and what code it has to crack it.
I don't know about easy I watched a video on someone hacking an old Trezor to get old crypto out of the owners wallet and it took him like all day and he was an experienced hacker
@@Methuselah969V yeah which is easy for someone who is not experienced to pay an experienced guy to crack it for him. thing is its hackable, vs ledger that isnt. plus you still get the same backdoor in trezor like u do with ledger, which is u need to trust the company that pushes firmware to your trezor just like ledger company pushes to ledgers.
@@helioshyperion8077 You can use a passphrase and Nobody can crack it without the passphrase. This effectively adds an extra word to the seed phrase, creating a brand new 'Hidden wallet." A passphrase protects your Recovery Seed and is not stored anywhere, meaning if someone compromised your Recovery Seed (by stealing your Trezor and hacking it), they would not be able to access your accounts - unless they also knew your passphrase.
If ledger splits private keys three ways and keeps them encrypted in cloud services, if they get into hands of bad actor, our crypto can be stolen by the bad actor. When they have private keeps, they don't need hardware wallet to move crypto out. You can argue whatever you like, but only until your assets are lost.
The whole point of crypto (Bitcoin anyway) is to have complete control over your money. I don't remember Satoshi saying in the whitepaper anything about trusting to a certain extent some company with your private keys.
I was thinking the same thing....Ledger is so convenient for staking (maybe some others are as well) I may keep it for that, and move other stuff to something else.
Firmware updates and trust are essential aspects of using a Ledger Nano X. What's your perspective on these issues? Let's start a constructive conversation below! Like, share, and subscribe to stay updated with the world of crypto.
I used the 25th pass phrase to generate an hidden wallet, and I don’t tie it to a PIN just in case it keeps it in memory. It’s a pain having to key in the pass phrase every time but that’s for ease of mind.
@megafirefly what do you mean tie it to a pin I don't understand please can you explain as this could be useful for me. Would you say its safer to import your seedphrase and pass phrase from trezor and use it on ledger as there are coins like icp and arweave that are not on trezor but on ledger so I've got to use the ledger
I'm using the Ledger Nano S (Original) My biggest problem with this is they can wirelessly transmit your seed phrase. I don't like that and that is a big deal! I know technically they can't do it with the Ledger Nano S but in the future I will most likely be going multisig!
cryptodad thank you for your service. You know that We highly trust you . Can you be kind enough to tell us if you didn’t get paid to do this for ledger?
No, they did not pay me to do this video. They have never paid me. I do get commission when people purchase Ledgers through my affiliate links, but they have never paid me directly to produce content.
I picked up a Trezor imported my Ledger seed… Not all Crypto is viewable. One ETH Legacy account, ATOM, TRX….etc😮 I have also been doing some soul-searching, I am also updating my NanoX I will use both companies products, it always good to have a backup!😇
I did a video on how to access your additional ETH accounts on a Trezor device: Using Custom Derivation Paths for Secondary Ethereum Accounts on Trezor: ua-cam.com/video/PFBxkisU90A/v-deo.html
very good video! ledger is safe guys, dont worry. people habe to trust other people little bit more. if you dont trust anyone its better to buy gold and silver instead of crypto 😮
Hi man i have nano x and i send some doge coin but it stuck and said not confirmed i update ledger live but not my nano x you think if i update my nano x my balance will fix?
Do you think that adding a 25th word phrase would creates a different account ?? and if that phrase was created as temporary, meaning it will not be saved on the device but creating the account at the time of the login only, which negate the backdoor claims?? what is your opinion on that? Can you please make a video on that topic?
That's a very good point. But if ledger themselves say that technically a malicious firmware upgrade can steal your seed phrase. So I will assume even the info about the temporary account in the device can be stolen (at the time when you are using it) by making the user sign in to something (the user pressing both buttons) by keeping some other usual text on the screen(by trick), the firmware in the back can send it to your ledger live app and out through the internet. Here we are talking about a malicious back door entry in the ledger's firmware working in conjunction with a malicious update in the ledger live app as well.
I think you are missing the point. Beyond they lied. We have no idea what is in this firmware. As far as we know the code really does leave a back door. And my biggest problem is they said they were going to opensource this stuff. But still today the firmware isn't open source. Meaning both you and I have no idea how this new service works and we have to go on a "trust me bro" from ledger. And you said many have to know about a firmware update in the company. Same with what happen with FTX, Bernie Madoff, and so on. There was people around them that were bad actors, and then an outward group that was legit. The inner group 100% knew what was going on. To me, it is extremely simple. Don't release the firmware update unless if you open source it.
I agree that their firmware (or their secure element chip to be more specific) is not open source. But they never claimed that it was. Hence they never really lied about it. And as I mentioned, most of the other major hardware wallets have secure element chips in their wallets also. The Ledger Live software is open source and many other hardware wallets have open source app and desktop software. But the heart of most crypto hardware wallets is the secure element chip. Which is manufactured by third parties and does not run regular code like Python, Java, or C++. These chips run assembly code which is very specialized. It does not lend itself well to the open source model. These chips are also proprietary, closed source by design.
Hey dad, any chance of a vid on transferring btc from Ledger S to Blockstream Jade? Would it be the same as in your vid on transferring from Ledger to Trezor? Thanks for your work, cheers🤗
You said exactly what I was thinking about this hi-drama over nothing since the beginning. That's why I never migrated or worried about this. It's so foolish think that way. BTW, thanks for confirmation dad!
So that's TWO layers of Trust we must inherently accept: (1) Trust in Ledger, and (2) Trust in the third party Secure Chip Manufacturers (whoever they are). Nothing in crypto is ever 100% secure. Diversify hardware wallets I guess.
FYI: (from Google generative AI) STMicroelectronics makes the secure element chip for Ledger Nano. The chip is military-grade and is used in credit cards and passports. It's protected by a PIN code that you set. A secure element (SE) is a microprocessor chip that can store sensitive data and run secure apps. It acts as a vault, protecting what's inside the SE from malware attacks.
My issue is that I have zero trust in government agencies, but my Nano S barely holds three coins so I'm either going to have to juggle which apps I leave on it or use my X! 😅
So what is the point of this new Ledger Recover Service, would it not just provide another potential security/privacy risk? From Ledger Firmware Update... “At the moment, a passport/national identity card issued by the European Union, the United Kingdom, Canada or the United States is required to subscribe to the service.”
One of the most important benefits to an independent sane society is that crypto, for the most part, is decentralized... if you already have a Secret Recovery Phrase (probably more than one copy), why would you NEED or WANT an ONLINE service connecting your hardware wallet to your GOVERNMENT issued, monitored and controlled IDENTIFICATION? AND, why is it a Firmware update that probably can’t be removed instead of just an App? I trust current Ledger devices but won’t be updating the Firmware to their Ledger Recover Service!
Firmware 2.2.3 for Nano X is out, which includes Ledger Recover service (the feature that ruins Ledger's trustworthiness). Is there anybody updated their device to 2.2.3 and does it work fine *without opting in* recover service?
Yeah that was just a personal interjection in the heat of the moment for the people in the chat stream who were telling me I was wrong. I don't think it takes away from my overall rational for doing the firmware update. But, I defiantly understand it is not for everyone. That is why I did several migration videos form Ledger to other hardware wallets like Trezor, Keystone, and Ngrave Step-by-Step Guide: Migrate Crypto from Ledger to Trezor Hardware Wallet: ua-cam.com/video/j7l_9xAAIw8/v-deo.html What to do with your Ledger Nano X NFTs? Transfer to Nifty X: Unboxing & Setup Ultimate NFT Wallet!: ua-cam.com/video/2xZ3U73sOdE/v-deo.html Safely Migrate Crypto Assets from Ledger Nano X to D'CENT Biometric Wallet | Ultimate Guide: ua-cam.com/video/PakQ1f4mtvI/v-deo.html Securing Your Crypto: Migrate from Ledger to Keystone Pro Amid Security Concerns: ua-cam.com/video/jGIlie9W5Qg/v-deo.html Unboxing & Secure Setup Guide for NGRAVE ZERO +GRAPHENE Backup: The Ultimate Offline Crypto Wallet: ua-cam.com/video/KspVwt-zGz8/v-deo.html
Ok Sir, one question. when you connect your ledger device using bluetooth to the wallet you are online, correct. So it is possible to be hacked. You are transferring your crypto to the wallet and expose your security.
"can" does not mean "will" or "does". Also, the keys cannot be exported remotely. They can only be exported by the user, just like when you sign a transaction. But if you think they are stealing your private key, just use a passphrase. If you use a passphrase the seed phrase is useless to anyone else. How to Protect Your Bitcoin using a Ledger Nano Secret Passphrase: ua-cam.com/video/D3xIsdtmgck/v-deo.html
Cryptodad never speaks of the open source hardware wallets like Blockstream Jade and ColdCard. These wallets are extremely popular because they are open source (among other reasons)
@@CryptoDad I think what everybody is wanting is a new safe alternative to ledger. Since they betrayed their customers in my opinion. I’m not a fan of this new seed phrase retrieval crap.
As a CISSP security expert, I will say that your laissez-fair attitude is just a little bit foolish. Ledger has admitted that the hardware key can be extracted from the Ledger X after upgrading to the latest firmware. Trezor hardware has successfully been hacked. You are entirely correct when you say that diversification is important. I have a half dozen hardware wallets and diversify my assets between them. Ledger, however, has been removed from my collection until more information comes out. And I don’t own a Trezor. Crypto already has risk, it is smart to do a risk assessment, know where your risk tolerance is and remove the items that cause you to fall below your tolerable risk. But with Ledger’s history of being hacked and now their ability to get your hardware keys, I can’t bring myself to trust them enough in what is supposed to be a trustless environment.
Love you Channel brother I don't trust doing mobile crypto I don't trust QR codes and I don't trust Bluetooth and NFC so how do I get XDC off and an exchange without using those or a third party wallet
So then is it more secure than Tangem card, as you recently just talked about it and I got the impression that you thought it was quite secure. Thank you for your response
I agree that ledger is probably safe, but your statement about not being able to do anything without the device is inaccurate. If, for instance, the government subpoenaed Ledger and Ledger gave them your private keys, they could just import them into a new device.
I agree, if you use their Backup Service, then the government/law enforcement can compel them to reveal it. If you don't use the service, Ledger (the company) does not have access to your seed.
So, I bought a Nano about 2 weeks before the big announcement... How would I know wether or not my Nano came pre-installed with the new firmware? Where could I find the firmware serial numbers on the device and/or online? Any help would be appreciated 👍
As far as I know, there's no way to read it from the outside of the device. The only way to find out which version of the firmware it's running is to go through the setup process. Once you get it set up and connected to ledger live. You can go into the "my ledger" section on the left and it will tell you what version of the firmware you're running. The latest version of the firmware is 2.2.2. The first version since the "recover service" was 2.2.1. The last version before any recovery service functionality was added is 2.1 .0.
They haven’t done it yet but what happens when government asks for it? Like the IRS can get your bank to do things such as garnish wages? Storing your secret phrase with 3 different companies just means hackers need to hack 3 places. Nonsense. It’s still less secure.
Hi. First off thank you for all your videos. Can you direct me to a video that covers how to transfer funds from one ledger nano X to another ledger nano X (completely new address…not additional access to original address). Thanks.
I would recommend this video that shows you how to manage more than one device in one copy of Ledger Live. Once you have that set up, you can transfer between the accounts. Master Your Ledger Nano Devices Managing Multiple Wallets in Ledger Live ua-cam.com/video/IDuiuPiY3eg/v-deo.html
Does Ledger remove your crypto apps when it updates the hardware wallet? I ask because you mentioned that you were reinstalling all your app's that were on the device before.
It sounds like you don't have an Internet connection. You might want to reset your modem, reboot your computer and do the normal kind of troubleshooting that you do to make sure you have an Internet connection
But if someone had your private keys that has been exported by this ledger recover service, they can recreate your ledger on a new ledger device and then they now have a device to transact. Duh!!!
I just received my Nano X 7/11 yesterday I set up and took my crypto off the exchange and sent to my wallet address on ledger live and Nano X (I know it stays on blockchain) now today I tried sending to and setting up new account now I can’t do anything because it tells me I have to update the firmware by connecting it to desktop I don’t have one that is whole reason I got ledger live app and Nano X so I could do it with phone now my crypto is like being held hostage do you know of another way thx $tuck
When I mentioned Santa Clause, I was referring to the fact that people believed the Ledger Nano device was %100 cryptographically trustworthy on its own. That was a fairy tale, like Santa Clause. Ledger never said that was the case, people just believed it. The truth is that the secure chip element that derives and stores the private key is proprietary technology and not open source. Therefore it requires a level of trust in the company. (No disparagement intended for people who still believe in Santa Clause)
Are you serious, Santa Clause isn't real 😉lol 🤠
LOL
I am totally new at crypto Bought a good amount. Still on exchange.
Which Ledger is easiest to use ?
So this backup of the private keys I can “opt out” of it right? I’m very afraid of this update as I have all my savings here
I noticed they changed the format for the numbers for entering the pin on the device and because of that I have not been able to figure out how to choose the right numbers and enter the correct pin. Can you please help me CryptoDad? I need help. Thanks!
I started with ledger and I liked it, no issues until this backdoor was revealed. I moved all crypto off of it to tangem. I've worked hard for the money that I have invested in crypto. I'm not going to put trust in ledger or anyone else who isn't transparent and open source from this point forward.
I am loving my tangem
Any recommendations for best transfer options? I usually find it cheaper to use exchange such as kucoin. Although CB has upped their game with regards to advance trading thus alleviating heavier fees
@@Web3Prep all exchanges charge fees for transfer plus network fees but if you really want to save money convert into LTC, xlm, or XRP and send to your cold storage but when you do that it’s a taxable event.I do it sometimes usually I just pay the fees
Waiting for my tangem... Then transferring
@@techwrightauto you’ll like it a lot man it’s easy to access all your money just buy a faraday cage for your backups and hide them don’t put more than one together because if the feds raid your house and they find two they’ll steal your money if they find one they can’t do anything with it
Thank you for your instructional videos. I'm reviewing them before I put anything on my wallets. I appreciate your continuing dedication.
Thanks for this vid again CD. Relying on your vids on the technical point of crypto / storage since 2017/18 !! Big up !!
I just don't understand why Ledger don't simply drop this and make a separate ledger with different software for dumb people. They should have emailed us to give the best way forward.....till then, I am not updating firmware or Ledger Live. REMEMBER, these are the guys that let our email addressed and other info get posted online because of a database hack, so the last thing we need is them helping hackers.
Seriously why did they force this on our old ledger X
You will have to update or change cold wallet, you can’t just sit behind with firmware updates, they also include security patching
Im just worried that Ledger is bending to government control and this is the first step. Ledger appeared at a WEF forum a while back, my alarm bells are ringing very loud.
Quite right. Watch out!
Yes, that has been my suspicion from the moment that I heard about this new Ledger wallet "service".
It's all risky in crypto. But sometimes prevention is best. Diversify.
Clearly, he doesn't know about the WEF
For We the People...and us in crypto....we should be pushing back against WEF etc across the board. We make the mistake of just sitting and watching and reacting vs being proactive. I think in general us crypto small fish get neutered by the influencers that just tell us to sit and wait for the lambo to drop from the sky. smh.
Ive been following you for atleast 4 years ...i told you years ago you remind me of a college professor i had ...calm voice concise honest information...i agree over reaction like everything on crypto media for views...thats not you professor ...lol i like tangem its different and its ease of use is second to none but i still use ledger .....
Cool I did a video on Tangem too if you are interested: ua-cam.com/video/Pxv-nYbtHe4/v-deo.html
I updated mine with no issues and I am not worried about it and will still use it. Others will probably do the same..
Other jump off cliffs, too. Doesn’t mean I will.
@@unsignedmusic😂😂😂
My Concern is not with Ledger stealing Crypto it is more with Ledger creating a way for governments to get control of peoples assets. One of the main points of crypto is to get out from under repressive government control over your finances.
Totally agree which is why I would never use their recovery service. Not only does it require KYC, which links your crypto to your identity, but remote storage however cryptographically secure can be requested/demanded by any government.
This "obitdepu2110" is a scammer avoid them.
Yes, but as I understand, you do not need to opt in for Ledger to have the "ability" to retrieve keyphrase. The new firmware sets up the framework. They announced that it can be done, and now they can be compelled by governments to provide the keyphrase they announced that they can extract. Not YOUR key, not your crypto.
Don't we KNOW that Ledger's latest firmware update installs a backdoor because they announced it? It is what makes their "Recover" service possible, enabling them to extract your private keys upon your request or the request of an identity thief or government agency.
correct me if i'm wrong but i would imagine all cold storage wallets can access if they wanted to, only difference is ledger is offering a custodial service with this ability
i dont think its so much as there is no santa claus the thing was that we found out ledger was not as we were told it was by ledger . whats with the santa thing .
I am referring to the fact that people believed the Ledger Nano device was %100 cryptographically trustworthy on its own. That was a fairy tale, like Santa Clause. Ledger never said that was the case, people just believed it. The truth is that the secure chip element that derives and stores the private key is proprietary technology and not open source. Therefore it requires a level of trust in the company. (No disparagement intended for people who still believe in Santa Clause)
Thanks. I was looking for an update about this topic after the news and fears spread on the cryptoverse. You are the only one that I know who did an update following all the hype one month ago. That speaks about professionalism and reliability with your content.
Thank you for the video and the open discussion on the firmware update. I kept using Ledger and updated the firmware today. I still believe that Ledger is a safe option for me (compared to other choices)
did you have to reinstall your seed phrase too? wtf? I dont trust anyone in crypto no more..
Thanks for the logical explanation!
A simple case of risk vs reward... what you stand to gain vs what you have, in my case what I have works fine and it's what I researched and agreed to
I follow your videos and really appreciate them. Ledger lost my trust so not using them.
well said, u're still my favorite crypto guy, been watching u for over 3 years now!
Thank you, I appreciate that
Yay Rex. The only content provider who actually walks the walk.
He's only got 5k on his wallet. If it was in the 100ks then fair do
thank you somuch I have learned so much from you !!! thank you again for being so open and honest!!
How do you ensure you are updating but you do not activate their seed recovery service?
Did you find this info out?
I can’t log into my account!
They forcing for the update and to sign up for the recovery! No no for me
Thanks for putting it out there
The key to trust is to open-source the Ledger
Even then a back-door could be installed right?
@@tovarco Then go back to your Truested BANKS>
It is a backdoor, the third key is the same for all ledger users. Govt can just confiscate it, which means hackers can find a way in as well. Encryption either works or it doesn't. Ledger fundamentally broke it.
According to ledger the last key (along with the necessary 2 out of 3 Shamir shards) is based on the identity information provided by the user, so it would not be the same for every device.
I already update it 2 weeks before. Hopefully 🤞 everything is good in future. I still don’t care about switching to other devices. 😊
I don’t think they start stealing crypto but in a few years govs will start requesting this bs
Liberty safes just went through something similar. Giving back door security code to the feds without a subpoena.
Good video. jumped on here in the beginning of the 2023 bullrun to export some LINK ::)
Awesome, thank you!
If Ledger has access to your private keys, they can just set-up a new device with it and take full control over your Crypto. It's not a backdoor, it's more like leaving the front door wide open.
They don’t need to setup a new device. All anyone needs is your private key and some software to access your wallet. That being said, the private key never leaves your device without you utilizing the service and using the physical buttons on the device to allow the private key to be exported. Ledger is not stealing your crypto. This is merely a service for people who are less tech and security savvy that would likely lose their recovery key or don’t feel they have a secure place to store it. Ledger is trying to give people options to help protect them from themselves.
@@F16_viper_pilotoh thanks for this reply. So I don’t have to share my private keys with them right?
What I’m afraid of is someone hacks or takes ledger by force and take our private keys
@@F16_viper_pilotyou sure it’s just an “option” to store this. I thought it allows ledger the company to get your private keys.
@@MetalBum Well, they offer it as an optional paid service, so I presume there are steps one needs to go through to establish a connection between you and the device and then to create and transmit the shards. If their intent were nefarious and they could just take your keys then you have to ask yourself for what purpose and why bother advertising a service when they could just not tell people at all.
Thank you so much
I am glad that Trezor was my first hardware wallet. I would still use ledger but not as a primary hardware wallet, more like an extra wallet. I would treat ledgers like a good software wallet. I think that incident has forever tarnished their reputation
trezor is even worse LOL
if someone steals your trezor he can easily hack it through his PC.
if someone steals your ledger, he cant cuz it has a Security Element in it. that is also closed source which he wont know which and what code it has to crack it.
I don't know about easy I watched a video on someone hacking an old Trezor to get old crypto out of the owners wallet and it took him like all day and he was an experienced hacker
@@Methuselah969V yeah which is easy for someone who is not experienced to pay an experienced guy to crack it for him.
thing is its hackable, vs ledger that isnt.
plus you still get the same backdoor in trezor like u do with ledger, which is u need to trust the company that pushes firmware to your trezor just like ledger company pushes to ledgers.
@@helioshyperion8077 You can use a passphrase and Nobody can crack it without the passphrase. This effectively adds an extra word to the seed phrase, creating a brand new 'Hidden wallet." A passphrase protects your Recovery Seed and is not stored anywhere, meaning if someone compromised your Recovery Seed (by stealing your Trezor and hacking it), they would not be able to access your accounts - unless they also knew your passphrase.
@@a3marketing991if true, this is a great point! I haven’t looked into it but this makes sense.
very useful video and interesting, thank you.
as always - accurate and well considered pragmatic insights from the ultimate Crypto Dad. Thanks a ton!
Great video 👍
Crypto is risky. Just gotta diversify your wallets.
Very true!
Its sadly a big hit to mass adoption.
For this reason I’m getting a Trezor
If ledger splits private keys three ways and keeps them encrypted in cloud services, if they get into hands of bad actor, our crypto can be stolen by the bad actor. When they have private keeps, they don't need hardware wallet to move crypto out.
You can argue whatever you like, but only until your assets are lost.
Yes; and also there's the issue of a government subpoena.
The whole point of crypto (Bitcoin anyway) is to have complete control over your money. I don't remember Satoshi saying in the whitepaper anything about trusting to a certain extent some company with your private keys.
Thanks Rex for the informative content!
Thank you! One question... Have you tried to stake ETH through ledger using Kiln? Thoughts?
I did it recently.. so far so good
Thank you!
I was thinking the same thing....Ledger is so convenient for staking (maybe some others are as well) I may keep it for that, and move other stuff to something else.
Firmware updates and trust are essential aspects of using a Ledger Nano X. What's your perspective on these issues? Let's start a constructive conversation below! Like, share, and subscribe to stay updated with the world of crypto.
You said use ability 👍
I used the 25th pass phrase to generate an hidden wallet, and I don’t tie it to a PIN just in case it keeps it in memory. It’s a pain having to key in the pass phrase every time but that’s for ease of mind.
@@megafirefly how do you do that
@megafirefly what do you mean tie it to a pin I don't understand please can you explain as this could be useful for me. Would you say its safer to import your seedphrase and pass phrase from trezor and use it on ledger as there are coins like icp and arweave that are not on trezor but on ledger so I've got to use the ledger
So basically it won’t be an issue until we use their new ledger service. Still safe to use
That is my take
I'm using the Ledger Nano S (Original) My biggest problem with this is they can wirelessly transmit your seed phrase. I don't like that and that is a big deal! I know technically they can't do it with the Ledger Nano S but in the future I will most likely be going multisig!
I’m going to keep my nano S until they announce that for it. I’m not worried just yet
@@ibrar4397I have the same. Announce what? New firmware for old nano S?
Please discuss The dark Skippy exploit
cryptodad thank you for your service. You know that We highly trust you . Can you be kind enough to tell us if you didn’t get paid to do this for ledger?
No, they did not pay me to do this video. They have never paid me. I do get commission when people purchase Ledgers through my affiliate links, but they have never paid me directly to produce content.
❤
How about a refund on the wallet? I didn't agree to buy a ledger with a back door.
Can you cover multi sig wallet which is way more secure than hardware wallet. You can also connect you hardware wallet to multi sig.
They can get to the key. That’s all you need to know
I picked up a Trezor imported my Ledger seed… Not all Crypto is viewable. One ETH Legacy account, ATOM, TRX….etc😮 I have also been doing some soul-searching, I am also updating my NanoX I will use both companies products, it always good to have a backup!😇
I did a video on how to access your additional ETH accounts on a Trezor device:
Using Custom Derivation Paths for Secondary Ethereum Accounts on Trezor: ua-cam.com/video/PFBxkisU90A/v-deo.html
my ledger firmware is 2.0.2 would it still be safe to update it? cheers Cryptodad
very good video! ledger is safe guys, dont worry. people habe to trust other people little bit more. if you dont trust anyone its better to buy gold and silver instead of crypto 😮
Hi man i have nano x and i send some doge coin but it stuck and said not confirmed i update ledger live but not my nano x you think if i update my nano x my balance will fix?
Any progress with the update?
Do you think that adding a 25th word phrase would creates a different account ?? and if that phrase was created as temporary, meaning it will not be saved on the device but creating the account at the time of the login only, which negate the backdoor claims?? what is your opinion on that? Can you please make a video on that topic?
That's a very good point. But if ledger themselves say that technically a malicious firmware upgrade can steal your seed phrase. So I will assume even the info about the temporary account in the device can be stolen (at the time when you are using it) by making the user sign in to something (the user pressing both buttons) by keeping some other usual text on the screen(by trick), the firmware in the back can send it to your ledger live app and out through the internet. Here we are talking about a malicious back door entry in the ledger's firmware working in conjunction with a malicious update in the ledger live app as well.
I think you are missing the point. Beyond they lied. We have no idea what is in this firmware. As far as we know the code really does leave a back door.
And my biggest problem is they said they were going to opensource this stuff. But still today the firmware isn't open source. Meaning both you and I have no idea how this new service works and we have to go on a "trust me bro" from ledger.
And you said many have to know about a firmware update in the company. Same with what happen with FTX, Bernie Madoff, and so on. There was people around them that were bad actors, and then an outward group that was legit. The inner group 100% knew what was going on.
To me, it is extremely simple. Don't release the firmware update unless if you open source it.
I agree that their firmware (or their secure element chip to be more specific) is not open source. But they never claimed that it was. Hence they never really lied about it. And as I mentioned, most of the other major hardware wallets have secure element chips in their wallets also. The Ledger Live software is open source and many other hardware wallets have open source app and desktop software. But the heart of most crypto hardware wallets is the secure element chip. Which is manufactured by third parties and does not run regular code like Python, Java, or C++. These chips run assembly code which is very specialized. It does not lend itself well to the open source model. These chips are also proprietary, closed source by design.
Hey dad, any chance of a vid on transferring btc from Ledger S to Blockstream Jade? Would it be the same as in your vid on transferring from Ledger to Trezor? Thanks for your work, cheers🤗
Great suggestion!
What hard ware wallets enable to store arweave and icp the only one i know of is ledger
You said exactly what I was thinking about this hi-drama over nothing since the beginning. That's why I never migrated or worried about this. It's so foolish think that way. BTW, thanks for confirmation dad!
at this point i see the companies like trezor etc. are just making extra money from the idiots. lol
So how do people feel about splitting between an X and an S? I like the Ledger because it’s so easy to set up and use.
I think the crypto community is in consensus right now that best practice is to spread your assets across multiple hardware wallets to mitigate. risk.
So that's TWO layers of Trust we must inherently accept: (1) Trust in Ledger, and (2) Trust in the third party Secure Chip Manufacturers (whoever they are). Nothing in crypto is ever 100% secure. Diversify hardware wallets I guess.
FYI: (from Google generative AI) STMicroelectronics makes the secure element chip for Ledger Nano. The chip is military-grade and is used in credit cards and passports. It's protected by a PIN code that you set.
A secure element (SE) is a microprocessor chip that can store sensitive data and run secure apps. It acts as a vault, protecting what's inside the SE from malware attacks.
Hi CryptoDad, can you do a video on how to add an ERC-20 token on Trezor T?
My issue is that I have zero trust in government agencies, but my Nano S barely holds three coins so I'm either going to have to juggle which apps I leave on it or use my X! 😅
So what is the point of this new Ledger Recover Service, would it not just provide another potential security/privacy risk? From Ledger Firmware Update... “At the moment, a passport/national identity card issued by the European Union, the United Kingdom, Canada or the United States is required to subscribe to the service.”
One of the most important benefits to an independent sane society is that crypto, for the most part, is decentralized... if you already have a Secret Recovery Phrase (probably more than one copy), why would you NEED or WANT an ONLINE service connecting your hardware wallet to your GOVERNMENT issued, monitored and controlled IDENTIFICATION? AND, why is it a Firmware update that probably can’t be removed instead of just an App? I trust current Ledger devices but won’t be updating the Firmware to their Ledger Recover Service!
What if you don't do the firmware update?
Firmware 2.2.3 for Nano X is out, which includes Ledger Recover service (the feature that ruins Ledger's trustworthiness). Is there anybody updated their device to 2.2.3 and does it work fine *without opting in* recover service?
Can we have an updated version of this firmware please 🙏
So, when you lose all you’re crypto, you’ll admit you were wrong?! Gee, thanks. That makes me feel better.
Yeah that was just a personal interjection in the heat of the moment for the people in the chat stream who were telling me I was wrong. I don't think it takes away from my overall rational for doing the firmware update. But, I defiantly understand it is not for everyone. That is why I did several migration videos form Ledger to other hardware wallets like Trezor, Keystone, and Ngrave
Step-by-Step Guide: Migrate Crypto from Ledger to Trezor Hardware Wallet: ua-cam.com/video/j7l_9xAAIw8/v-deo.html
What to do with your Ledger Nano X NFTs? Transfer to Nifty X: Unboxing & Setup Ultimate NFT Wallet!: ua-cam.com/video/2xZ3U73sOdE/v-deo.html
Safely Migrate Crypto Assets from Ledger Nano X to D'CENT Biometric Wallet | Ultimate Guide: ua-cam.com/video/PakQ1f4mtvI/v-deo.html
Securing Your Crypto: Migrate from Ledger to Keystone Pro Amid Security Concerns: ua-cam.com/video/jGIlie9W5Qg/v-deo.html
Unboxing & Secure Setup Guide for NGRAVE ZERO +GRAPHENE Backup: The Ultimate Offline Crypto Wallet: ua-cam.com/video/KspVwt-zGz8/v-deo.html
Thanks.
Hello @CryptoDad , are you using VPN to update? Or your regular internet?
Ok Sir, one question. when you connect your ledger device using bluetooth to the wallet you are online, correct. So it is possible to be hacked. You are transferring your crypto to the wallet and expose your security.
Thanks
but they can extract the Private key so they can re-store a new ledger and then they will be able to send off the cryptos on it.
"can" does not mean "will" or "does". Also, the keys cannot be exported remotely. They can only be exported by the user, just like when you sign a transaction. But if you think they are stealing your private key, just use a passphrase. If you use a passphrase the seed phrase is useless to anyone else.
How to Protect Your Bitcoin using a Ledger Nano Secret Passphrase: ua-cam.com/video/D3xIsdtmgck/v-deo.html
@@CryptoDadgee you are putting a lot of trust in ledger. Given that for many it's their life savings I think that's a dumb idea.
Cryptodad never speaks of the open source hardware wallets like Blockstream Jade and ColdCard. These wallets are extremely popular because they are open source (among other reasons)
I contacted cold card and they are shipping me one of their wallets!
@@CryptoDad That's great Cryptodad. I am really curious what your opinion on Blockstream Jade is too.
@@CryptoDad I think what everybody is wanting is a new safe alternative to ledger. Since they betrayed their customers in my opinion. I’m not a fan of this new seed phrase retrieval crap.
Love you Dad 😆 🤣 ❤️ 🍻
As a CISSP security expert, I will say that your laissez-fair attitude is just a little bit foolish. Ledger has admitted that the hardware key can be extracted from the Ledger X after upgrading to the latest firmware. Trezor hardware has successfully been hacked. You are entirely correct when you say that diversification is important. I have a half dozen hardware wallets and diversify my assets between them. Ledger, however, has been removed from my collection until more information comes out. And I don’t own a Trezor. Crypto already has risk, it is smart to do a risk assessment, know where your risk tolerance is and remove the items that cause you to fall below your tolerable risk. But with Ledger’s history of being hacked and now their ability to get your hardware keys, I can’t bring myself to trust them enough in what is supposed to be a trustless environment.
Love you Channel brother I don't trust doing mobile crypto I don't trust QR codes and I don't trust Bluetooth and NFC so how do I get XDC off and an exchange without using those or a third party wallet
So then is it more secure than Tangem card, as you recently just talked about it and I got the impression that you thought it was quite secure. Thank you for your response
I agree that ledger is probably safe, but your statement about not being able to do anything without the device is inaccurate. If, for instance, the government subpoenaed Ledger and Ledger gave them your private keys, they could just import them into a new device.
I agree, if you use their Backup Service, then the government/law enforcement can compel them to reveal it. If you don't use the service, Ledger (the company) does not have access to your seed.
If I’ve added passphrase accounts, in theory could they be at risks as well from the firmware update? Could the passphrase also be hacked?
So, I bought a Nano about 2 weeks before the big announcement... How would I know wether or not my Nano came pre-installed with the new firmware?
Where could I find the firmware serial numbers on the device and/or online?
Any help would be appreciated 👍
Went back and saw on video.. 2.2:1 New Firm.
I guess anything before this...
As far as I know, there's no way to read it from the outside of the device. The only way to find out which version of the firmware it's running is to go through the setup process. Once you get it set up and connected to ledger live. You can go into the "my ledger" section on the left and it will tell you what version of the firmware you're running. The latest version of the firmware is 2.2.2. The first version since the "recover service" was 2.2.1. The last version before any recovery service functionality was added is 2.1 .0.
CryptoDad I have a question: Is Trust wallet needed for xrp xlm or can I leave on my Ledger nano when the conversion happens?
They haven’t done it yet but what happens when government asks for it? Like the IRS can get your bank to do things such as garnish wages?
Storing your secret phrase with 3 different companies just means hackers need to hack 3 places. Nonsense. It’s still less secure.
So does the update to the most recent firmware sllow them to extract my seed phrase or does me opting in allow for that? Thanks
Hi. First off thank you for all your videos. Can you direct me to a video that covers how to transfer funds from one ledger nano X to another ledger nano X (completely new address…not additional access to original address). Thanks.
I would recommend this video that shows you how to manage more than one device in one copy of Ledger Live. Once you have that set up, you can transfer between the accounts.
Master Your Ledger Nano Devices Managing Multiple Wallets in Ledger Live
ua-cam.com/video/IDuiuPiY3eg/v-deo.html
Does Ledger remove your crypto apps when it updates the hardware wallet? I ask because you mentioned that you were reinstalling all your app's that were on the device before.
If they access to your funds, then you might as well use a local bank
My ledger has been hacked, with all the assets I've been holding for over 4 years. I do not know what I can do.
I tried to update mine last night now my nano x was stuck on bootloader and want do anything
2.21 firmware update just fucked up my shiba wallet trough bep20. i cannot see how much my shibs worth... i dont know why, do you have any idea?
Hi there, do you know how to store reddcoin and ETN which I don't think ledger supports/ Thanks.
Good day Sir you crypto is still save??? As I still have not done my firmware update
Yet ledger has promised to open source their code so your reasoning is incorrect
I keep having “synchronization error, API HTTP 404”
How do you fix that? Could you please do a video or someone here can help me. Thank you❤
It sounds like you don't have an Internet connection. You might want to reset your modem, reboot your computer and do the normal kind of troubleshooting that you do to make sure you have an Internet connection
But if someone had your private keys that has been exported by this ledger recover service, they can recreate your ledger on a new ledger device and then they now have a device to transact. Duh!!!
What about if an employee/s goes rouge and exposes and steel all customers seed phrase?
Was the ledger guy not seen with claus swabb???
I've been putting off this update, but I finally pulled the trigger thanks to you. I trust your judgement and experience, CryptoDad
Imagine not thinking for yourself. I bet if something goes bad then he will become crypto enemy
I just received my Nano X 7/11 yesterday I set up and took my crypto off the exchange and sent to my wallet address on ledger live and Nano X (I know it stays on blockchain) now today I tried sending to and setting up new account now I can’t do anything because it tells me I have to update the firmware by connecting it to desktop I don’t have one that is whole reason I got ledger live app and Nano X so I could do it with phone now my crypto is like being held hostage do you know of another way thx $tuck
I’m having trouble updating my Nano S firmware to version 2.81.2. Has anyone had the same problem? Thank you in advance.
Any progress with the update?
I'm using ledger, why not?😎
Thank you CD, I'm with u - spread the risk - E A S Y.....!!!!
If I use a pass phrase on my ledger. I’m good right?
thoughts on DCent and Tangen wallets?