Recently my cousin was subject to a federal raid. They took all illegal contraband as well as his Nano S Ledger, phone, and laptop. The Ledger had a large amount of BTC and ETH on it. He used a completely random 6 digit code for his passcode. His wallet seed is in a separate location and WAS NOT taken. Only one copy exists.About 24 hours after the Ledger was seized, all of the funds were drained and moved to a separate wallet. He DID NOT give the passcode nor the seed to law enforcement. His computer has Ledger Live, but it is also password protected.How can this be explained? Ledger uses a proprietary secure element and their code is not publicly available. The only explanation I can come up with is that there is a backdoor for law enforcement. Nothing else makes sense.What are everyone’s thoughts? I have two Ledgers and this concerns me.Edit: An interesting comment by /u/steemwitness:“Ledger will admit themselves a device that you physically lose can never be 100% bullet proof. Never. No matter how much you want it to be.With physical access, the ability to open the case and spend as much time as you want, side channel attacks, RF attacks, etc can be used. There are literally exploit write-ups out right now showing Trezor and Ledger being "compromised" with physical access to the device.Did you know someone could keylog your computer by reading the voltage difference your monitor outputs when you press a key? You can literally keylog an air gapped computer. Hackers are tricky people.Btw if you don't know how something was made from the ground up and understand the inner workings of the entire product how can YOU claim it's secure? Because ledger told you so?”
Submitted February 13, 2020 at 12:28PM
No comments:
Post a Comment