Also… ist Ledger kompromittiert oder was? Scheint so, als ob der ganze Skandal sich in Luft aufgelöst hat.

Ledger CEO: whether you knew it or not you have always trusted ledger not to introduce firmware that would extract private keys. It’s always been possible. That’s from the CEO himself. Make of it what you will.

nothing has changed. they can and will deploy a firmware capable of exfiltrating your keys. they promise not to unless you pay them to. they promise to protect the exfiltrated shards, and not turn them over to governments without due process.

it looks like it’s blown over because people have either accepted the world as it is, or moved to other technologies. not worth staying mad forever. pick a path and move forward.

Nothing changed my dude, the newest thing is ledger’s support for paypal (PYUSD). It’s not blown over. They are still compromised, in a sense of how many seed shards that are needed to access anyone’s wallet. Currently, a party only needs 2/3 pieces to access any wallet. It sounds like an option that ledger is „offering“, but… it could very well be mandatory later down the line.

The problem with this seed backup proposal is, 1st piece is stored with ledger themselves and the 2nd piece is kept with a „trusted 3rd party“ and the 3rd piece with the owner of the wallet. With the fact that any 2 parties can access any wallet, if that owner has opted for this backup…. that „trusted party“ litterally can be anyone, even the government.

If you look into history alone, the government will take money if given the opportunity.

They aren’t putting out good customer service. When it comes to safeguarding cryptos this is essential especially when there is so much dependence on a small, hard to read wallet. Any solid, successful company needs to distinguish itself by quality products joined closely to excellent customer service to ensure good repairs whenever needed.

they were never compromised, people collectively learned (or not) what firmware is

Never were compromised, the whole „scandal“ was noise, yes it’s safe to update.

Ledger essentially backtracked, at least for now. But the damage to the company’s trust and reputation was already done. The mere fact that they thought the Recover service was a good idea to inject into existing Ledger devices made it evident that in their quest to expand their user base, they didn’t understand why their existing users chose them in the first place.

A lot of Ledge users have simply given up on the company and switch to a different hardware wallet.

Never was compromised.

Like everything else in crypto blown out of proportion. There has to be a level of trust with you do or don’t. You trust the airline to thoroughly screen the pilot do you check the pilots credentials before take off or do you sit down and put your seat belt on and trust….

ledger is not compromised and has never been.

in fact, nothing security-related has changed unless you opt-in the upcoming Recover service, which requite ID verification and is not free. Of course you should trust ledger that their firmware is not malicious and cannot be exploited, as always.

It’s not „compromised“. They just done a big light on the fact they could always extract the seed from your Ledger, and choose not to.

The major security/privacy risk that is the Recover service hasn’t started operating yet, and is opt-in. And maybe the furor will nudge them into open sourcing more of their code.

No one has yet to report missing funds. Just saying.

Like everything else in crypto blown out of proportion. There has to be a level of trust with you do or don’t. You trust the airline to thoroughly screen the pilot do you check the pilots credentials before take off or do you sit down and put your seat belt on and trust….

Ah fuck sakes this shit again

At this point there’s a few people on here. 1. People who just accept nothing is 100% secure and still think ledger is their best option. 2. People who work for other wallet companies spreading fud to boost their sales. 3. People who don’t work for other companies but come in here to try and convince ledger users that they should switch to their subjective superior choice of wallet product. This is r/ledger not r coldcard, Trezor, air gapped. Just wish all the fud spreaders would stay out. There’s plenty of other places for them to discuss what they want to discuss

never were compromised? my setups working perfectly fine and fully updated.

OMG, rtfm…

Hey – we understand your concerns. Ledger is committed to providing the highest level of security for its users. The Ledger Recover service you mentioned is not yet available. When it does launch, it will be entirely optional. Even if you update your device firmware, it will NOT automatically activate the Recover service. You can learn more about it here: https://support.ledger.com/hc/en-us/articles/9579368109597-Ledger-Recover-FAQs

As for updating your Ledger device and app, it’s important to keep them updated to ensure the best security and functionality. Updates often include important security enhancements and new features. However, before updating, always make sure you have your recovery phrase on hand.

Regarding your question about the company’s status, Ledger has not been compromised. Ledger strongly believes in the open-source philosophy. Many of Ledger’s products are already open source, including Ledger Live and many apps that run on Ledger devices. Ledger has also recently open-sourced its cryptography library, which is part of its operating system. The company is working on its open-source roadmap to gradually open-source most of its operating system, starting with Ledger Recover. You can learn more about Ledger’s open-source roadmap here: https://support.ledger.com/hc/en-us/articles/11132311094813-Ledger-s-open-source-roadmap.

We’d encourage you to check out the white paper for an in-depth overview of the service: https://blog.ledger.com/Ledger-Recover-White-Paper/

As many others in this group i am also not to happy with the path Ledger chose to make the extraction of the keys possible because i think it is less safe.
Is it possible that this step is forced to Ledger by regulations of the EU or other entities, for me that would make sense. In theory new future regulations could force every wallet to have mandatory KYC, and if not complied to that KYC confiscation of the funds wich would only be possible if keys are available ?

Because there was no scandal it was all typical over reaction much a do over nothing. Ledger offered 3milliion bounty If someone anyone could crack into one they failed ledger passed carry on or move on