Are you still using a Ledger wallet? Make sure to sign up for our newsletter at cyberscrilla.com/newsletter to receive updates and special discount codes for Ledger wallet alternatives. Thank you all for watching!
Hey use a passpharse if you use a ledger ..it will provide extra layer of security...If its open source or close source...No hardware wallets are 100% safe...But it safe 1000% when we compare to hot wallets
4:03 any wallet manufacturer can technically update the firmware to extract our seed? So I'm not even safe with cold card? This is ridiculous, because back in 2020 I threw away 120 for the nano x, under the assumption is was a secure piece of hardware. Now in 2023, I had to throw away another 160 for a cold card, and even then I'm still not safe? What is the answer to this madness?
Technically, yes. It’s possible is my point. Just like any McDonald’s employee could spit in your food. Maybe a bad comparison, but the point is that there has to be some degree of trust. It’s very unlikely, because that would destroy a wallet manufacturer’s brand-as we got a glimpse of with the Ledger debacle. This is another reason why open source firmware is encouraged. That way people with a technical background can ensure there are no bugs or back doors.
I just got an NGrave wallet and I think it's the most secured cold storage wallet that I've found. Would love to see you review it. It's expensive but I think it's worth it!
Ngraves secret recovery phrase has an option that allows it to be altered. So much for random generated seed. The ability to alter it has been programmed into it. No thanks. Was considering ngrave till I realised the seed could be shuffled.
It’s the same for all wallets. It’s a very straight forward process. PLENTY of tutorials online. Just look. It’s really not hard, even if you aren’t tech savvy.. I transfer crypto to and from Tangem in this video to: ruclips.net/video/LdlmHR120e8/видео.htmlsi=IUq6Fgd9Unw2llyz
@@cyberscrillaTangem wallet stores the seed phrase in the chip and does not show it to anyone. Not even to the owners right? Does this mean that if you lose your Tangem wallet, there's no way to access your crypto? Even if you get another hardware wallet?
@captainjuice1851 it stores your private key on the chip in the card. The seed phrase is optional during setup. If you choose to use a seed phrase you can write it down to record it, thus allowing your to recover your wallet on any cold wallet, even if you lose all your cards
I use a LEDGER-NANA-S-PLUS and so far, like it. Cannot say I will ever 100% always TRUST any company, Exchange, hardware wallet, to completely always safe. I still think that those rare cases of 'my crypto was stolen off my Ledger cold wallet' are user error or misuse of their seed phrase, -something. But I am always open to the facts when/if they are ever revealed...
You’re right. When a cold wallet is “compromised” 99% of the time it’s user error. Mind (and others) grudge with Ledger is they lied to their customers about the firmware not being able to extract the private key (it can). Other than that, I still believe Ledger is a good wallet for most people. But I still prefer a completely open source option like Keystone. - Alex
So how exactly is my seed supposed to leave my device?...if I dont opt in then what?... ledger forces the seed out with an update..and what it just stores it in a database of seed phrases? That would literally be a gold mine. But they said that they break it up into 3 pieces and stored in 3 separate databases... how is a hacker supposed to hit up 3 different companies to grab databases and then compile them to match our specific seed phrase... Seems to me that even if...if...ledger took my seed then it would still be very unlikely someone would figure out my seed phrase.
You’re right. And that is Ledger’s point with this service. The main issue stems from the fact that Ledger previously told users the private key can NOT be extracted from the firmware. Now they are saying it can. This has led to a huge loss of trust in Ledger. And there is always the “what ifs”. What if someone with bad intent on the Ledger team decided to release a firmware update with the ability to extract users keys? We wouldn’t know because the firmware is closed source. Sure. It is unlikely. But people don’t trust Ledger enough to care at this point.
Ledger got hacked back in the day, now Ledger says they will hack you but only if you give permission. Couldn't they download an update that does without permission? I think I'll pass.
Yep. I’m not sure if they could do that because I’m not that technically inclined. However, I don’t think it’s impossible. The same could be said for any wallet manufacturer though.
@@cyberscrilla I think the devices are made to look for any update from the manufacturer. Technically you would have to accept the update, but how do you know what is in the update when you are only reading what they told you is in the update?
Hope I understood correctly, but technically speaking, if I get a ledger wallet and Don't opt in to the recover, it's "the same" as it was before they announced the feature? Making it "as safe" as it was before? Just curious as I've been thinking of getting a hardware wallet and had been recommended this one and it's a bit easier to get it where I live compared to other ones Thanks for the information!
You are correct. Now the concern is whether or not you trust Ledger. Previously, they said the firmware could not extract the private key. Now all of the sudden it can. So essentially they lied to their consumers. I’d opt for the Keystone Pro personally. - Alex
same here, i’ve been using both trezor and ledger for years and won’t be using recover, i don’t use dapps or anything other than storing my private keys and don’t connect to the ledgers frequently, if you’re hodling i don’t see it’s any different for me.
That’s what they say. The main issue is that Ledger already lied about not being able to extract the private key from your device. So the real question is: do you trust Ledger?
The recover service is in the firmware regardless. But you have to sign up for the service if you want to use it. It’s a paid subscription. The main issue is trust at this point. They lied about being able to extract the private key via the firmware
Very informative. But sir i have a question regarding tangem not its open source and stuff. But with tangem u always have to connect to the internet to withdraw your funds. What if the server of tangem is compromisedor hacked & u have to withdraw your funds what will you to in that case. Could you please explain it thank you❤️🙏🏻
Tangem does not rely on their own servers. The card relies on the blockchain networks to transact. And if the app were deleted from the App Store for example, it’s open source and available on GitHub for anyone to recreate. - Alex
The private key never leaves the Tangem card. The app creates a PSBT sends it to the card, the card signs the transaction and sends the signed transaction back to the app.
I have some questions 1: which hardware version will this be an option 2: If I don't update my hardware ( that means no more feature updates ), I'm still vulnerable to it 3: will they support the old hardware version forever, if not for how long some comment: I think it's a ridiculous answer to put everyone under the bus the problem isn't that you can opt in or out, the problem is that it's primarily an option, which is a major vulnerability begging to be hacked ledger your key never leaves your hardware is now a joke
This is all subject to change and somewhat subjective. 1: Ledger Recover is initially available on the Ledger Nano X. However, I’m sure all their devices will offer it eventually. As for the firmware version idk. It was available in the 2.2.1 version, which has since been eliminated. 2: If you don’t update the the firmware with the Ledger Recover option, then it simply won’t be an option on the device. 3: I don’t see how older firmware would be relevant forever, the updates also change how the usability and coins support, so eventually you’d probably have to update. (The only option I see is releasing two versions every time (one with the Ledger Revover, and one without) thus allowing the user to choose. Exactly, the issue is that Ledger did this PERIOD (and previously stated the firmware couldn’t do this) that’s why they lost trust of many consumers. - Alex
So, as I know, if you make a ,,firmware update,, nothing is happening. For the recovery program, you have to ,,subscribe,, and ,,register,, for it. With an simple firmware upgrade YOU DO NOT ACCEPT automatically and subscribe for the recovery program, dont compare these 2 things: upgrade / and subscribe (register) these are 2 difference things. Or maybe am I wrong?@@cyberscrilla
how do i verify the open source code for trezor is clean when i don't understand it. I am using ledger nano x with newest firmware. are there other options than trezor.
Well, you have to trust the millions of users who use the wallet. Open source means it’s community-based, and thus audited by the community. If there was an issue, you have to trust that someone from the community who can understand the code would make it public. Plus it’s been audited by independent security researchers.
Can someone explain to me please: Why is opensource safer? It's not like they could provide changed code, but use a backdoored code on their devices. You can't just check what your firmware has, right? So why does people want opensource? If i compile it myself, sure.. But most of them just share code but don't allow you to flash it to the device.
Open source = transparency The community can view the code and confirm there are no hidden backdoors. Sure, not everyone knows how to read the code, but many people can and do. Ultimately, open source creates more trust between the manufacturer and consumer. - Alex
@@optinihilis True, but that’s why users are able to confirm which firmware they’re running and download whichever version they prefer that’s available from the manufacturer.
Theoretically Ledger Recover isn’t on your firmware then. In fact it still hasn’t been released in the later firmwares at this point. But avoiding updating your firmware is more of a bandaid, especially if a future update is required for new features or to fix a vulnerability, etc. - Alex
Similar to the previous question... For now, if we've never updated the firmware. Using 2.51.0 Would this next statement/question be correct... if I don't touch the wallet anymore. Just leave what's on it on it. Can I hope for a fix to this sometime in the future? After that, then do the updates?? I'm not good at describing things in text. I hope you know what I mean, and not what I say. Anyways thank you very much and I appreciate you answering everybody's questions. Also I apologize for using talk to text. Thanks everybody
@@BenLipseyNE what fix are you hoping for? Ledger recover will be around in all future updates. So you’d literally have to keep the same firmware you have now for the foreseeable future. - Alex
@cyberscrilla I appreciate your response. Thinking my best bet will be leave The Ledger alone for now. Research a quality wallet and put anything new on that. After all of this, when it comes time, update the old Ledger and transfer the contents thanks again. 😊
@@BenLipseyNE That is what I lot of people are doing. Just a heads up, I have numerous cold wallet reviews on my channel. Just go to playlists and tap Hardware Wallet Review. Here’s my quick 2 cents: if you’re looking for an absolute vault: Keystone 3 Pro is awesome (but not as user friendly as ledger). If you want the most user friendly wallet on the market that’s still really secure, I’d go Tangem. But, I’m here if you have any questions. - Alex
What do you mean? I want to understand what you’re asking so I can better answer your question. If you’re still using a Ledger wallet and want to continue using it, the best thing to do is NOT subscribe to the recovery service. Otherwise, get a new wallet and transfer your funds to it. Maybe that answered your question? - Alex
It’s debatable. The real question is do YOU trust ledger after they essentially lied to their customers when they said a firmware update could NOT extract the wallet’s private key, and now it can. If ledger is your only option, I still think it’s better than a software wallet. But if you could choose another brand, I’d go with a wallet like Keystone or Ellipal. - Alex
@@cyberscrilla Thanks Alex for taking your time to respond. I am going to take a look into these wallets you mentioned. I was planning to get Trezor initially but found out that they do not support some of the coins I own.
@@tihanhaider9811 of course, I reviewed several wallets in this video: ruclips.net/video/SdnDiUuYDEg/видео.htmlsi=C7K74RgEzdxWa95L Let me know if you have any questions. I’m happy to help. - Alex
It’s hard to say with certainty since the firmware is closed source. According to Ledger, they can only access your private key IF the user subscribes to Ledger Recover and signs for it using the wallet. So now the question is: Do you trust Ledger?
I’d recommend Keystone, OneKey, or Tangem. I reviewed some great alternatives in this video: ruclips.net/video/WJOzS_etRfQ/видео.htmlsi=e9D529Wr9QVRLiS7 Let me know if you have any questions. - Alex
One very important detail you simply glossed over is the fact that each of the three pieces of the keys was first encrypted on the specific ledger, before being sent to the third parties. What is the chance, that a person who even gets hold of two of the pieces can decrypt the pieces? Seems very very unlikely. So your keys are not simply in the wild in three pieces. No they are encrypted, and can only be decrypted with the ID data of the actual owner as well.
That’s if you trust Ledger. The main issue is that Ledger previously said: “A firmware update cannot extract the private keys from the Secure Element.” Yet, here we are. So it’s really a matter of integrity. They lied to their customers. Until everything is completely open source, nothing is to be trusted in this space, everything should be verified.
@@cyberscrilla The MAIN ISSUE is THE ACTUAL SECURITY OF MY LEDGER DEVICE, yet everyone who has made a video about this issue, has given the impression, that your keys are simply in the wild, only separated into pieces that can easily be combined in the wild as well. Does the firmware, ALLOW you to use the service, YES, BUT if I do not opt in, then my ledger is no different than when I bought it. Furthermore, if I use the service, EACH PIECE IS ENCRYPTED, and TIED TO MY ID data--which by the way is ALSO ENCRYPTED. Its not as simple, as everyone makes it out to be.
@@treyfred3247 sure, but everything you said you’re simply taking Ledger’s word for. And they’ve shown that they can’t be trusted. There’s no way to verify what they say is true from a consumer standpoint because most of their products are still closed-source. I’m not completely against Ledger, I own their products. I just think they could have released this service in better, and more honest way.
@@cyberscrilla Ledger did not at all communicate well in this instance I agree, but the "crypto community" that first reported on this issue (and apparently months later) did NOT DO their DUE diligence either, and are still reporting "half truths" about how insecure the Ledger device is. Did you know, that in addition to your seed phrase, you can add another "pass phrase" to the seed phrase, and that the "pass phrase" dose not leave the ledger, even if you use the recovery service. Which means, you still have control over your crypto, even if you use the recovery service to store the "seed phrase?" Of course, that also means, that even if you use the recovery service for your "seed phrase" but lose your "pass phrase" your SOL anyway--and this would be true even if you don't use the recovery service.
Nothing has changed. Ledger Recover is still in the works. If Ledger is your only option, it’s still better than storing your assets in a crypto exchange or a software wallet. But I’d rather buy a Keystone or Ellipal wallet. Both are secure and affordable. - Alex
Updating the firmware now means your seed phrase becomes shareable... and you have to trust ledger that they will only share it if you subscribe. But technically it's already shareable before your subscribe. that's a major problem. They need to immediate make their software open source and remove this seed phrase sharing non-sense this seems to be a money grab/greed they are risking their whole business literally because of greed and maybe to leave an open door to rob you if the government comes after them
Ledger has recently made part of the software open source. “The OS version 2.2.2 open sources the dashboard, a piece of the OS containing a part of Ledger Recover provided by Coincover implementation, for technical review and verification. For more information please read the Ledger Recover white paper.”
2:33......BRUH that is insane LOL they can just take your crypto at anytime they say you have to authorize it but just imagine a pissed off employee lol that is crazy!
Ledger Recover is not compatible with the Nano S. Just the S Plus and Nano X. BUT, do you really want to use a wallet that collects your IP address and that literally created a backdoor for users that they have to pay for? Maybe look into a different brand. The SafePal X1 is a great alternative, secure, easy to use, and only $29 right now. Check out this video, I cover the X1 and a few other wallets: BEST Cold Wallets Under $100 | In-Depth Review ruclips.net/video/U9itg22afnQ/видео.htmlsi=zfIBZBchyOrhLoqU
The Nano S is affected as far as IP addresses are concerned. Ledger Live collects your IP. That’s why I’m saying throw ledger in the trash and go with something else.
@@cyberscrilla Thanks for your recommendation but is the wallet you're recommending (X1) as easy to use as my Ledger is? I'm not a "tech" person, so I don't want to have to do alot of studying inorder to make it work if you know what I mean.
If I were to buy another cold wallet, I wouldn't choose one that looks like a special device like the Keystone and/or has the name printed on it. The last thing you want is a device that screams that you have crypto assets. BitBox looks to me like a much more appealing option for storing BTC and ETH. If you are going to operate with shitcoins, sadly there's no other option than Ledger.
I don’t think it matters assuming you’re not sitting at Starbucks using your wallet in public. That said, there are plenty of options for shitcoins besides Ledger. Onekey and Tangem are both good options
@@cyberscrilla I.D varfication is like KYC. Even with I.D, you will no longer have full anonymity. Someone somewhere will have your I.D and that I.D could now be linked to you and the goverment could potentially request that info.
@@MrLeighman Of course, that’s the case with everything. Anytime you buy a hardware wallet online, they keep your personal data (name, address, email, etc). There’s no anonymity. Even if you walk into the store and buy one, they have you on camera and driving away. At the end of the day, the gov can request access to anyone’s wallet whether it’s a Ledger or not. My point is that the Ledger Recover service does not require KYC. It requires your id to verify you are who you say you are. Otherwise, anyone could request your key. To be clear, I never claimed that the service provides full anonymity or anything even close. Just that it’s not technically KYC.
Perhaps greed led their decision. Or they simply saw an opportunity that no one else had taken advantage of yet. Regardless, the way the introduced it wrecked them. It could have been executed way better imo
I like to know my private key. Bitfi does not allow you to know your private key/seed phrase. So you are stuck using their wallet making it impossible to recover if they go out of business for example. Whereas a seed phrase can be used on nearly any brand hardware wallet. That’s just my preference though. And idk what you mean by “government proof”. But none of the wallets I use are accessible by the gov.
@@cyberscrilla Bitfi wallet is designed to prevent seizure. If the wallet is seized by the government and taken to a lab nothing can be extracted. It's a private key generator. In order to open the wallet or send funds you have to type in a salt & password which is never stored on the device . If the company goes broke. They have a bitfi recover tool. You use this tool to recover your funds. I would say BC Vault would be the second most secure wallet on the market after bitfi. I do have Keystone 3 but it I'm very unhappy it has no desktop app.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user has to type in a salt & password. Nothing is ever stored on the device. If the wallet is seized and taken to a lab nothing can be extracted its impossible to seize funds on this device. If the company go broke they have a recovery tool to recover the funds.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user needs to type in a salt & password. If the wallet is seized and taken to a lab it impossible to seize the funds. Nothing is ever stored on the device. If the company go broke the have a recover tool which can be used to recover your coins.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user needs to type in a salt & password. If the wallet is seized and taken to a lab its impossible to seize the funds. Nothing is ever stored on the device. If the company goes broke they have a recover tool which can be used to recover your coins.
I just watched a video of a woman reporting that she had her ledger nano hacked. It looks like the new firmware update was the culprit. I am moving all my crypto off my ledgers and they can sit in my drawer forever, never to be used again.
It is HIGHLY unlikely that Ledger Recover was the culprit. It’s not even available at this time as the rollout has been put on hold. The more likely culprit is user error. Most hardware wallets are compromised due to the user clicking on a bad link and giving access to the scammer.
@@cyberscrilla thanks for the reply. Here's the link to the video, if you wanted to hear her story. The comments have a lot of answers from her to questions she didn't address in the video. ruclips.net/video/0kyHFdkjI7o/видео.html I'm glad it isn't the rollout of the new firmware. I was feeling sick after watching the video, especially after seeong yours recently too. I'm going for the Keystone Pro, regardless of anything Ledger does or says, so I appreciate the recommendation 👍
@@_Rustodian Thanks for sharing. It’s hard to say what happened without being able to view her wallet address to review it. But the whole story sounds very weird. Definitely not the result of Ledger Recover. Unfortunately, likely user-error (unknown malware installed on her computer or clicked a bad link at some point, or even purchased a compromised device from a third party). That said, I’m happy you’re going with the Keystone. I REALLY enjoy their wallets. Let me know if you have any questions about anything. - Alex
@@cyberscrilla Thank you, Alex. You have put my mind at ease whilst I procure the Keystone. I'm over in England, so it's a bit of a wait, but the postage and tax is free! Can't argue with that. All the best, mate. Lee
Great video with mindset and honest words! I do not trust ledger sadly anymore. Either they have pressure from goverments or they came to a point (like many companies face that) that their success came to a peak and they dont treat their customers needs in priority. They are ending up making mistakes, one behind the other...
I actually think their intentions with this was to appeal to more consumers. (It’s crazy to think if you lose your seed phrase you lose your entire portfolio). That said, their announcement and approach was completely off putting. Terrible execution. Lead to losing trust of many unfortunately… - Alex
@@cyberscrilla well actually it is a ledger issue. God knows how much they earn every day, and they cant afford to a simple notification warning people of the airdrop scam? I heard Rabby does this. They have many ways to see if some action you are doing is suspicious. I NEVER would have thought such scams would be able to get through ledger.
@@cyberscrilla also I saw on twitter in these days thay ledger is hard core tracking every move you make. I have totally lost trust in it and just bought a Trezor that I'll use with Rabby
I didn’t say I was an expert. However, I have tested and reviewed numerous hardware wallets both on this channel and on CyberScrilla.com. For this video, I researched Ledger Recovery and have been using my ledger wallet for nearly 3 years. Hope this helps if you have any doubts. - Alex
@@cyberscrilla Good question. I asked refund for my order after reading your comment. Atleast I will get refund from the second one because I already unboxed one. I'm just too scared to risk my life savings even though the risk would likely be slim to none💀
@@justanswer55 that’s fair. I know Keystone is still running their 20% off sale. It’s my go-to wallet for overall security. It’s just not as user friendly because it’s 100% airgapped and uses hot wallets to manage funds to remain decentralized. But it’s what I use to secure my largest portfolio. Here’s a review on that wallet if you’re interested: Keystone 3 Pro Review: Most Secure Cold Wallet? ruclips.net/video/sP6jZ9024Cc/видео.html
It’s partly due to their terrible rollout. I’d say many people are genuinely concerned that Ledger said that they could not extract private keys via firmware and now they can. It’s both a trust issue and and security concern.
@@cyberscrilla Agreed, although from my understanding, you have to consent to this feature in a manner that's similar to signing a transaction along with going through a KYC process of sorts.
@@DEM78976 Correct, it is set up so that the user must approve it via a device signature. And no KYC, just identification verification (less personal info than KYC process)
@@cyberscrilla still a 💩 product either way, although I highly doubt ledger is trying to steal anyone's seedphrases. I'm 99% certain that more wallet manufacturers will have similar offerings in the future depending on how all this shakes out for them. Great video!
@@DEM78976 Thank you! To your point, I think “seed phrases” will be phased out eventually. There has to be a better way to access our funds without having to worry about losing 24 randomly generated words. We’re still early.
I've not a clue. I can't imagine what I've clicked. I'm extremely careful. But never again will I use a nano. Lesson learnt! I have traced it to an exchange and emailed them this person has had over 4 million xrp. I can't understand how they don't see all the dodgy traffic in and then out its crazy. But I don't know how it all works on that side. Guess I'll have to start again. Any recommendations for a cold wallet, or I may just leave it on an exchange. £70 for nothing 😑
@@Tanya48b there’s really two ways a wallet is commonly hacked, and it’s almost always user error. You clicked on a phishing link (most likely) You have malware on you computer (also possible) That’s why you should have a dedicated wallet that’s only used to store crypto, you shouldn’t be transacting with it. And NEVER store crypto on an exchange, that’s just as dangerous. I recommend Keystone or Tangem wallet. And use it correctly. Here’s a video: ruclips.net/video/Dmy6XdKaf9Q/видео.htmlsi=YsbiAie6xIhuvXqg - Alex
@cyberscrilla your completely correct. I know what happened when I've thought about it. I put the ledger live on my pc, and my pin said it was incorrect. Then, I had to type my 24-word phase in that it must be the only possibility. I mean, I have anti-virus protection, but I guess that isn't enough. I spend a lot of time on RUclips, so maybe I've clicked a link there 😭. Still, tho was a lot of money for me. Thanks for the reply. I will watch your video and you now have a new follower 💕
True. But assuming the code is solid that won’t happen. Many wallet manufacturers use independent auditors before releasing the firmware to the public. Also, that’s why these companies offer bounties to find bugs in code. Ultimately, open source should equate to a more secure and transparent code. That’s why many prefer it over closed source.
@@cyberscrilla no manufacturers have open source chips as they don't manufacture the chip they use 3rd party partners who don't want their code open that's why ledger and others don't have open source it's because of the partnerships limitations not that they are hiding a back door. There is some level of trust in all we do in this life we trust the pilot has the flight experience we trust Netflix won't breach our credit card numbers we trust our social security number to our banks im no coder so i have to trust whomever may test the code because its open source......the same has to be true with hardware wallets trust is paramount at some level
That's not 100% accurate. Keystone Wallet is an example: "At Keystone, we have open-sourced the firmware of the Secure Element, hardware design (circuit diagram and BOM), hardware wallet application layer, and parts of the hardware wallet operating system layer. We have also released a third-party code audit report, which is the first-ever made public by a hardware wallet company." Of course we have to have some level of trust to your point. But certain wallet manufacturers we have to "trust" more than others. And I think the goal is to mitigate the required level of trust as much as possible and increase transparency.
Stay away from Air gapped wallets theres new league of hacking targeting air gapped wallets. 4 stage proccess through sreen shots bar codes etc. In easten Europe. They not all they jacked up to be.
Where did you see that? I’d like to read about it. I wouldn’t say “stay away from air gapped wallets”. An air-gapped wallet isn’t impossible to hack-BUT it is hard. Generally, a hacked hardware wallet is the result of a user-error. So take everything your read/hear with a grain of salt. - Alex
Ledger jumped the line imo. They should have conducted better market research beforehand. Even a Tweet sent out questioning if consumers wanted a recovery option would have been better than nothing.
Are you still using a Ledger wallet? Make sure to sign up for our newsletter at cyberscrilla.com/newsletter to receive updates and special discount codes for Ledger wallet alternatives. Thank you all for watching!
Hey use a passpharse if you use a ledger ..it will provide extra layer of security...If its open source or close source...No hardware wallets are 100% safe...But it safe 1000% when we compare to hot wallets
My ledger nano s was hacked and completely drained while offline. Unbelievable.
Finally an honest youtuber talking about ledger the way it needs to be talked! Great video! You won a new subscriber.
Wow, that means a lot. Thank you!
Same here. That's what RUclips needs, honesty!!!👍🏽
@@trustinginhim1698 I agree, that is my goal always. Thank you for watching!
- Alex
@@cyberscrillainsertname5421 is right. Ledger absolutely LIED! Nothing short of that.
4:03 any wallet manufacturer can technically update the firmware to extract our seed? So I'm not even safe with cold card? This is ridiculous, because back in 2020 I threw away 120 for the nano x, under the assumption is was a secure piece of hardware. Now in 2023, I had to throw away another 160 for a cold card, and even then I'm still not safe? What is the answer to this madness?
Technically, yes. It’s possible is my point. Just like any McDonald’s employee could spit in your food. Maybe a bad comparison, but the point is that there has to be some degree of trust.
It’s very unlikely, because that would destroy a wallet manufacturer’s brand-as we got a glimpse of with the Ledger debacle.
This is another reason why open source firmware is encouraged. That way people with a technical background can ensure there are no bugs or back doors.
@@cyberscrillaare you a fan of Trezor?
My ledger nano s was hacked and completely drained while offline. Unbelievable.
I just got an NGrave wallet and I think it's the most secured cold storage wallet that I've found. Would love to see you review it. It's expensive but I think it's worth it!
Awesome! I’ve heard great things. I hope to review Ngrave wallet in the future. Thank you for watching and for the suggestion 👍
Ngraves secret recovery phrase has an option that allows it to be altered. So much for random generated seed.
The ability to alter it has been programmed into it. No thanks. Was considering ngrave till I realised the seed could be shuffled.
I have dropped nano x and now very happy with Tangem wallet 1 and 2.
Happy to hear that! Seems to be the common theme with Tangem
Was transferring from one to another easy? Does Tangem have thorough direction for us less tech savvy ??
It’s the same for all wallets. It’s a very straight forward process. PLENTY of tutorials online. Just look. It’s really not hard, even if you aren’t tech savvy..
I transfer crypto to and from Tangem in this video to:
ruclips.net/video/LdlmHR120e8/видео.htmlsi=IUq6Fgd9Unw2llyz
@@cyberscrillaTangem wallet stores the seed phrase in the chip and does not show it to anyone. Not even to the owners right? Does this mean that if you lose your Tangem wallet, there's no way to access your crypto? Even if you get another hardware wallet?
@captainjuice1851 it stores your private key on the chip in the card. The seed phrase is optional during setup. If you choose to use a seed phrase you can write it down to record it, thus allowing your to recover your wallet on any cold wallet, even if you lose all your cards
Thanks for clearing this up, Hope you have a gn my dude🙌🏻
No problem! Thanks for watching Joey, enjoy your week 🤜🤛
I use a LEDGER-NANA-S-PLUS and so far, like it. Cannot say I will ever 100% always TRUST any company, Exchange, hardware wallet, to completely always safe. I still think that those rare cases of 'my crypto was stolen off my Ledger cold wallet' are user error or misuse of their seed phrase, -something. But I am always open to the facts when/if they are ever revealed...
You’re right. When a cold wallet is “compromised” 99% of the time it’s user error.
Mind (and others) grudge with Ledger is they lied to their customers about the firmware not being able to extract the private key (it can).
Other than that, I still believe Ledger is a good wallet for most people.
But I still prefer a completely open source option like Keystone.
- Alex
So how exactly is my seed supposed to leave my device?...if I dont opt in then what?... ledger forces the seed out with an update..and what it just stores it in a database of seed phrases? That would literally be a gold mine. But they said that they break it up into 3 pieces and stored in 3 separate databases... how is a hacker supposed to hit up 3 different companies to grab databases and then compile them to match our specific seed phrase...
Seems to me that even if...if...ledger took my seed then it would still be very unlikely someone would figure out my seed phrase.
You’re right. And that is Ledger’s point with this service.
The main issue stems from the fact that Ledger previously told users the private key can NOT be extracted from the firmware.
Now they are saying it can.
This has led to a huge loss of trust in Ledger.
And there is always the “what ifs”.
What if someone with bad intent on the Ledger team decided to release a firmware update with the ability to extract users keys?
We wouldn’t know because the firmware is closed source.
Sure. It is unlikely. But people don’t trust Ledger enough to care at this point.
Ledger got hacked back in the day, now Ledger says they will hack you but only if you give permission. Couldn't they download an update that does without permission? I think I'll pass.
Yep. I’m not sure if they could do that because I’m not that technically inclined. However, I don’t think it’s impossible.
The same could be said for any wallet manufacturer though.
@@cyberscrilla I think the devices are made to look for any update from the manufacturer. Technically you would have to accept the update, but how do you know what is in the update when you are only reading what they told you is in the update?
@@reocurringdream Yep, that is exactly why people prefer open source firmware.
Hope I understood correctly, but technically speaking, if I get a ledger wallet and Don't opt in to the recover, it's "the same" as it was before they announced the feature? Making it "as safe" as it was before? Just curious as I've been thinking of getting a hardware wallet and had been recommended this one and it's a bit easier to get it where I live compared to other ones
Thanks for the information!
You are correct. Now the concern is whether or not you trust Ledger.
Previously, they said the firmware could not extract the private key.
Now all of the sudden it can. So essentially they lied to their consumers.
I’d opt for the Keystone Pro personally.
- Alex
same here, i’ve been using both trezor and ledger for years and won’t be using recover, i don’t use dapps or anything other than storing my private keys and don’t connect to the ledgers frequently, if you’re hodling i don’t see it’s any different for me.
Aslong as I dont use the seed recovery subscription thing its fine?
That’s what they say.
The main issue is that Ledger already lied about not being able to extract the private key from your device.
So the real question is: do you trust Ledger?
hi there, thx for the video. question: can we still update to latest version of firmware without choosing the recover service?
The recover service is in the firmware regardless. But you have to sign up for the service if you want to use it. It’s a paid subscription.
The main issue is trust at this point. They lied about being able to extract the private key via the firmware
Very informative. But sir i have a question regarding tangem not its open source and stuff. But with tangem u always have to connect to the internet to withdraw your funds. What if the server of tangem is compromisedor hacked & u have to withdraw your funds what will you to in that case. Could you please explain it thank you❤️🙏🏻
Tangem does not rely on their own servers. The card relies on the blockchain networks to transact.
And if the app were deleted from the App Store for example, it’s open source and available on GitHub for anyone to recreate.
- Alex
The private key never leaves the Tangem card. The app creates a PSBT sends it to the card, the card signs the transaction and sends the signed transaction back to the app.
I have some questions
1: which hardware version will this be an option
2: If I don't update my hardware ( that means no more feature updates ), I'm still vulnerable to it
3: will they support the old hardware version forever, if not for how long
some comment:
I think it's a ridiculous answer to put everyone under the bus
the problem isn't that you can opt in or out, the problem is that it's primarily an option, which is a major vulnerability begging to be hacked
ledger your key never leaves your hardware is now a joke
This is all subject to change and somewhat subjective.
1: Ledger Recover is initially available on the Ledger Nano X. However, I’m sure all their devices will offer it eventually. As for the firmware version idk. It was available in the 2.2.1 version, which has since been eliminated.
2: If you don’t update the the firmware with the Ledger Recover option, then it simply won’t be an option on the device.
3: I don’t see how older firmware would be relevant forever, the updates also change how the usability and coins support, so eventually you’d probably have to update.
(The only option I see is releasing two versions every time (one with the Ledger Revover, and one without) thus allowing the user to choose.
Exactly, the issue is that Ledger did this PERIOD (and previously stated the firmware couldn’t do this) that’s why they lost trust of many consumers.
- Alex
So, as I know, if you make a ,,firmware update,, nothing is happening. For the recovery program, you have to ,,subscribe,, and ,,register,, for it. With an simple firmware upgrade YOU DO NOT ACCEPT automatically and subscribe for the recovery program, dont compare these 2 things: upgrade / and subscribe (register) these are 2 difference things. Or maybe am I wrong?@@cyberscrilla
how do i verify the open source code for trezor is clean when i don't understand it. I am using ledger nano x with newest firmware. are there other options than trezor.
Well, you have to trust the millions of users who use the wallet.
Open source means it’s community-based, and thus audited by the community.
If there was an issue, you have to trust that someone from the community who can understand the code would make it public. Plus it’s been audited by independent security researchers.
@@cyberscrilla ok thanks
Can someone explain to me please: Why is opensource safer? It's not like they could provide changed code, but use a backdoored code on their devices. You can't just check what your firmware has, right? So why does people want opensource? If i compile it myself, sure.. But most of them just share code but don't allow you to flash it to the device.
Open source = transparency
The community can view the code and confirm there are no hidden backdoors. Sure, not everyone knows how to read the code, but many people can and do.
Ultimately, open source creates more trust between the manufacturer and consumer.
- Alex
@@cyberscrilla thanks Alex, but being open sourced doesn’t mean its the same code on device.
@@optinihilis True, but that’s why users are able to confirm which firmware they’re running and download whichever version they prefer that’s available from the manufacturer.
Whats up with the demonic upside down crucifix on the Keystone Pro wallet?
On the Keystone Pro?? I’m not sure what you’re referring to
What if I'm still using version 2.60.0 and I have never updated my Ledger to the newer updates?
Theoretically Ledger Recover isn’t on your firmware then. In fact it still hasn’t been released in the later firmwares at this point.
But avoiding updating your firmware is more of a bandaid, especially if a future update is required for new features or to fix a vulnerability, etc.
- Alex
Similar to the previous question...
For now, if we've never updated the firmware. Using 2.51.0
Would this next statement/question be correct... if I don't touch the wallet anymore. Just leave what's on it on it. Can I hope for a fix to this sometime in the future? After that, then do the updates??
I'm not good at describing things in text. I hope you know what I mean, and not what I say. Anyways thank you very much and I appreciate you answering everybody's questions.
Also I apologize for using talk to text. Thanks everybody
@@BenLipseyNE what fix are you hoping for? Ledger recover will be around in all future updates.
So you’d literally have to keep the same firmware you have now for the foreseeable future.
- Alex
@cyberscrilla I appreciate your response. Thinking my best bet will be leave The Ledger alone for now. Research a quality wallet and put anything new on that.
After all of this, when it comes time, update the old Ledger and transfer the contents thanks again. 😊
@@BenLipseyNE That is what I lot of people are doing. Just a heads up, I have numerous cold wallet reviews on my channel.
Just go to playlists and tap Hardware Wallet Review.
Here’s my quick 2 cents: if you’re looking for an absolute vault: Keystone 3 Pro is awesome (but not as user friendly as ledger).
If you want the most user friendly wallet on the market that’s still really secure, I’d go Tangem.
But, I’m here if you have any questions.
- Alex
So if you keep your keys private & for the time being offline is that safer pls?
What do you mean? I want to understand what you’re asking so I can better answer your question.
If you’re still using a Ledger wallet and want to continue using it, the best thing to do is NOT subscribe to the recovery service.
Otherwise, get a new wallet and transfer your funds to it.
Maybe that answered your question?
- Alex
@@cyberscrilla Thanks yeah that covers it....I was in a bit of a rush when I was forming the question. Thanks for answering 🙂
No worries. Just want to make sure I could give you a clear answer. Thank you for watching!
Hi, since Ledger Recover is optional, it should still be safe using Ledger if I do not opt-in for their Ledger Recover program, isn't it?
It’s debatable. The real question is do YOU trust ledger after they essentially lied to their customers when they said a firmware update could NOT extract the wallet’s private key, and now it can.
If ledger is your only option, I still think it’s better than a software wallet.
But if you could choose another brand, I’d go with a wallet like Keystone or Ellipal.
- Alex
@@cyberscrilla Thanks Alex for taking your time to respond. I am going to take a look into these wallets you mentioned. I was planning to get Trezor initially but found out that they do not support some of the coins I own.
@@tihanhaider9811 of course, I reviewed several wallets in this video: ruclips.net/video/SdnDiUuYDEg/видео.htmlsi=C7K74RgEzdxWa95L
Let me know if you have any questions. I’m happy to help.
- Alex
@@cyberscrilla I'll check. Thanks again.
Is Trezor any good?
So if i dont use this service of them they cant acces my funds at all? Or is just i update the firmware and everything can be gone tommorow
It’s hard to say with certainty since the firmware is closed source.
According to Ledger, they can only access your private key IF the user subscribes to Ledger Recover and signs for it using the wallet.
So now the question is: Do you trust Ledger?
@@cyberscrilla Definitely not
Good 👍 Can I transfer the funds from Ledger to Tangem without upgrading the firmware of Ledger NanoX? Thanks in advance 🙏
I believe so, yes!
@@cyberscrilla you become my favorite adviser 👍 👏 Thanks again 🙏
@@MrLuba6a 🙏
Which hard wallet to use other than ledger nano x? Don’t want to use nano x no more
I’d recommend Keystone, OneKey, or Tangem. I reviewed some great alternatives in this video: ruclips.net/video/WJOzS_etRfQ/видео.htmlsi=e9D529Wr9QVRLiS7
Let me know if you have any questions.
- Alex
One very important detail you simply glossed over is the fact that each of the three pieces of the keys was first encrypted on the specific ledger, before being sent to the third parties. What is the chance, that a person who even gets hold of two of the pieces can decrypt the pieces? Seems very very unlikely. So your keys are not simply in the wild in three pieces. No they are encrypted, and can only be decrypted with the ID data of the actual owner as well.
That’s if you trust Ledger.
The main issue is that Ledger previously said: “A firmware update cannot extract the private keys from the Secure Element.”
Yet, here we are. So it’s really a matter of integrity. They lied to their customers.
Until everything is completely open source, nothing is to be trusted in this space, everything should be verified.
@@cyberscrilla The MAIN ISSUE is THE ACTUAL SECURITY OF MY LEDGER DEVICE, yet everyone who has made a video about this issue, has given the impression, that your keys are simply in the wild, only separated into pieces that can easily be combined in the wild as well. Does the firmware, ALLOW you to use the service, YES, BUT if I do not opt in, then my ledger is no different than when I bought it. Furthermore, if I use the service, EACH PIECE IS ENCRYPTED, and TIED TO MY ID data--which by the way is ALSO ENCRYPTED. Its not as simple, as everyone makes it out to be.
@@treyfred3247 sure, but everything you said you’re simply taking Ledger’s word for. And they’ve shown that they can’t be trusted.
There’s no way to verify what they say is true from a consumer standpoint because most of their products are still closed-source.
I’m not completely against Ledger, I own their products. I just think they could have released this service in better, and more honest way.
@@cyberscrilla Ledger did not at all communicate well in this instance I agree, but the "crypto community" that first reported on this issue (and apparently months later) did NOT DO their DUE diligence either, and are still reporting "half truths" about how insecure the Ledger device is. Did you know, that in addition to your seed phrase, you can add another "pass phrase" to the seed phrase, and that the "pass phrase" dose not leave the ledger, even if you use the recovery service. Which means, you still have control over your crypto, even if you use the recovery service to store the "seed phrase?" Of course, that also means, that even if you use the recovery service for your "seed phrase" but lose your "pass phrase" your SOL anyway--and this would be true even if you don't use the recovery service.
Hay, I was going to buy this wallet, must I do this, I know the video is about 1 month old, how has things changed?
Nothing has changed. Ledger Recover is still in the works. If Ledger is your only option, it’s still better than storing your assets in a crypto exchange or a software wallet.
But I’d rather buy a Keystone or Ellipal wallet. Both are secure and affordable.
- Alex
Updating the firmware now means your seed phrase becomes shareable... and you have to trust ledger that they will only share it if you subscribe.
But technically it's already shareable before your subscribe.
that's a major problem.
They need to immediate make their software open source
and remove this seed phrase sharing non-sense
this seems to be a money grab/greed
they are risking their whole business literally because of greed
and maybe to leave an open door to rob you if the government comes after them
Ledger has recently made part of the software open source.
“The OS version 2.2.2 open sources the dashboard, a piece of the OS containing a part of Ledger Recover provided by Coincover implementation, for technical review and verification. For more information please read the Ledger Recover white paper.”
2:33......BRUH that is insane LOL they can just take your crypto at anytime they say you have to authorize it but just imagine a pissed off employee lol that is crazy!
Well, according to Ledger it’s encrypted first, then sent to 3 separate entities. But who actually knows.
Is this update for Ledger Nano X only.....not for the S version? I have an S (not even S+) so is mine still safe from this update?
Ledger Recover is not compatible with the Nano S.
Just the S Plus and Nano X.
BUT, do you really want to use a wallet that collects your IP address and that literally created a backdoor for users that they have to pay for?
Maybe look into a different brand. The SafePal X1 is a great alternative, secure, easy to use, and only $29 right now.
Check out this video, I cover the X1 and a few other wallets:
BEST Cold Wallets Under $100 | In-Depth Review
ruclips.net/video/U9itg22afnQ/видео.htmlsi=zfIBZBchyOrhLoqU
@@cyberscrilla THANKS for your quick reply and no I do not want my info sent out to anyone. I'll just keep my Nano S for now. ;-)
The Nano S is affected as far as IP addresses are concerned. Ledger Live collects your IP.
That’s why I’m saying throw ledger in the trash and go with something else.
@@cyberscrilla Thanks for your recommendation but is the wallet you're recommending (X1) as easy to use as my Ledger is?
I'm not a "tech" person, so I don't want to have to do alot of studying inorder to make it work if you know what I mean.
Yes, just as easy if not easier than Ledger.
If I were to buy another cold wallet, I wouldn't choose one that looks like a special device like the Keystone and/or has the name printed on it. The last thing you want is a device that screams that you have crypto assets. BitBox looks to me like a much more appealing option for storing BTC and ETH.
If you are going to operate with shitcoins, sadly there's no other option than Ledger.
I don’t think it matters assuming you’re not sitting at Starbucks using your wallet in public.
That said, there are plenty of options for shitcoins besides Ledger. Onekey and Tangem are both good options
And what about tangem firmware update sir ?
There is no firmware updates for the Tangem wallet. You only need to update the app.
Thanks for the video. After this ledger never my option
Thanks for watching! Yes, i don’t recommend Ledger anymore. But some people still love their products.
is nano s+ safer than nano x ?
No. Ledger Recover will eventually be available for all ledger devices
even nano s ? @@cyberscrilla
I'd use ledger only with multisig
Even then, you still have to trust that Ledger doesn't have access to your private key
You said it it wasn't KYC but you just described KYC. lol
No, Ledger Recover requires ID verification. KYC typically involves more than that.
@@cyberscrilla I went over the video like you said and missed where you were describing KYC and put it all together. Sorry about that.
@@tkdolphin No worries, thank you for watching and taking time to leave a comment 🤙
@@cyberscrilla I.D varfication is like KYC. Even with I.D, you will no longer have full anonymity. Someone somewhere will have your I.D and that I.D could now be linked to you and the goverment could potentially request that info.
@@MrLeighman Of course, that’s the case with everything.
Anytime you buy a hardware wallet online, they keep your personal data (name, address, email, etc). There’s no anonymity.
Even if you walk into the store and buy one, they have you on camera and driving away.
At the end of the day, the gov can request access to anyone’s wallet whether it’s a Ledger or not.
My point is that the Ledger Recover service does not require KYC. It requires your id to verify you are who you say you are. Otherwise, anyone could request your key.
To be clear, I never claimed that the service provides full anonymity or anything even close. Just that it’s not technically KYC.
Their intention was good... Or a good lie that can sell ?
Perhaps greed led their decision.
Or they simply saw an opportunity that no one else had taken advantage of yet.
Regardless, the way the introduced it wrecked them. It could have been executed way better imo
Mannnnn, they messed up big time! Used to be #1 . Now they are # none 😂
YEP. One bad announcement and it can greatly affect a brand. Especially in the crypto space…
Come on mann government isue id car as all biometric and interlinked with other id. In short it hass all the details of the person
Kedger is safe
To some extent. But there are safer options on the market.
Ledger is perfectly safe… provided you keep it in the bin and never put your crypto on it.
😂
I use bitfi wallet it has no seed stored on the device and is the only 100% government proof wallet.
I like to know my private key. Bitfi does not allow you to know your private key/seed phrase.
So you are stuck using their wallet making it impossible to recover if they go out of business for example.
Whereas a seed phrase can be used on nearly any brand hardware wallet.
That’s just my preference though.
And idk what you mean by “government proof”. But none of the wallets I use are accessible by the gov.
@@cyberscrilla Bitfi wallet is designed to prevent seizure. If the wallet is seized by the government and taken to a lab nothing can be extracted. It's a private key generator. In order to open the wallet or send funds you have to type in a salt & password which is never stored on the device . If the company goes broke. They have a bitfi recover tool. You use this tool to recover your funds. I would say BC Vault would be the second most secure wallet on the market after bitfi. I do have Keystone 3 but it I'm very unhappy it has no desktop app.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user has to type in a salt & password. Nothing is ever stored on the device. If the wallet is seized and taken to a lab nothing can be extracted its impossible to seize funds on this device. If the company go broke they have a recovery tool to recover the funds.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user needs to type in a salt & password. If the wallet is seized and taken to a lab it impossible to seize the funds. Nothing is ever stored on the device. If the company go broke the have a recover tool which can be used to recover your coins.
@@cyberscrilla Bitfi is a private key generator in order to open the wallet or send funds the user needs to type in a salt & password. If the wallet is seized and taken to a lab its impossible to seize the funds. Nothing is ever stored on the device. If the company goes broke they have a recover tool which can be used to recover your coins.
In the bin and never to be used again no thanks
That’s fair. What wallet are you using now?
Amen
@@cyberscrillaeveryone is trying to figure that out. Maybe with Trezor 3 might be a better solution.
Yep.
Second hand laptop for $100, rip out the network card, Linux and air gapped wallet backed up on steel.
I just watched a video of a woman reporting that she had her ledger nano hacked.
It looks like the new firmware update was the culprit.
I am moving all my crypto off my ledgers and they can sit in my drawer forever, never to be used again.
It is HIGHLY unlikely that Ledger Recover was the culprit. It’s not even available at this time as the rollout has been put on hold.
The more likely culprit is user error.
Most hardware wallets are compromised due to the user clicking on a bad link and giving access to the scammer.
@@cyberscrilla thanks for the reply.
Here's the link to the video, if you wanted to hear her story. The comments have a lot of answers from her to questions she didn't address in the video.
ruclips.net/video/0kyHFdkjI7o/видео.html
I'm glad it isn't the rollout of the new firmware. I was feeling sick after watching the video, especially after seeong yours recently too.
I'm going for the Keystone Pro, regardless of anything Ledger does or says, so I appreciate the recommendation 👍
@@_Rustodian Thanks for sharing. It’s hard to say what happened without being able to view her wallet address to review it.
But the whole story sounds very weird. Definitely not the result of Ledger Recover.
Unfortunately, likely user-error (unknown malware installed on her computer or clicked a bad link at some point, or even purchased a compromised device from a third party).
That said, I’m happy you’re going with the Keystone. I REALLY enjoy their wallets. Let me know if you have any questions about anything.
- Alex
@@cyberscrilla Thank you, Alex.
You have put my mind at ease whilst I procure the Keystone.
I'm over in England, so it's a bit of a wait, but the postage and tax is free! Can't argue with that.
All the best, mate.
Lee
@@_Rustodian I am happy to help Lee. Free postage and tax free sounds like a dream come true!
Great video with mindset and honest words! I do not trust ledger sadly anymore. Either they have pressure from goverments or they came to a point (like many companies face that) that their success came to a peak and they dont treat their customers needs in priority. They are ending up making mistakes, one behind the other...
I actually think their intentions with this was to appeal to more consumers. (It’s crazy to think if you lose your seed phrase you lose your entire portfolio).
That said, their announcement and approach was completely off putting.
Terrible execution. Lead to losing trust of many unfortunately…
- Alex
I just had 240 of my precious link stolen from Ledger.. I am leaving
I’m sorry that happened. However, it’s likely not a Ledger issue but a user error.
@@cyberscrilla well actually it is a ledger issue. God knows how much they earn every day, and they cant afford to a simple notification warning people of the airdrop scam? I heard Rabby does this. They have many ways to see if some action you are doing is suspicious. I NEVER would have thought such scams would be able to get through ledger.
@@cyberscrilla also I saw on twitter in these days thay ledger is hard core tracking every move you make. I have totally lost trust in it and just bought a Trezor that I'll use with Rabby
What makes you an expert?
I didn’t say I was an expert.
However, I have tested and reviewed numerous hardware wallets both on this channel and on CyberScrilla.com.
For this video, I researched Ledger Recovery and have been using my ledger wallet for nearly 3 years.
Hope this helps if you have any doubts.
- Alex
@@cyberscrilla Fair enough! Appreciate your professionalism!
@@humphschriek1637 Of course, thank you for watching!
Just got 2 ledger wallets and then I figured out this lol.
Are you going to return them or use them you think? 🤔
@@cyberscrilla Good question. I asked refund for my order after reading your comment. Atleast I will get refund from the second one because I already unboxed one. I'm just too scared to risk my life savings even though the risk would likely be slim to none💀
@@justanswer55 that’s fair. I know Keystone is still running their 20% off sale. It’s my go-to wallet for overall security. It’s just not as user friendly because it’s 100% airgapped and uses hot wallets to manage funds to remain decentralized.
But it’s what I use to secure my largest portfolio.
Here’s a review on that wallet if you’re interested:
Keystone 3 Pro Review: Most Secure Cold Wallet?
ruclips.net/video/sP6jZ9024Cc/видео.html
solution: just MAKE IT A NEW MODEL OR BRANCH: "LEDGER RECOVERY GOTCHA COVERED" MAKE IT SEPARETE.
They touched on this. It doesn’t sound like something ledger is interested in doing.
But things can change.
Can not believe that anyone is going to pay $10 per month for the privilege of having their private keys confiscated by their government
That's my thought too
Too much FUD behind Recovery and it all has to do with their delivery of the rollout
It’s partly due to their terrible rollout. I’d say many people are genuinely concerned that Ledger said that they could not extract private keys via firmware and now they can.
It’s both a trust issue and and security concern.
@@cyberscrilla Agreed, although from my understanding, you have to consent to this feature in a manner that's similar to signing a transaction along with going through a KYC process of sorts.
@@DEM78976 Correct, it is set up so that the user must approve it via a device signature. And no KYC, just identification verification (less personal info than KYC process)
@@cyberscrilla still a 💩 product either way, although I highly doubt ledger is trying to steal anyone's seedphrases. I'm 99% certain that more wallet manufacturers will have similar offerings in the future depending on how all this shakes out for them.
Great video!
@@DEM78976 Thank you! To your point, I think “seed phrases” will be phased out eventually.
There has to be a better way to access our funds without having to worry about losing 24 randomly generated words. We’re still early.
Ive been hacked lost everything
How did that happen? 99% of the time it’s due to a phishing link you clicked on at some point.
I've not a clue. I can't imagine what I've clicked. I'm extremely careful. But never again will I use a nano. Lesson learnt! I have traced it to an exchange and emailed them this person has had over 4 million xrp. I can't understand how they don't see all the dodgy traffic in and then out its crazy. But I don't know how it all works on that side. Guess I'll have to start again. Any recommendations for a cold wallet, or I may just leave it on an exchange. £70 for nothing 😑
@@Tanya48b there’s really two ways a wallet is commonly hacked, and it’s almost always user error.
You clicked on a phishing link (most likely)
You have malware on you computer (also possible)
That’s why you should have a dedicated wallet that’s only used to store crypto, you shouldn’t be transacting with it.
And NEVER store crypto on an exchange, that’s just as dangerous.
I recommend Keystone or Tangem wallet. And use it correctly.
Here’s a video:
ruclips.net/video/Dmy6XdKaf9Q/видео.htmlsi=YsbiAie6xIhuvXqg
- Alex
@cyberscrilla your completely correct. I know what happened when I've thought about it. I put the ledger live on my pc, and my pin said it was incorrect. Then, I had to type my 24-word phase in that it must be the only possibility. I mean, I have anti-virus protection, but I guess that isn't enough. I spend a lot of time on RUclips, so maybe I've clicked a link there 😭. Still, tho was a lot of money for me. Thanks for the reply. I will watch your video and you now have a new follower 💕
@@Tanya48b You’re welcome. I’m sorry that happened to you. Stay safe and lmk if you have any questions.
- Alex
imagine people who lose their keys.
It could happen to anyone. Would definitely suck
They wouldnt complain about the recovery:)@@cyberscrilla
Open source only means hackers can see code and try to crack it. Use a 25th passphrase and keep it moving
True. But assuming the code is solid that won’t happen. Many wallet manufacturers use independent auditors before releasing the firmware to the public.
Also, that’s why these companies offer bounties to find bugs in code.
Ultimately, open source should equate to a more secure and transparent code.
That’s why many prefer it over closed source.
@@cyberscrilla no manufacturers have open source chips as they don't manufacture the chip they use 3rd party partners who don't want their code open that's why ledger and others don't have open source it's because of the partnerships limitations not that they are hiding a back door. There is some level of trust in all we do in this life we trust the pilot has the flight experience we trust Netflix won't breach our credit card numbers we trust our social security number to our banks im no coder so i have to trust whomever may test the code because its open source......the same has to be true with hardware wallets trust is paramount at some level
That's not 100% accurate. Keystone Wallet is an example:
"At Keystone, we have open-sourced the firmware of the Secure Element, hardware design (circuit diagram and BOM), hardware wallet application layer, and parts of the hardware wallet operating system layer. We have also released a third-party code audit report, which is the first-ever made public by a hardware wallet company."
Of course we have to have some level of trust to your point. But certain wallet manufacturers we have to "trust" more than others. And I think the goal is to mitigate the required level of trust as much as possible and increase transparency.
Stay away from Air gapped wallets theres new league of hacking targeting air gapped wallets. 4 stage proccess through sreen shots bar codes etc. In easten Europe. They not all they jacked up to be.
Where did you see that? I’d like to read about it.
I wouldn’t say “stay away from air gapped wallets”.
An air-gapped wallet isn’t impossible to hack-BUT it is hard.
Generally, a hacked hardware wallet is the result of a user-error. So take everything your read/hear with a grain of salt.
- Alex
Ledger doing the biden build back better
Wallet version 😅
Pretty much lol
TRUST IS GONE
Why’d Ledger have to do us all dirty like that 😩
Terrible.. just terrible!!!
Ledger jumped the line imo. They should have conducted better market research beforehand.
Even a Tweet sent out questioning if consumers wanted a recovery option would have been better than nothing.
Im very happy with my swiss made BitBox02 Bitcoin only
BitBox huh? I’ll have to try it out soon.