PSA: Ledger Wallets Not Secure
Other urls found in this thread:
ether.direct
twitter.com
> bitcoin.com
> roger ver
>glorified usb stick
trezor again on top. superior security. superior locking mechanism.
>not using an airgapped pc and communicating through qr codes
whoops! we stored your seed on memory in plaintext
ether.direct
>Check that send address on nano s display matches in app address
>That was hard
Also who is dumb enough to download malware onto their computer
>malware can change the address that is sent to the device for signing
no shit, this can happen to any wallet. thats why you verify the address on-device
>roger-ver.com
No thank you.
this is why i keep all my coins on yobit. most secure exchange out there
already fixed
>not buying a trezor
>exploit fixed in under 2 weeks
>attackers would have needed access to the physical device
>look at the actual transaction you're signing
No fucking shit, morons. How has this not occurred to you people before?
This is not a vulnerability with the wallet itself, it's just a fact of the tech. Always look at the transaction you're signing, don't just do it blindly.
Fuck out of here.
ledger fags can get fucked remotely. a feature not a bug.
It affects trezor too, you dunce. As said it affects all wallets. This malware has been around for a while, this is not new. Always double check the address when sending any funds.
>plug in USB drive
>open jpg of a screenshot of a secret key
>fill tooth bear plane
>type one character randomly at a time until secret key is complete, use mouse to randomize cursor placement
>f o a p
>fl oh ar pl
>fll oth bar pln
>fill ooth bear plan
>fill tooth bear plane
>keyloggers can't intercept your brain entropy
>more secure than ledger/trezor/etc
>buy usb key
>download veracrypt
>format and encrypt usb key using SHA-512
>save passwords, keys, seeds and offline wallets on encrypted partition
>create redundant backups
The above costs the price of the usb and is infinitely more secure than a ledger
some keyloggers can relay mouse cursor movement points so this isn't necessarily as safe as you think it would just take a little effort to work out, but the hacker would have all required data
stupid thread, the ledger can't detect if a virus is running on your PC that's up to you, swapping the receiving address with the attacker's is something that can be done on literally any wallet software or otherwise
>tfw you keep each coin daemon in its own Qubes Whonix VM with no other software installed
have fun getting pwned by malware on your insecure-by-design OS, Winbabbys
besides the extremes at either end of a spectrum, the ability of a thief will always be greater than that of the ability of a locksmith. its just the basics of the system