I recently got the new Ledger Flex and it is SWEEET! Here’s my full review of it: Ledger Flex Review: Suspiciously Good! ruclips.net/video/xqtdxg4XEAo/видео.html
Bravo! You covered all of the relevant points here. I myself came around to the fact that all of the FUD surrounding the ledger recover service was basically just that... FUD! But most of the objections that people raised were emotional and somehow the community latched on to that without really doing any research into the security behind Ledger recover. Thank you so much for this video. You covered this topic well. You even touched on the fact that other crypto hardware companies claim to be fully open source when they either aren't, (due to EAL certified secure element chips) or they don't mention that it's less secure. I also like the fact that you pointed out that even though many other devices employee secure element chips, many of their operations are performed on coprocessors "like the the ones you find in toasters" (love that quote!)
Big fan of your channel. Thanks for stopping by and leaving your .02 Rex! And it’s true. Since Ledger is the biggest and most popular, they are also the most criticized. I bet if people actually did the research, they’d find out a bunch of stuff they don’t like about other wallet brands too. Anyway, keep up the good work. - Alex
Seriously???? How quickly you forget! But I suppose when you are sponsored by Ledger to promote their products what else would anyone expect you to say? Yes - Most of us WERE very happy with Ledger. That is......UNTIL our personal information was STOLEN because Ledger FAILED to secure our PERSONAL DATA, which you FAILED to mention. That was BAD ENOUGH. Then with the revelation that they could potentially backdoor our private keys....that was all some of us needed to hear. Please tell us how many FAILURES we should have to accept before we say enough is enough?????? As much as I "Liked" using my ledger......I AM NOT AN IDIOT. I am STILL to this day dealing with scam texts, emails and phone call because of their failure to secure MY DATA. ONLY A FOOL would continue to use Ledger products. But hey.......it's YOUR money and YOUR Crypto. If you think they are "safe" to use......go for it. Personally.......I'm done with them and I would NEVER recommend anyone use their products. Guess money truly is the root of all evil.
Thanks for the info! 😃👍🏼👊🏼 ... I don't use Ledger Recover (I'm glad it's optional) but I do understand the use case for it, and that Ledger is positioning itself for the mass adoption of cryptocurrency by offering this service.
Thanks for watching! I’m glad to see you are open minded about the concerns. I wasn’t for the longest time. Glad I did more research. Also the flex is awesome! Here’s my full review if you haven’t seen it: ruclips.net/video/xqtdxg4XEAo/видео.htmlsi=mV5b1wz2JSJxjvgr
it was not bad communication it was a bad product. what they should have done is to either have a new product where it is enabled or have a firmware path that does not have that option at all. in any case the damage is done and I do not trust ledger.
@@cyberscrilla I disagree. what do we know is going on in the background? can we really trust that they are not collecting them shards already with out us knowing or some time in the future? no it was a dumb idea and should be a different product line for the people who want that kind of service.
Honestly I’ve always loved how the ledger wallets look especially the nano X the design is very nice so thank you for making this vid makes me more comfortable using the ledger
@@myyoutube5242 Keystone even has 3 secure chips and a self-destruction mechanism according to PCI level (Payment Card Industry). Keystone is therefore more than secure.
What trust was broken? It is more of a misunderstanding than it is actual trust broken. This is like breaking up with your partner for cheating when you never gave them a chance to speak when they were innocent the whole time.
I’ve worked in tech support for end user consumers so I understood a lot of the Ledger fiasco was a misunderstanding as well as incredibly poor communication from Ledger. HOWEVER, their willingness to turn over anything to governments under subpoena is highly concerning. I do understand that legally, they likely have no alternative. So my final concern/question though is: do you really believe they have nothing to turn over up the Feds? It’s not like they’d announce it if they did. (With everything that’s happened since 2020, I basically believe nothing said by any government, corporation or healthcare professional.) How can we verify they have nothing to turn over?
@@SmartPracticeSuccess they have nothing to turn over that would lead to your assets being compromised (your private key) which is what we all care about. This can be verified because Ledger is 95% open source.
Just buy all the wallets you whants and likes and put different amounts cause no wallet will be 100% perfect for you , there is always something you whant from one wallet in another wallet
Just wanted to say thank you for that video. I too was a hardcore Ledger fan until the “Recover” I loved the design of Ledger Live, the X, and the Stax but never wanted to give them a second look. But I really do appreciate your video. Gonna re-look into them 😉
“When you subscribe to Ledger Recover, the secure element duplicates, encrypts, and splits an encrypted version of the seed phrase (called the entropy) into three fragments. To initiate the process, you will need to physically consent to it using your device. From there, these encrypted fragments will be sent through three independent secure channels to these fragments’ backup providers. The secure channel allows mutual authentication and avoids man-in-the-middle attacks. During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments. To ensure your backup’s security, a separate and independent company in different countries secures each fragment. The three companies include Coincover, Ledger, and Escrowtech, and it’s important to note that no single company has access to the entire backup: each fragment is completely useless by itself. This ensures the highest level of security and removes a single point of failure. Additionally, each fragment backup provider uses a hardened, tamper-resistant server called a Hardware Security Module (HSM) to securely store these encrypted fragments.” Source: www.ledger.com/academy/what-is-ledger-recover
5:00 The problem with Ledger Recover, is that we don't know that it can't become a back door and we can't just take Ledger's word for it. The only way to make sure is to not use Ledger. Everyone should switch to Tangem.
They will never recover the trust they lost... it's over. There is no second act, no resurrection for them. The best they could have hoped for is to drop it, stop bigger better development and just admit it was a mistake and that future wallets would have only the bare necessary memory to function.
Thanks! And this is your opinion. Plenty of people continue to enjoy using Ledger products, myself included. And I trust the device to secure my crypto. And since a majority of the code is open source, you can verify the device is safe to use, and you don’t have to trust anyone.
Thing is, it has started asking to track key strokes to help Ledger improve data. I'm glad that I only placed a small amount on it. I will probably do the same for the rest I have and give them away as gifts for Christmas.😎😎😎😎😎
Great explanation! Question, if I remember correctly, you can choose to do the update or not to download the “Recover” update. I have updated my ledger but I’m not sure if that put “Recover” on my device or not. How would I know? Thanks
Not true. The option to use Ledger Recover is for all the operating systems. Think of it like the Ethereum or Bitcoin app. It’s there, but if you don’t use it, then you’re good. Creating a separate firmware wouldn’t even make a difference in terms of security. If you don’t opt-in and activate it it, it’s like it doesn’t exist. This is all verifiable because the code is open source.
@@cyberscrilla Yes, that’s what it was! You can choose to opt in or not. I wasn’t sure where that option was as I’ve never seen it and assumed it was part of one of the updates. Your explanation about the chip make me feel more secure about Ledger. Pun intended. ;) You’re my go to for trusted wallet reviews. Keep up the good work! Thanks
Personally, once I got used to interacting with apps, swapping crypto, etc.... because of the Nano S's limited storage, I got tired of adding / removing apps on the device. I think it only held a handful of the apps I needed (Eth, BTC and a few others). The X is a nice upgrade, good security, easier to hold, bigger storage, etc.... Those little things mattered (to me at least) over time.
Just go with the ledger Flex. More affordable, but similar usability as the Flex! Win win Here’s my review if you haven’t seen it: Ledger Flex Review: Suspiciously Good! ruclips.net/video/xqtdxg4XEAo/видео.html
Hi Alex, it seemed to me that you are trying to justify ledger, there is no trust in ledger and it can not be returned, and they themselves say in the documentation that they can provide information at the request of governments, Alex reputation in front of subscribers is more important than cooperation
That is your opinion. They DO NOT have anything to give to the government that would compromise security of your device. Plain and simple. They have basic info like your name, email, address. Which if you’re being subpoenaed, trust me, the feds already have that info.
Do you believe it is still safe to use a nano s ledger to sign transactions and store private keys? because it has been discontinued and I believe it will no longer receive updates
Ledger has already been hacked and all customer data from buyers in Ledger's online store was lost. The customers were then spammed and Ledger did not pay any compensation to the customers.
Not correct. Only if you sign up for Ledger Recover subscription, create an account, verify id, enter your pin, and approve it on your device. It’s not automatic. The user has to opt-in, approve it, and pay a monthly fee. So much misinformation out there.
Im back to ledger, i was blind by FUD thats why i use many wallets now, my wallets for now is Tangem trezor and im waiting for Flex , Flex and tangem will be main wallets
What if you accidentally sign a transaction that activates that process and sends the 3 shards to another 3 locations that one person controls? I recall way back when this was first announced during the AMA’s they said that a user could create their own recover system and get the shards without using the system they made for it for “security” since they said sober people may want to do this but without using their providers and doing kyc. But what if a bad actor tricked you into doing it? I asked this back then and never got an answer.
Well the process is secret Shamir backup. Many wallets support Shamir backup. But there is no way to accidentally send it to someone. You must go through the Ledger Recover process. Create an account, ID verification, PIN entry, device approval. You don’t get to choose where it goes during the process. And even if you could, again, the private key is encrypted, split into 3 shards, then sent through secure channels, so if someone say intercepted it, they wouldn’t be able to do anything with it because not only is it encrypted, but they’d only have one shard. So this is not of concern. And it’s all verifiable via the open source code.
You literally have to go through an entire KYC process for the ledger recover subscription. You have to send all your documents, ID, and selfie. Then before it activated you have to sign the trans on your ledger. People take whatever BS they hear and run with it LOL
Good points, all backed by facts. But here's the thing: the Ledger's firmware now has added an unnecessary lock on it. Every lock is supposed to keep people out, but it also gives thieves something to pick at. Secure element is secure, but the ledger firwmare now is capable to export the private keys. Since other wallets cost the same, I'm not sure why I'd pick the Ledger.
I think you missed the point. First, you agree the Secure Element is secure and all of this occurs within the secure element. That said, the private key does not leave the device. And Ledger Recover service cannot bypass wallet security. This is how it works: Your private key is split and encrypted inside the secure element (only at the user’s request and approval with physical access to the device). (Look up secret Shamir sharing) Therefore, the actual key is never exposed in full outside the hardware wallet. Encrypted shards of the key are sent through a secure channel. These shards on their own are useless. Only when they are recombined and decrypted inside your device can they be used to recover your wallet. As to why you’d use ledger over another wallet just comes down to personal preference. Besides security, usability is the next most important thing to me. Not only is Ledger very user friendly, but it’s compatible on both desktop and mobile devices which is a plus. And Ledger Live is very straightforward and useful. Aside from that, I’m a nerd for the tech. Ledger has used a first of its kind screen which limits battery consumption and further enhances security. So you get what you pay for. And to me, that’s worth it. To you, maybe not. And that’s cool.
Nope. I’ve been a ledger affiliate since 2021. I stopped talking about them for over a year. I finally did the research and decided there’s no reason to not use/recommend ledger again. Do your own research. Think for yourself. It’s all just noise till you get down to the facts.
With companies able to complete, what 16 Exahashes per second, and apparently quantum computing being around the corner, does something exist that protects our funds from a brute force attacks on private keys or seed phrases?
Yes, the secure element in most hardware wallets combined with your user-generated PIN protects the device from any kind of physical brute force attack.
@cyberscrilla That part I understand, I think. Any signatures for a transaction on a cold wallet must occur offline using the secure device and pin, which is then sent back to the network for processing. Right? My question, then is, even if i have a cold wallet, what would stop someone with strong computing power from going to any online site and attempting infinitely many times to import my seed phrase by guessing and create an online version of my wallet?
Randomness. The likelihood of someone guessing a 24-word seed phrase is astronomically low. A 24-word seed phrase, typically based on the BIP39 standard, has 2048 possible words to choose from for each position in the phrase. The total number of possible combinations for a 24-word seed phrase is: \[ 2048^{24} \] This results in (a number with 77 digits) possible combinations. To put this into perspective, the estimated number of atoms in the universe is about \( 10^{80} \). In practical terms, it would take an incomprehensible amount of time and computing power to guess a 24-word seed phrase through brute force, making it virtually impossible to crack. On top of that, if you create a pass phrase (your own 25th word), it’s would be basically impossible as this word/phrase is from your brain, not a pre-defined list of words.
No video necessary. You just take your seed phrase and import it into any brand hardware wallet. Generally when you setup a hardware wallet it’ll give you a couple options: create a new wallet or import a wallet. You select import then enter your seed phrase and you’re good to go.
Maybe. But you realize that’s not even the same category of wallet. Coinbase Wallet is a software (hot) wallet. It’s not recommended to store crypto on a hot wallet. Mainly for connecting to dapps and doing swaps. Tangem is a cold wallet. Much more secure than a hot wallet like Coinbase wallet and optimal for longterm storage.
Correct, ledger recover is NOT a backdoor. But that was never the trust issue.The trust was and is that from day 1 all of us were told, in written, by ledger "your private keys cannot leave and will the secure element" THIS is the issue, ledger recover or not, with my approval or without it, my private keys should never leave the secure element chip, even for backup or encrypted, or in shards. "Never leave means never leave"
This is where the misconception comes into play and where Ledger really messed up with their communication. Your private key itself still doesn’t leave the secure element. Instead, 3 encrypted shards are generated and sent out, which is a significant difference.
It’s not a copy of it. It’s 3 encrypted shards. You can’t do anything with a shard-especially a double encrypted shard. Ever heard of Shamir backup or Shamir secret sharing? It’s like that. Here’s more info: www.ledger.com/academy/topics/security/shamirs-secret-sharing
I always question how really objective these reviews are if they’re giving promotional discounts to someone’s audience to generate more sales. Are you really going to criticize a product that’s indirectly paying you !? I can’t get past conflicts of interest with a lot of reviews. You’re essentially being paid to do damage control.
Not true. I stopped recommending ledger wallets for years, and I was an affiliate that entire time. After doing my own research, I came to my own conclusion that their products are secure. You believe whatever you want. But ask yourself-where are you getting your info? Bozos on Twitter and Reddit that just repost misinformation all day? At least I did my own in-depth research and talked to people at the company. 99% of people will never do that.
Ok. That answers my question and I respect the research you do . I was just curious, I wasn’t accusing you of anything. But I think it’s a fair question to ask since you have a large audience for these product reviews, I don’t feel it’s a far fetched or potential conflict of interest.
My only problem with Ledger is that they think we know what they know and we dont, meaning nobody else knows none the wiser about Ledger Recover, and so the best thing they could do now is separate the normal consumer firmware with a standalone Recover firmware, even if they were the same, people would be none the wiser but the trustworthy action is there.
Separating firmware would literally make no difference. It doesn’t even make sense to do. I get it, that’s what “the people” want. But it would change anything technically or security wise.
This doesn’t even make sense. It wouldn’t make a difference. If you don’t opt-in and go through the setup process for Ledger Recover, it’s like it doesn’t even exist.
@@cyberscrilla why are you shilling for ledger now ? The community hated the feature and the way they announced it. They could have created a new product called ledger backup.
I recently got the new Ledger Flex and it is SWEEET!
Here’s my full review of it:
Ledger Flex Review: Suspiciously Good!
ruclips.net/video/xqtdxg4XEAo/видео.html
Bravo! You covered all of the relevant points here. I myself came around to the fact that all of the FUD surrounding the ledger recover service was basically just that... FUD! But most of the objections that people raised were emotional and somehow the community latched on to that without really doing any research into the security behind Ledger recover. Thank you so much for this video. You covered this topic well. You even touched on the fact that other crypto hardware companies claim to be fully open source when they either aren't, (due to EAL certified secure element chips) or they don't mention that it's less secure. I also like the fact that you pointed out that even though many other devices employee secure element chips, many of their operations are performed on coprocessors "like the the ones you find in toasters" (love that quote!)
Big fan of your channel. Thanks for stopping by and leaving your .02 Rex! And it’s true.
Since Ledger is the biggest and most popular, they are also the most criticized.
I bet if people actually did the research, they’d find out a bunch of stuff they don’t like about other wallet brands too. Anyway, keep up the good work.
- Alex
Seriously???? How quickly you forget! But I suppose when you are sponsored by Ledger to promote their products what else would anyone expect you to say? Yes - Most of us WERE very happy with Ledger. That is......UNTIL our personal information was STOLEN because Ledger FAILED to secure our PERSONAL DATA, which you FAILED to mention. That was BAD ENOUGH. Then with the revelation that they could potentially backdoor our private keys....that was all some of us needed to hear. Please tell us how many FAILURES we should have to accept before we say enough is enough?????? As much as I "Liked" using my ledger......I AM NOT AN IDIOT. I am STILL to this day dealing with scam texts, emails and phone call because of their failure to secure MY DATA. ONLY A FOOL would continue to use Ledger products. But hey.......it's YOUR money and YOUR Crypto. If you think they are "safe" to use......go for it. Personally.......I'm done with them and I would NEVER recommend anyone use their products. Guess money truly is the root of all evil.
Is the Trezor one good to buy?
Thanks for the info! 😃👍🏼👊🏼 ... I don't use Ledger Recover (I'm glad it's optional) but I do understand the use case for it, and that Ledger is positioning itself for the mass adoption of cryptocurrency by offering this service.
Exactly!
Thanks for this, I was planning on getting a flex. I’ve heard about the fud. Thanks for clarifying, subbed!
Thanks for watching! I’m glad to see you are open minded about the concerns. I wasn’t for the longest time. Glad I did more research.
Also the flex is awesome! Here’s my full review if you haven’t seen it:
ruclips.net/video/xqtdxg4XEAo/видео.htmlsi=mV5b1wz2JSJxjvgr
it was not bad communication it was a bad product. what they should have done is to either have a new product where it is enabled or have a firmware path that does not have that option at all. in any case the damage is done and I do not trust ledger.
Creating a firmware without it would make no difference. Literally. It’s pointless. If you don’t use it, it’s like it’s not there
@@cyberscrilla I disagree. what do we know is going on in the background? can we really trust that they are not collecting them shards already with out us knowing or some time in the future? no it was a dumb idea and should be a different product line for the people who want that kind of service.
It’s called open source code.
@@cyberscrilla it is called a dumb idea and it was obvious from the start yet they did it. if it was a different product no one would care.
Honestly I’ve always loved how the ledger wallets look especially the nano X the design is very nice so thank you for making this vid makes me more comfortable using the ledger
Thanks for watching. Glad I could help
When the trust is gone, 1000 facts can no longer help. Switch to Keystone and even get 20% if you previously had a ledger.
Ok. But his point is interesting. Is the Keystone chip less safe than an EAL ratified one.
Don’t trust then, verify. The code is 95% open source my guy.
@@myyoutube5242 Keystone even has 3 secure chips and a self-destruction mechanism according to PCI level (Payment Card Industry). Keystone is therefore more than secure.
What trust was broken? It is more of a misunderstanding than it is actual trust broken. This is like breaking up with your partner for cheating when you never gave them a chance to speak when they were innocent the whole time.
I’ve worked in tech support for end user consumers so I understood a lot of the Ledger fiasco was a misunderstanding as well as incredibly poor communication from Ledger.
HOWEVER, their willingness to turn over anything to governments under subpoena is highly concerning. I do understand that legally, they likely have no alternative. So my final concern/question though is: do you really believe they have nothing to turn over up the Feds? It’s not like they’d announce it if they did. (With everything that’s happened since 2020, I basically believe nothing said by any government, corporation or healthcare professional.)
How can we verify they have nothing to turn over?
@@SmartPracticeSuccess they have nothing to turn over that would lead to your assets being compromised (your private key) which is what we all care about. This can be verified because Ledger is 95% open source.
If i have $10 billions i never use Ledger recovery services. I don't trust anyone only myself.
I would never use the service period. And that’s exactly why it’s optional. The user gets to decide.
maybe a keystone 3 pro vs. ledger flex video?
Just buy all the wallets you whants and likes and put different amounts cause no wallet will be 100% perfect for you , there is always something you whant from one wallet in another wallet
Exactly!!!
Thanks for the 'fair' video.
Thank you for watching!
@@cyberscrilla 👍
Just wanted to say thank you for that video. I too was a hardcore Ledger fan until the “Recover” I loved the design of Ledger Live, the X, and the Stax but never wanted to give them a second look. But I really do appreciate your video. Gonna re-look into them 😉
Thanks for watching! It’s definitely worth digging deeper than the FUD
The main question is still not answered.
If you sign up for the recover service, how do they exctract your keys?
“When you subscribe to Ledger Recover, the secure element duplicates, encrypts, and splits an encrypted version of the seed phrase (called the entropy) into three fragments.
To initiate the process, you will need to physically consent to it using your device. From there, these encrypted fragments will be sent through three independent secure channels to these fragments’ backup providers.
The secure channel allows mutual authentication and avoids man-in-the-middle attacks.
During the process, the secure channel uses an ephemeral symmetric key to securely transport the fragments.
To ensure your backup’s security, a separate and independent company in different countries secures each fragment.
The three companies include Coincover, Ledger, and Escrowtech, and it’s important to note that no single company has access to the entire backup: each fragment is completely useless by itself.
This ensures the highest level of security and removes a single point of failure. Additionally, each fragment backup provider uses a hardened, tamper-resistant server called a Hardware Security Module (HSM) to securely store these encrypted fragments.”
Source: www.ledger.com/academy/what-is-ledger-recover
This makes me feel better. I did buy Tangem just hadn’t transferred any crypto over yet.
Ledger is good. Tangem is awesome too
@@cyberscrillaledger is also simple and easy to use. Especially the nano x and I can use it on my phone
if you only hold BTC then the original Ledger Nano s ( not plus ) works perfect and updates just fine. same for the original Trezor One . . .
5:00 The problem with Ledger Recover, is that we don't know that it can't become a back door and we can't just take Ledger's word for it. The only way to make sure is to not use Ledger. Everyone should switch to Tangem.
False. It’s open source.
They will never recover the trust they lost... it's over. There is no second act, no resurrection for them. The best they could have hoped for is to drop it, stop bigger better development and just admit it was a mistake and that future wallets would have only the bare necessary memory to function.
Thanks! And this is your opinion. Plenty of people continue to enjoy using Ledger products, myself included. And I trust the device to secure my crypto.
And since a majority of the code is open source, you can verify the device is safe to use, and you don’t have to trust anyone.
@@cyberscrilla Even I have ledgers but after this, I stopped buying more... is it really trust or just don't want to risk trying something new......
Thanks Alex. I have given up ledger and love Tangem
Tangem is great. And so is Ledger imo 👍
Thing is, it has started asking to track key strokes to help Ledger improve data. I'm glad that I only placed a small amount on it. I will probably do the same for the rest I have and give them away as gifts for Christmas.😎😎😎😎😎
But this is optional. It doesn’t force you to. Plus, anything important you enter, is entered on the device. Not ledger live
Horses for courses. Buy the wallet that suits your needs.
Nice details in the vid.
Refreshing to hear a balanced review.
Exactly! Thanks for watching
Great explanation! Question, if I remember correctly, you can choose to do the update or not to download the “Recover” update. I have updated my ledger but I’m not sure if that put “Recover” on my device or not. How would I know?
Thanks
Not true. The option to use Ledger Recover is for all the operating systems. Think of it like the Ethereum or Bitcoin app. It’s there, but if you don’t use it, then you’re good.
Creating a separate firmware wouldn’t even make a difference in terms of security.
If you don’t opt-in and activate it it, it’s like it doesn’t exist. This is all verifiable because the code is open source.
@@cyberscrilla Yes, that’s what it was! You can choose to opt in or not. I wasn’t sure where that option was as I’ve never seen it and assumed it was part of one of the updates. Your explanation about the chip make me feel more secure about Ledger. Pun intended. ;)
You’re my go to for trusted wallet reviews. Keep up the good work!
Thanks
@GuyTony Correct! And thanks for watching!
Thank you, very much Sir!!!
I think about getting the ledger Nano S Plus as my first wallet, what do you think?
Personally, once I got used to interacting with apps, swapping crypto, etc.... because of the Nano S's limited storage, I got tired of adding / removing apps on the device. I think it only held a handful of the apps I needed (Eth, BTC and a few others).
The X is a nice upgrade, good security, easier to hold, bigger storage, etc.... Those little things mattered (to me at least) over time.
@@ahthisisgood Ok, ty very much!
For your first ever hardware wallet, I think the S Plus or X would be fine. Or you might want to look into Tangem as well
Is it worth getting ledger stax ? I like ledger but it seems to expensive
Just go with the ledger Flex. More affordable, but similar usability as the Flex! Win win
Here’s my review if you haven’t seen it:
Ledger Flex Review: Suspiciously Good!
ruclips.net/video/xqtdxg4XEAo/видео.html
The private key recovery service is the subscription thats available on ledger live app?
@@eddie1683 Yes, it’s called Ledger Recover.
Hi Alex, it seemed to me that you are trying to justify ledger, there is no trust in ledger and it can not be returned, and they themselves say in the documentation that they can provide information at the request of governments, Alex reputation in front of subscribers is more important than cooperation
That is your opinion. They DO NOT have anything to give to the government that would compromise security of your device. Plain and simple. They have basic info like your name, email, address. Which if you’re being subpoenaed, trust me, the feds already have that info.
Do you believe it is still safe to use a nano s ledger to sign transactions and store private keys? because it has been discontinued and I believe it will no longer receive updates
I’m sure it’s fine. If it were me though, I’d upgrade to something else.
Is the Flex now your daily driver?
Tangem is the closest thing I have to a daily driver. But I use the Flex and Safe 5 fairly often too
Hi I’m new I have ledger flex so if full can add other or add buy more hold?
I don’t understand your question.
@@cyberscrilla well um I mean how much save money hold on ledger flex if full can add more or limit?
There’s no limit to the amount of crypto you can hold on a wallet-including Ledger
@@cyberscrilla oh really that nice thank you much 😊
How much should I store on a ledger?
As much as you want
Great info. Thank you
Glad it was helpful! Thanks for watching!
Ledger has already been hacked and all customer data from buyers in Ledger's online store was lost. The customers were then spammed and Ledger did not pay any compensation to the customers.
Ledger was not hacked. Their Shopify store was. This was not a Ledger security issue, but a Shopify issue.
@@cyberscrilla I'm not interested in that as a customer. In the end, it happened with Ledger!
i thought updating to latest firmware on ledger live was accepting shamir three shard recovery , did i get this wrong?
Not correct.
Only if you sign up for Ledger Recover subscription, create an account, verify id, enter your pin, and approve it on your device.
It’s not automatic. The user has to opt-in, approve it, and pay a monthly fee.
So much misinformation out there.
Im back to ledger, i was blind by FUD thats why i use many wallets now, my wallets for now is Tangem trezor and im waiting for Flex , Flex and tangem will be main wallets
I agree. I use ledger, tangem, and Keystore.
Yep! Same. Always good to have a variety of wallets on hand as well.
youre not a bitcoiner huh
What if you accidentally sign a transaction that activates that process and sends the 3 shards to another 3 locations that one person controls? I recall way back when this was first announced during the AMA’s they said that a user could create their own recover system and get the shards without using the system they made for it for “security” since they said sober people may want to do this but without using their providers and doing kyc. But what if a bad actor tricked you into doing it? I asked this back then and never got an answer.
Well the process is secret Shamir backup. Many wallets support Shamir backup.
But there is no way to accidentally send it to someone. You must go through the Ledger Recover process.
Create an account, ID verification, PIN entry, device approval. You don’t get to choose where it goes during the process.
And even if you could, again, the private key is encrypted, split into 3 shards, then sent through secure channels, so if someone say intercepted it, they wouldn’t be able to do anything with it because not only is it encrypted, but they’d only have one shard.
So this is not of concern. And it’s all verifiable via the open source code.
You literally have to go through an entire KYC process for the ledger recover subscription. You have to send all your documents, ID, and selfie. Then before it activated you have to sign the trans on your ledger. People take whatever BS they hear and run with it LOL
Good points, all backed by facts. But here's the thing: the Ledger's firmware now has added an unnecessary lock on it. Every lock is supposed to keep people out, but it also gives thieves something to pick at. Secure element is secure, but the ledger firwmare now is capable to export the private keys. Since other wallets cost the same, I'm not sure why I'd pick the Ledger.
I think you missed the point.
First, you agree the Secure Element is secure and all of this occurs within the secure element.
That said, the private key does not leave the device.
And Ledger Recover service cannot bypass wallet security.
This is how it works:
Your private key is split and encrypted inside the secure element (only at the user’s request and approval with physical access to the device).
(Look up secret Shamir sharing)
Therefore, the actual key is never exposed in full outside the hardware wallet.
Encrypted shards of the key are sent through a secure channel. These shards on their own are useless.
Only when they are recombined and decrypted inside your device can they be used to recover your wallet.
As to why you’d use ledger over another wallet just comes down to personal preference.
Besides security, usability is the next most important thing to me.
Not only is Ledger very user friendly, but it’s compatible on both desktop and mobile devices which is a plus.
And Ledger Live is very straightforward and useful.
Aside from that, I’m a nerd for the tech. Ledger has used a first of its kind screen which limits battery consumption and further enhances security.
So you get what you pay for. And to me, that’s worth it.
To you, maybe not. And that’s cool.
@@cyberscrilla ... about the models with the new screen, they are awesome, I call "Kindle screen"! Again, great video.
Slightly different than Kindle, but similar.
Why cant they exctract the keys in full?
The problem is that you can't expect a company that has leaked user information to protect your property
Ledger didn’t leak user info. It was Shopify.
I hope you were not recently paid by Ledger for your change of heart.
Nope. I’ve been a ledger affiliate since 2021. I stopped talking about them for over a year. I finally did the research and decided there’s no reason to not use/recommend ledger again.
Do your own research. Think for yourself. It’s all just noise till you get down to the facts.
With companies able to complete, what 16 Exahashes per second, and apparently quantum computing being around the corner, does something exist that protects our funds from a brute force attacks on private keys or seed phrases?
Yes, the secure element in most hardware wallets combined with your user-generated PIN protects the device from any kind of physical brute force attack.
@cyberscrilla That part I understand, I think. Any signatures for a transaction on a cold wallet must occur offline using the secure device and pin, which is then sent back to the network for processing. Right? My question, then is, even if i have a cold wallet, what would stop someone with strong computing power from going to any online site and attempting infinitely many times to import my seed phrase by guessing and create an online version of my wallet?
Randomness.
The likelihood of someone guessing a 24-word seed phrase is astronomically low.
A 24-word seed phrase, typically based on the BIP39 standard, has 2048 possible words to choose from for each position in the phrase.
The total number of possible combinations for a 24-word seed phrase is:
\[ 2048^{24} \]
This results in (a number with 77 digits) possible combinations.
To put this into perspective, the estimated number of atoms in the universe is about \( 10^{80} \).
In practical terms, it would take an incomprehensible amount of time and computing power to guess a 24-word seed phrase through brute force, making it virtually impossible to crack.
On top of that, if you create a pass phrase (your own 25th word), it’s would be basically impossible as this word/phrase is from your brain, not a pre-defined list of words.
@@cyberscrilla Perfect. Thanks for the help in understanding.
Do you have video on what people would do if Ledger goes out of business? How would a person recover their stored crypto?
No video necessary. You just take your seed phrase and import it into any brand hardware wallet.
Generally when you setup a hardware wallet it’ll give you a couple options: create a new wallet or import a wallet.
You select import then enter your seed phrase and you’re good to go.
Thanks! Food for thought :)
Thanks for watching!
Tangem wallets are also closed-source.
The secure element is closed source. Again, practically any wallet that uses an EAL-Certified must close source the chip.
I like my Ledger but i do have DCent as a back up
DCENT is a no go for me. It’s 100% closed source
Ledger haters be using iPhones than prey on Ledger for being closed source.
Can you do a video comparing tangem vs coinbase wallet
Maybe. But you realize that’s not even the same category of wallet.
Coinbase Wallet is a software (hot) wallet. It’s not recommended to store crypto on a hot wallet. Mainly for connecting to dapps and doing swaps.
Tangem is a cold wallet. Much more secure than a hot wallet like Coinbase wallet and optimal for longterm storage.
@@cyberscrilla yes thats what most people don't understand, so I think it will make a very good video
I still like ledger
Same, even though it took me a while to come back around to them
Ledger is one of the best wallet you can get!!!
Awesome 👍 Thanks 🙏
Thanks for watching!
good video
Glad you enjoyed it! Thanks for watching
Correct, ledger recover is NOT a backdoor. But that was never the trust issue.The trust was and is that from day 1 all of us were told, in written, by ledger "your private keys cannot leave and will the secure element" THIS is the issue, ledger recover or not, with my approval or without it, my private keys should never leave the secure element chip, even for backup or encrypted, or in shards. "Never leave means never leave"
This is where the misconception comes into play and where Ledger really messed up with their communication.
Your private key itself still doesn’t leave the secure element.
Instead, 3 encrypted shards are generated and sent out, which is a significant difference.
@@cyberscrilla yes your private key is still in the secure element. But a copy of it just left the device.
It’s not a copy of it. It’s 3 encrypted shards. You can’t do anything with a shard-especially a double encrypted shard.
Ever heard of Shamir backup or Shamir secret sharing? It’s like that.
Here’s more info:
www.ledger.com/academy/topics/security/shamirs-secret-sharing
I always question how really objective these reviews are if they’re giving promotional discounts to someone’s audience to generate more sales. Are you really going to criticize a product that’s indirectly paying you !? I can’t get past conflicts of interest with a lot of reviews. You’re essentially being paid to do damage control.
Not true. I stopped recommending ledger wallets for years, and I was an affiliate that entire time.
After doing my own research, I came to my own conclusion that their products are secure.
You believe whatever you want. But ask yourself-where are you getting your info?
Bozos on Twitter and Reddit that just repost misinformation all day?
At least I did my own in-depth research and talked to people at the company.
99% of people will never do that.
Ok. That answers my question and I respect the research you do . I was just curious, I wasn’t accusing you of anything. But I think it’s a fair question to ask since you have a large audience for these product reviews, I don’t feel it’s a far fetched or potential conflict of interest.
My only problem with Ledger is that they think we know what they know and we dont, meaning nobody else knows none the wiser about Ledger Recover, and so the best thing they could do now is separate the normal consumer firmware with a standalone Recover firmware, even if they were the same, people would be none the wiser but the trustworthy action is there.
Separating firmware would literally make no difference. It doesn’t even make sense to do. I get it, that’s what “the people” want. But it would change anything technically or security wise.
I think we got too many people crying Ledger is awful when it's really just fine.
Basically. Too much misinformation. It won’t stop
I think they should have created a new hardware wallet specifically for the seed backup feature.
This doesn’t even make sense. It wouldn’t make a difference. If you don’t opt-in and go through the setup process for Ledger Recover, it’s like it doesn’t even exist.
@@cyberscrilla why are you shilling for ledger now ? The community hated the feature and the way they announced it. They could have created a new product called ledger backup.
It is a new feature called Ledger Recover. And I already explained why I’m using Ledger again in this video.
NanoX & S are far from simple and no basic instructions as to navigating around the device.
Flex is simple. Explains everything as you set it up
Were you by any chance paid anything to do this spot on ledger? Just curious not accusing you.
If I’m ever paid to do a video you’ll know.
Sounds like paid promotion, unsubbed! 😢
Awesome. You falsely assumed it was paid. Congratulations.
😂CS is a real one!
👌🦾