XRP-JAG 2,043 Posted December 28, 2018 Ledgers reply: https://www.ledger.fr/2018/12/28/chaos-communication-congress-in-response-to-wallet-fails-presentation/ 3 6 Truckdriver, 7strings, RDS and 6 others reacted to this Share this post Link to post Share on other sites
King34Maine 1,666 Posted December 29, 2018 3 hours ago, zenkert said: Everything can be hacked. I agree, just give it time!! Share this post Link to post Share on other sites
NightJanitor 1,658 Posted December 29, 2018 9 hours ago, Dario_o said: They managed to successfully flash a custom firmware on the Ledger Nano S, in order to boot it without a PIN thus getting any kind of malicious transaction signed by the device. Share this post Link to post Share on other sites
Paradigm 1,303 Posted December 29, 2018 Ledger is scaring me lately. The link for the TRX wallet app on their site contained a virus/malware. I just got a response back from them today saying they took the link with the virus off of their website. Thankfully I did not proceed with the installation but others in the TRX community may not have been so fortunate. 1 7strings reacted to this Share this post Link to post Share on other sites
7strings 1,186 Posted December 29, 2018 (edited) 1 hour ago, Paulo said: Ledger is scaring me lately. The link for the TRX wallet app on their site contained a virus/malware. I just got a response back from them today saying they took the link with the virus off of their website. Thankfully I did not proceed with the installation but others in the TRX community may not have been so fortunate. After watching the whole demonstration and reading Ledger's answer @XRP-JAG posted above I think these vulnerabilities are luckily a non-issue in real-life situations. However your case also shows that Ledger's security standards could be much lower in reality than they claim. Edited December 29, 2018 by 7strings 1 1 Paradigm and BrownBear reacted to this Share this post Link to post Share on other sites
Paradigm 1,303 Posted December 29, 2018 3 minutes ago, 7strings said: After watching the whole demonstration and reading Ledger's answer @XRP-JAG posted above I think these vulnerabilities are luckily a non-issue in real-live situations. However your case also shows that Ledger's security standards could be much lower than they claim Hopefully these are non-issues, yes you are right. Now they are doing damage control. Here's a link to a reddit thread on the subject. I am surprised more people aren't talking about this. 1 7strings reacted to this Share this post Link to post Share on other sites
fiik 1,321 Posted December 29, 2018 so safu or fubar Share this post Link to post Share on other sites
retryW 3,332 Posted December 31, 2018 On 12/29/2018 at 6:54 AM, LordVetinari said: These are not script kiddes. If something can be hacked, it will be. I'm very glad to see these guys are shedding light on vulnerabilities. This was inevitable and is necessary. Not comforting but necessary. The thing is, it's never a case of "if", but "when" it will be hacked. I haven't watched the videos yet, but I'm gonna assume your funds on the Nano S are still currently "unhakable" provided it's sitting in your safe at home. Most hacks of well encrypted devices require direct and unrestricted access to said device. These people aren't going to be able to remotely break into your Nano and steal your funds. 1 7strings reacted to this Share this post Link to post Share on other sites
XRPto50dollars 11,775 Posted December 31, 2018 its still the wild west in cryptoland. someday these Nano S's and Trezor's will be obsolete paperweights sold on ebay for 50 cents. until then, investors can only chose what they believe is the safest option currently available. 2 Paradigm and at3n reacted to this Share this post Link to post Share on other sites
fluxw42 5 Posted December 31, 2018 So what I read between the lines from all this fuss: If you're using a hardware wallet such as the Nano S, don't become careless because your secret is reasonably safe: Only use your ledger on a trusted machine Don't leave your hardware unsupervised in someones hands Know what the hardware ledger can protect you against, but more important, know against which attacks it CANT protect. Consider if you really need a hardware wallet, if you want to use it as cold storage, there are better solutions IMHO An attacker doesn't need your secret to steal your stash, he needs a valid signature on a malicious transaction. Share this post Link to post Share on other sites
XRP-JAG 2,043 Posted December 31, 2018 6 hours ago, fluxw42 said: Consider if you really need a hardware wallet, if you want to use it as cold storage, there are better solutions IMHO What would you say is better? Share this post Link to post Share on other sites
fluxw42 5 Posted December 31, 2018 50 minutes ago, XRP-JAG said: What would you say is better? If you're not trading? One or more offline generated paper wallets, put them in a secure locker in a bank. That's way better than having a Ledger S recovery phrase laying around somewhere in your home (which is almost the equivalent of having your secret, even if you don't have access to the hardware ledger). Share this post Link to post Share on other sites
XRP-JAG 2,043 Posted December 31, 2018 1 hour ago, fluxw42 said: If you're not trading? One or more offline generated paper wallets, put them in a secure locker in a bank. That's way better than having a Ledger S recovery phrase laying around somewhere in your home (which is almost the equivalent of having your secret, even if you don't have access to the hardware ledger). Suppose you need to weight up the risks and costs. Looking maybe £250 per year for a bank locker. There still remains the risk of physical theft or destruction. Paper wallet does also mean you need to have your seed shown on the computer atleast twice. Nano and or seed words are vulnerable to physical theft at home... but currently your average house robber is not going to know what your list means. I’d be more concerned about house fire etc. Current best option really is most likely a hardware wallet, with seed words stored in multiple secure locations - preferably disguised too. But, then your assets disappear with your memory / demise... unless you then entrust other(s). You’ll know when we mainstream when your high street bank offers insured custody for crypto assists. Share this post Link to post Share on other sites
fluxw42 5 Posted December 31, 2018 5 minutes ago, XRP-JAG said: Looking maybe £250 per year for a bank locker. Wow that's expensive Definitely cheaper over here: I use a locker in a bank and it costs me 35€ a year, that's peanuts compared to what you could lose. Share this post Link to post Share on other sites
XRP-JAG 2,043 Posted December 31, 2018 19 minutes ago, fluxw42 said: Wow that's expensive Definitely cheaper over here: I use a locker in a bank and it costs me 35€ a year, that's peanuts compared to what you could lose. Maybe better price if shop around, but that was first price I found: https://www.metrobankonline.co.uk/safe-deposit-boxes/ Not quite sure what kind of level security that gets you, my local ‘Metro’ was just a shop on the high street... fairly confident that they’ll not have a huge movie style bank vault in there! Share this post Link to post Share on other sites
