Ledger Flex, Stax, Nano S Plus (Hardware Wallets)

Website

Short description

Ledger sells a series of hardware wallets which have CC EAL6+ certified secure elements and support Monero through third-party wallet apps (not Ledger Live).

Why I think this tool should be added

In my view/research, Ledger and Trezor are the two most well-regarded hardware wallets on the market, and are both widely supported by Monero wallet software that is compatible with hardware wallets.

Ledger has always been the only hardware wallet with iOS compatibility in Monero on the market (according to Cake Wallet). This will change with the upcoming Trezor Safe 7, but I don’t think the release of that product sets back Ledger’s offerings in any meaningful way, so we are able to recommend both.

We would not recommend the Ledger Nano X as it has not been refreshed in a long time and is their only product still using a CC EAL5+ chip. In theory the difference between CC EAL5+ and CC EAL6+ is not significant for this particular use-case, but the upcoming Ledger Nano Gen5 will be a far better, CC EAL6+ replacement for the Ledger Nano X for iOS users on a budget. Non-iOS users on a budget will be better off with a Ledger Nano S Plus, or a Trezor Safe 5 or 3.

Section on Privacy Guides

Cryptocurrency / Hardware Wallets

Is this more of a spec bump like a CPU in the latest iPhone or does it have an actual technical benefit?

Common Criteria is a testing standard. The higher EAL number tells you how extensively a product’s security was tested, but it does not tell you anything about how secure the product actually is.

To figure that out you’d have to see what was actually being tested, which you can do by looking at their Security Target document for the test, for example:

A post was split to a new topic: Do hardware wallets need to be regularly replaced?

I recommend against Ledger, because this company suffered a terrible data breach in 2021, 270K physical addressed were exposed (link).
Additionally, the company has experienced multiple hacks, including:

• Supply chain attack in 2023
• NPM attacks

None of these hacks are hacks of their products. Their products would defend against these attacks by design actually. The data breach is pretty bad though.

I’ve seen many discussions around Ledger on other forums and it seems their reputation is so bad. Here’s an example: Reddit - The heart of the internet

I will paste the content here for those who don’t want to click on the link:

Disclaimer - I have personally owned and tested over the years 3 ledger hardware wallets and helped many people with their ledger wallets

Ledger products should be avoided for these reasons :

1. They have been caught lying multiple times and abused the trust of their clients . Look into the ledger recovery scandal

2. Their marketing database was hacked and they did not immediately responsibly disclose this to their clients leading to many instances of users losing money due to phishing attacks or ransom

3. Compared to some other companies they are more likely to stop supporting older hardware forcing you to buy newer hardware . This occurred with the ledger nano and we are already seeing this with the nano s too

4. They used very cheap LCD that died after very little usage I noticed in my ledgers and my friends ledgers . The nano x had huge battery problems that led to it not being usable even if plugged in which is absurd

5. They have been exploited multiple times and this last time due to their specific incompetence

https://www.ledger.com/blog/security-incident-report

https://monokh.com/posts/ledger-app-isolation-bypass

6. They don’t have BTC only firmware so users are exposed to much larger attack surfaces and annoying updates that don’t relate to you

7. Their hardware is not 100% open source so we can’t peer review it and need to have faith in a company that lies repeatedly

8. Ledger live is filled with many trackers so is a privacy nightmare where they share many of your personal details with others

https://bitcoinnews.com/legal/ledger-live-app-accused-of-collecting-user-data/

---

If you already own a ledger you can keep it but the absolute minimum you should do is pair it with another wallet instead of ledger live . Do not use ledger live! Pair it with a wallet like green or sparrow

Ledger can’t be trusted anymore. Here’s a summary of the many reasons why, with links to cite sources.

1: Ledger’s word can’t be trusted. The following was a lie:

Your keys are always stored on your device and never leave it

SOURCE: btchip, Ledger Co-Founder, on May 14th, 2023

That’s a lie because Ledger added a key extraction API to their firmware which enables Ledger and their partner companies (and others?) to extract your keys from your hardware wallet over the internet. Might as well stop reading right there. It can’t be trusted.

2: Ledger’s code can’t be trusted. It can’t be verified:

There’s no backdoor and I obviously can’t prove it

SOURCE: btchip, Ledger owner & co-founder

Ledger can’t prove their code has no backdoors because their code is closed source. The only way to prove their code is safe would be to open up the code. All of the code. Closed source code can’t be trusted.

3: Ledger can’t be trusted with your privacy. Their CEO said so:

“If, for you, your privacy is of the utmost importance, please do not use that product, for sure.”

SOURCE: Ledger CEO Pascal Gauthier, on video

Ledger’s CEO begged you to not use “Ledger Recover” if you value your privacy. “For sure.” But it’s baked into their closed source code, so you can’t prove their API isn’t sharing your keys even if you don’t use “Recover.” That’s one of the dangers of closed source code.

4: Ledger’s security can’t be trusted. They’ve been hacked:

Ledger wallet users face mounting home invasion and other scareware threats as hacker dumps private customer information online.

SOURCE: Cointelegraph, December 24th, 2020

Ledger can’t even keep their data secure. Don’t trust them with your coins.

5: Ledger’s code has been hacked.

Ledger exploit makes you spend Bitcoin instead of altcoins

“A vulnerability in Ledger’s hardware wallets enables hackers to prompt someone to spend Bitcoin instead of an altcoin.”

SOURCE: Decrypt.co

Ledger took a year to fix it, and they didn’t fix it until after it was reported in the media.

6: Ledger’s hardware has been hacked.

In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.

An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.

I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.

SOURCE: Saleem Rashid

Ledger’s bounty payments prevent those who’ve discovered vulnerabilities from reporting them so Ledger can lie and say they’ve never been hacked. More lies.

7: Ledger has been phished.

A Ledger employee just got phished. DeFi users lost over $600k

Ledger confirmed the attack was the result of a hacker compromising one of its employees via a phishing attack. After gaining access to Ledger’s internal systems, the hacker planted malicious software within the Ledger Connect Kit.

SOURCE: DLnews, December 14th, 2023

Ledger said an employee was phished, but under scrutiny, they changed their story, admitting it was a former employee who got phished.

8: Why did an ex-employee still have access to the codebase? Ledger won’t say:

How a Single Phishing Link Unleashed Chaos on Crypto: "Ledger has confirmed the attack began because “a former Ledger employee fell victim to a phishing attack.”

Source: Decrypt, December 14th, 2023

How many former Ledger employees still have access to their codebase? Ledger won’t say, not that we could trust any answer they’d give. Do they even know?

9: Ledger’s been hacked multiple times, and yet…

“The bombshell here is the explicit confirmation that Ledger themselves hold the master decryption key for all Ledger Recover users.”

SOURCE: @sethforprivacy

What could possibly go wrong, eh? Yikes.

10: Ledger Live tracks everything you do and the coins you have:

“Ledger Live is phoning out data on assets you hold in your hardware wallet the moment you access Ledger Live. It’s also sending out tons of other information about your computer and device.”

The app apparently transmits data to an external endpoint at “https://api.segment.io/v1/t”, identified as an outsourced data collection service.

SOURCE: BitcoinNews.com

Got a Ledger? Goodbye, privacy.

11: Ledger lies are even on the boxes for their hardware.

“WE ARE OPEN SOURCE”

SOURCE: Their own packaging.

The box for Ledger hardware running closed-source firmware says Open Source. That’s intentionally misleading if not outright fraud.

12: Ledger refuses to answer questions.

They delete questions in comments on their sub.

They shadowban users who ask them.

They scrub their website to remove claims they made for years.

The worst part is, this is only a partial list!

For example: Ledger was still promoting FTX after FTX collapsed.

I could go on and on. But if you want somebody else’s opinion, bitusher is one of the most respected Bitcoin redditors. Here’s what he had to say about Ledger.

Ledger’s word can’t be trusted.

Ledger’s code can’t be trusted.

Ledger’s management can’t be trusted.

Ledger can’t be trusted.

I’m kind of shocked to see Ledger recommended here considering their horrible reputation. I had one of their devices, but threw it out in the bin after the whole drama when the public found out they’re not actually a “cold” wallet (they refused to refund it).

Visit r/ledgerwallet , sort top posts from all the time and you’ll see people destroying their devices with hammers.

I’ve been lurking in this forum without an account for about a year, but had to create it after seeing this.

This is the case with all hardware wallets though, so we will probably just write explainers on how they actually work. All Ledger really did was make more people aware of how hardware wallets work through poor marketing, but if poor marketing were a crime here uh… I can think of a lot of our recommendations which would have some issues lol

What Ledger is doing to me looks like more than just bad marketing. I believe that what @unseen has posted shows a pattern of behaviour that’s difficult to justify.