Das Ledger Fiasko – Hier sind die guten Nachrichten
- Dieses Thema hat 13 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 8 Monaten von
aktualisiert.
-
Beiträge
-
-
Ich wollte mir einen Moment Zeit nehmen, um auf die jüngsten Frustrationen und Kontroversen um Ledger einzugehen. Es ist unbestreitbar, dass das Unternehmen derzeit einem Sturm der Kritik ausgesetzt ist, und es ist verständlich, dass viele von uns in der Community frustriert sind. Gelöschte Tweets und fragwürdige Kommunikationstaktiken haben nur noch mehr Öl ins Feuer gegossen und machen es für einige schwierig, dem Ansatz des Unternehmens zu vertrauen.
Doch inmitten des ganzen Chaos gibt es meiner Meinung nach einen Silberstreif am Ledger-Fiasko. Gehen wir einen Schritt zurück und erinnern wir uns an den Great Crypto Exchange Meltdown. Es war ein Weckruf für die gesamte Gemeinschaft, wie wichtig eine verantwortungsvolle Krypto-Verwahrung ist. Der Vorfall hat uns vor Augen geführt, dass wir vorsichtiger und wachsamer sein müssen, wenn es darum geht, unsere digitalen Vermögenswerte zu schützen.
In ähnlicher Weise werfen die Fehltritte von Ledger ein Schlaglicht auf die Hersteller von Cold Wallets. Wir hatten den Irrglauben, dass alle Cold Wallets sicher sind, als ob es keine Rolle spielen würde, von welchem Hersteller sie stammen. Wir haben sie alle in einen Topf geworfen. Dank Ledger wissen wir jetzt, dass das nicht der Fall ist. Wir achten jetzt genauer auf die spezifischen Parameter und Feinheiten von Hardware-Wallets. Es geht nicht mehr nur um die Software, sondern wir müssen auch das Innenleben der Hardware verstehen. Es wird immer deutlicher, wie wichtig es ist, dass sowohl die Software als auch die Hardware vollständig quelloffen sind (natürlich ist das keine hundertprozentige Garantie, aber es ist immer noch die beste Alternative, auf die wir uns verlassen können).
Die jüngsten Strategien von Ledger haben uns vor Augen geführt, wie sehr wir uns bei der Wahl einer Cold Wallet auf den Ansatz eines Unternehmens verlassen. Es ist eine Erinnerung daran, dass eine gründliche Recherche vor dem Kauf nicht nur ratsam, sondern unerlässlich ist. Wir müssen das Sicherheitsniveau berücksichtigen, mit dem wir einverstanden sind, und dementsprechend fundierte Entscheidungen treffen. Während einige Ledger als geeignet für ihre Bedürfnisse ansehen, ist es für andere vielleicht eher ein abschreckendes Beispiel als eine bevorzugte Produktwahl.
Ich persönlich glaube nicht, dass unsere Gelder morgen aus unseren Ledger-Brieftaschen verschwinden werden. Ich habe jedoch beschlossen, das Gerät zu wechseln, weil ich Bedenken hinsichtlich der strategischen Ausrichtung, des schlechten Kommunikationsmanagements und der Tatsache habe, dass mein Saatgut das Gerät verlassen kann. Ich möchte keine Unternehmensphilosophie unterstützen, die Zweifel an der Sicherheit meines Vermögens aufkommen lässt.
Abschließend lässt sich sagen, dass das Ledger-Fiasko eine wertvolle Lektion für uns alle darstellt. Es zeigt, wie wichtig es ist, sicherheitsbewusst zu sein und gründliche Nachforschungen anzustellen, bevor man sich für eine Cold Wallet entscheidet. Wir müssen die Feinheiten von Hardware und Software verstehen und fundierte Entscheidungen auf der Grundlage unserer individuellen Präferenzen treffen.
-
Well said. i dun want to wake up in one of the morning with a breaking news: „Millions of crypto customers‘ c-phrases were leaked…we are currently investigating. We apologise for the incident.“ bottomline if you can still sleep well at nights knowing your hundred of thousands, millions of dollars or $5K or 20K of cryptos are safe with them. then stay with them. But i can’t…
-
A well written and considered post. Based on recent discoveries, I’m leaving Ledger behind and opting for Coldcard. Wanted bitcoin only cold storage for a while – especially as Ledger has got more and more shitcoin stuff and the endless updates to accommodate new crap like that. Also want air gapped, open source. Coldcard seems the best option for all my requirements. It’s frustrating as will have to update all my opsec, but also that’s good in some ways as should be done regularly to check it’s as good as it can be.
-
The only hitch is needing to be INFORMED.
I would find it hard to believe we get complete info. I cant imagine there is any scenario that the Gov does not have a backdoor. The USA has forced other governments to allow them access to private bank holdings. If they can force other countries, there is little to stop them from doing it to a business.
-
-
u/lirumlarum42 “ It was a wake-up call for the entire community about the importance of responsible crypto custody. The incident highlighted the need for us to be more cautious and vigilant when it comes to safeguarding our digital assets.
Similarly, Ledger’s missteps are shedding a spotlight on cold wallet manufacturers. We had the misconception that all cold wallets are secure, as if it didn’t matter which manufacturer they came from. We grouped them all together. Thanks to Ledger, we now know that it’s not the case. We’re now paying closer attention to the specific parameters and intricacies involved in hardware wallets. It’s no longer just about software; we need to understand the nuts and bolts of the hardware as well“.this ^^^^^^^^^^^^^^^^^
I was upset at first then I realized I only had myself to blame. it has been a whirlwind of emotions but I actually think it was kind of badass for ledger to say this and actually educate users. i saw the old founder’s post and he said the same things. he wishes that people cared more about the tech but they just relied on this „magical“ feeling that they were confusing with „trusting“ that the tech was secure.
every single aspect of life is based on trust and that lesson was the biggest one I took away from this whole situation.
-
I remember when I was looking to get my first hardware wallet. It was between Ledger and Trezor. I ultimately went with Ledger because of the following:
1. The amount of coins supported.
2. Phone app
3. BluetoothNumber 1 was the deal breaker. Now I could switch to Trezor but I do have a few coins that are not supported which defeats the purpose of having a hardware wallet, imho. Im using a hardware wallet for the following reasons:
1. Self custody of my coins/keys.
2. One interface/pane of glass for all my coins.
3. Not having to remember all the wallets my coins are in.Number 3 is like having multiple 401k from multiple employers in the states. Each employer uses a different financial institution (for the most part) for their 401k. For example: Fidelity, Vanguard, TD AmeriTrade, Edward Jones, etc.
So with everyone that is ready to jump ship (at the first sight of water), just remember it’s not always greener on the other side.
-
-
-
-
> I personally don’t believe that our funds will vanish from our Ledger wallets tomorrow.
I agree, but that’s not the issue.
The issue is what happens six months from now. Or a year from now. Or a few years from now. Ledger has announced to every hacker worldwide that their firmware has the code needed to extract the user’s keys. It’s only a matter of time before somebody hacks it.
> **yes a firmware update can extract the seed**
> [SOURCE](https://np.reddit.com/r/CryptoCurrency/comments/13ldgcl/my_personal_view_on_the_pr_disaster_from_a_ledger/jkpnk2h/): murzika, Ledger Co-Founder, Former CEO, and Former Chairman
Never forget, Ledger has already been hacked.
> Ledger wallet users face mounting home invasion and other scareware threats as hacker dumps private customer information online.
> SOURCE: [Cointelegraph, December 24th, 2020](https://cointelegraph.com/news/ledger-data-leak-a-simple-mistake-exposed-270k-crypto-wallet-buyers)
Ledger violated my trust. I can’t think of anything they could do to earn it back, and it sure doesn’t look like they’re even trying.
Ledger doesn’t care about us. They want the easy money of monthly subscription dollars.
-
Well thought out post. On a real level, I’m not entirely sure where this leaves Ledger users who, like myself, not only keep, but stake various alts through their hardware wallets. I stake both Dot and Atom, as well as various Polkadot parachains and Cosmos airdropped coins. The Ledger has always felt like a great balance of ease of use and security. Now that the security part is not so assured, I went looking at alternatives.
I found the Ellipal, for instance, which allows staking of both Cosmos and Polkadot– but does that extend to ecosystem coins? Also, you have to pick their one available validator if you stake ATOM. That sucks. Is Trezor the only alternative then? And, if so, doesn’t it have some of the same vulnerabilities as the Ledger?
I really hate being in this situation, I hate that Ledger misled their users, and I’m not completely sure where to go from here except to either stop staking, put everything into BTC, or find another hardware solution that is either unwieldy or equally problematic.
-
-
> The importance of having both software and hardware that are entirely open-source is becoming more apparent
There’s a tradeoff. Secure hardware is more difficult to open source, and it gives you protections against physical attack that you don’t get with generic hardware. If you expect your funds to survive theft of the hardware by a [modestly](https://blog.ledger.com/Unfixable-Key-Extraction-Attack-on-Trezor/) sophisticated [attacker](https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/), you want secure hardware; otherwise you might need a multisig and devices in multiple safe deposit boxes if you have enough funds to attract that sort of expertise.
That said, Ledger seems to use this as an excuse. They don’t even open the code that runs outside the secure enclave.
I’m looking forward to seeing what GridPlus is able to open in Q3; they can at least do the parts external to the secure environment, and just that would let people verify how the two sections communicate.
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.