[kossTKR]

Ledger has been hacked so many times now i've lost count.

I remember buying one in 2019, and shortly thereafter all customer data was dumped on the internet endangering everyone who bought one.

Then after deep diving the tech i threw it in the trash, it seemed like security theatre product.

There's also been so many phishing attempts, fake ledgers sold, bricked ones losing funds, it's total shitshow that ecosystem if you check their subreddit going back in time.

The more you rely on 3. parties, and the more obfuscated your setup is, the more unsafe your data is. I just use isolated cheap laptops and encrypted usb's now.

[meowface]

>I just use isolated cheap laptops and encrypted usb's now.

I figure this isn't practical for most end users. Is there an alternative hardware wallet that you think is okay for most people? How do you feel about Trezor?

[anders16]

Coldcard! https://coldcard.com/

[yownie]

I'm curious about coldcard as well, however what would you say are the benefits over a trezor / ledger device?

[bdd8f1df777b]

How? My set up is less secure, but more auditable than hardware wallets--a dedicated hard disk running a portable Linux doing nothing else than crypto. And only for sending out funds. For receiving funds I use my normal operating system with view-only keys.

[Rastonbury]

I don't know which it more practical trusting an exchange, paying a hardware wallet or maybe encrypted file in s3

[pants2]

The modern solution is to use MPC wallets like ZenGo.

[arifromzengo]

Thanks for the shout-out. Obviously I agree. Multi-factor wallets are more secure than single factor wallets, by default.

Having no seed phrase vulnerability (single point of failure) significantly reduces the surface area for attack vectors. Added layers of security (like the built-in web3 firewall) help protect against Web3 attack vectors.

[ametrau]

I must be missing something. It couldn’t be as dumb as using a photo of your face as the key.

[arifromzengo]

You are missing something. Happy to jump into the details if you're interested.

3D FaceLock is one of the parts of the wallet recovery process: It's a biometric liveness verification (backed by 600,000 USD bug bounty). But 1) It's only one of the factors, and 2) It's never been hacked/spoofed.

Zengo's MPC wallet uses a 2/2 signing mechanism (similar conceptually to a multi-sig). You initiate transactions from your Zengo app (inside the app is the Personal Secret Share, which interacts with your wallet's secure enclave/TEE during the signing process). The Remote Share on Zengo's server essentially co-signs the transactions.

By removing a single point of failure (private key or seed phrase) it is much more challenging for a hacker to steal/spend funds or take over a Zengo wallet - indeed... we have over 1,000,000 users (since 2018) and 0 wallets hacked, 0 wallets drained. More info here: www.zengo.com/security

Also happy to answer more qs. Cheers.

[rahen]

For "most people", I wouldn't know, but for the typical HN reader, I would advise something open-source, verifiable, DIY, stateless and air-gapped, and that is the seedsigner:

https://seedsigner.com

To me, this is the perfect solution for a long term saving account, completed with a Lightning wallet for spending. The coldcard and Jade wallet are also great options.

[dboreham]

The only reason things like Ledger exist is because regular smart cards (e.g. Yubikey) don't yet support the signature schemes used on blockchains.

[meehow]

Regular smart cards also don't have screens, so it would mean totally blind signing. That's the problem which hardware wallets are solving, but sometimes the screen is just too small to show all the details of complex transactions.

[chrisco255]

Yubikeys are fine for basic sign-in/sign-out functionality, but even on a basic web app, your auth tokens are something else independent of your Yubikey signature.

[magento]

Phishing attempts are irrelevant as long as users check TXes before they sign. Fake ledgers are also irrelevant because the software does a check if the hardware is legit. Bricked Ledgers losing funds is only a thing if a user didn't keep a backup of their seed phrase, which would make them lose funds regardless of what wallet they used.

[matheusmoreira]

I've found the most secure key management is to keep important keys offline and stored on paper and only load them into a live tails/whonix system for brief uses. I even contributed a binary decoding feature to zbar to let me store them on printed QR codes and easily input them back in.

> bricked ones losing funds

Well of course. It's just a computer and all computers fail. Cheap laptops can also fail and destroy your keys. USB flash storage failure is even more likely. This is the number one argument for storing keys on paper which is actually known to last centuries.

[nullstyle]

"bricked ones losing funds"

That's the user's fault. The product makes it very clear you need to create a recovery sheet and store it in a safe deposit box or other secure place. If you actively ignore the instructions you deserve it.

Could you share some of your deep dive and tell us about what concerns you found? I use one of their wallets and I'd like to investigate more now as well.

[rekoil]

A few months ago they also pushed a new feature which, if enabled, literally exfiltrated your secret key to external parties, requiring only 2 to reassemble the full key...

Avoid

Avoid

Avoid

[irusensei]

Same here. The most infuriating thing is how they downplayed the data breach, specially considering some of their customers live in dangerous countries.

I’ve switched to a Coldcard. Everything from purchase to the device operation seems to be highly focused on security and protections against tampering. No client software… it’s all sneakernet. Coinkite even deleted my customer data a few weeks after purchase without me having to request.

I still have my ledger. I think it is a nice device but when I tried to repurpose it as an yubikey of sorts (it has fido and gpg micro apps) it didn’t actually worked alright. I never trusted ledger live though.

[lxgr]

Do you build and program these laptops and USB drives yourself?