Hardware wallet manufacturer Ledger is publishing a new firmware update. The update introduces a recovery feature that allows Ledger to back up seed phrases.

To use the new service users have to send a picture of a government-issued ID.


WTF are you doing Ledger?

Folks NEVER EVER let a 3rd party store your privat key. And don’t use a hardware wallet who offer such services.


908 sats \ 5 replies \ @sime 16 May

To me this looks like a hosted version of Shamir Secret Sharing. I get it that normies might find this comfortable.

But we as a community need to prioritise self sovereignty, and work hard on getting the message out there.

Spread your self soverign risk by using purpose built by tools like Shamir Secret Sharing.


Shamir Secret Sharing: "the secret cannot be revealed unless a quorum of the group acts together to pool their knowledge"

Guess what? The quorum does not include you.

Not only that, this is a KYC service that requires government-issued ID to use.

🚩 Upload your keys to a trusted third party. 🚩 Submit government identification.

This goes against everything the bitcoin community has spent years building.

Might as well save yourself some trouble and use a custodial software wallet.

This. Government ID KYC already excludes millions of people from banking, credit cards, Paypal and Western Union. If the state refuses to print ID for you, there is no way to pass KYC, even if you wanted to. Bitcoin is the only option for digital payments that doesn't require ID.

Right now it is an "optional" feature, but an "optional feature" may become mandatory in the future... In 2018, many exchanges had optional government ID KYC (to increase trading limits), until it suddenly became mandatory for everyone, which meant that users were locked out of their accounts and lost their funds. Shotgun KYC is theft.

deleted by author

You know what Bitcoin has that works more securely than shamir secret sharing? Multi-sig. But shamir gets shilled by shitcoiners because shitcoins don't know how to multi-sig lol

My experience with multisig is limited, but IMO SSS is easier than multisig.

They are under pressure from governments. The financial action task force, the supranational body that sets aml standards, has its sights on hardware wallets. This will be a slow step by step boil but they WILL be pressured into compliance

They are feds, end of story. These pricks putting bitcoin user data in dragnets fuck outta here

Yup, wasn’t ledger associated with FTX?

I think they were at least sponsored by FTX, but I'm not sure

480 sats \ 0 replies \ @Ada 16 May

Cofounder confirmed the device will transmit encrypted shards of your seed phrase and that it’s optional.

But what the fuck. Transmit my seed phrase ? Fuck you.

I can no longer trust Ledger as a cold wallet so why should I trust that the change is not going to become mandatory. Even if opting out, that implies the capability is still present. Fuck that.

Direct link to cofounder’s reddit comment :


Has this been verified? All I've seen are screenshots, but nothing on Ledger's website.

The co-founder was answering questions on Reddit: https://old.reddit.com/r/ledgerwallet/comments/13itm7u/is_there_a_backdoor_yes_or_no/jkbyyfp/

It seems legit.

Thanks for confirming. This is very disappointing.

This is concerning, if true, it can turn your hardware wallet even less secure than a regular software wallet.

Doesn't sound good at all.

118 sats \ 1 replies \ @phygit 16 May

Disturbing, if confirmed. But logical, as more and more companies are preparing to adapt to coming crypto-regulations, esp. MICA in Europe. Governments will force all crypto service providers (whether it's protocols, wallets or whatever) to KYC.

That's the sad thing about this world. Pretty sure that most citizens of the world praise their right to anonymity but most governments (supposed to represent the people) are against it.

There is always that airgapped old PC in the basement with open-source wallet software on it. Unless they ban Turing-completeness.

64 sats \ 0 replies \ @quark 16 May

I don't understand. This is totally not needed and against their own product. Late April's fool? Lol Their clients didn't ask for this. Also, how does this work? I hope it is not automatically read from the device and you have to manually tell them the words. Not safe in any case. anyway I wasn't going to use any of their products.

118 sats \ 0 replies \ @gunson 16 May

Doesn't make sense for a single key hardware wallet.

I can see it as a reasonable choice in a 2-of-3 set up where you could use your biometric to request use of the 3rd key only (as one option).

Very strange brand destroying stuff.

Finally ledger owners could use ledger as the only purpose was designed: as a neckless.

That's why I prefer metal plate...

Really disturbing. When I questioned Trezor during the AMA about blacklisting addresses, their answer included "you can opt out." I'm sure that's exactly what Ledger will say now. It's a slippery slope until both manufacturers make this mandatory. Time to move on.

30 sats \ 0 replies \ @pi 16 May

The majority of their customers, the crypto boys, will love the idea.

No one seems to remember anymore why Bitcoin was invented. 😔

Wtf is that Ledger and Trezor going full regulatory carnage, steps by steps, slowly and surely.

Seems like a government driven backdoor disguised as a Monthly Recurring Revenue money grab. Either way, suicide that may turn out to be case studies in business schools some day.

Ledger and Tezor following rules of State. Sad

Ya, give me your wallet, I will hold it for ya. Trust me bro! :-) They will kick themselves out of the market...

FWIW, we have NEVER recommended users purchase or use Ledger's as:

  1. They are full of shitcoins, "yields" etc
  2. The Ledger Live app is a PITA / impossible to connect up to your own Full Node, meaning your privacy and security is greatly reduced
  3. They got hacked and had their entire customer database leaked to criminals

And now this. This is stupid on SO many levels. They have to know this too, which means it's a toss up of why they're doing it. Either they're being forced to by govs OR they just want that sweet, sweet subscription action @ $10/m. Or maybe it's both.

We will continue to actively tell our readers to never use any Ledger device as this new "feature" is extremely bad. All Ledgers now have code written into them that allows software on the host device to exfiltrate the private keys. That means it's only a matter of time before criminals figure out how to hack it, which opens up the possibility of millions of Ledger users getting rugged. For shame Ledger.

What do you think, should we add Ledger to our Bitcoin Scams post lol https://www.athena-alpha.com/bitcoin-scams/

Yeah this is concerning.

You can't trust hardware wallets that support shitcoins. I would go a step further, don't trust any hardware wallet besides SeedSigner (DIY).

It might be time to dig out an old USB thumb drive and start rolling dice.

Build your own hardware. Verify everything. https://seedsigner.com/

been lambasting ledger for a minute now, glad to see people wising up.

When their company goes bankrupt, they can take all of their clients' bitcoins with them. This has happened many times with centralized corporations, don't trust them. Not your key,not your coin. Ledger just another form of FTX.

I really don't get why buying an expensive hardware wallet device and do full KYC to broadcast your seedphrase to a third party.

Success and money got Ledger founders all over their head, they do not care about its users self custody.

0 sats \ 0 replies \ @Ada 16 May

CoinKite just posted they are running a 24 hour promo on their ColdCard MK4 unit.

15% off Mk4 with promo "noKYCwSE"

Works on the coloured units as well.

Sweet sweet honeypot…

Maybe someone can check their open source code to see what this is all about. Oh, wait... never mind

Even if they transmit encrypted data you still need to type your seed on an online device. No thanks! Time to find another HW.