Ledger no longer safe?

This is really annoying, but if you own one of these devices, which is a Ledger Nano X, or you use Ledger products, you need to pay attention to what's happening right now, because it's been revealed that Ledger products may not be as safe as we originally thought it would be. Now, for all this to make sense, we need to have a base assumption. And that assumption was that the private key, the key that holds all our cryptocurrencies, that would never, ever, ever leave this device under no circumstances whatsoever. But what has been revealed that with the new service called Ledger Recover, is that this key can leave the device, and you have to give it permission to do so, but it can leave. This is a very big change from the irrational statements and the reason, even the reason for owning one of these devices. And this is why it's causing this community to be super upset right now. In this video, we're going to cover what is this Ledger Recover feature that they have announced, what it's good for, who's it for. We'll also cover what is the controversies, what kind of risks this type of feature poses to these devices. Lastly, I'll also cover my take on what's happening right now and the security precautions that I'm special ones that I'm taking to mitigate risks here. Before we start the video, let's check out our sponsor, which is Bybit. Bybit is a top cryptocurrency exchange, and now they are listing new coins the fastest with the most volume, which is pretty insane if you want to get in on all that crypto action. If you do want to join the Bybit exchanger, it is a limited time offer, which is $50 free US dollars, if you do the first KYC and you load more than $100 into the exchange. If you're interested, sign up with the link down below and you'll automatically get in this offer. Remember, it's only for the first 100 people to do so, so what are you waiting for? Let's just take a look at the Ledger Recover service. Let's see what they're officially announced. And for the sake of science, let's assume that we're going to be kind and assume that everything they tell us is in our best interest and is the safest option for us. So what Ledger Recover is, is it's a way to restore access to a Ledger device. And right now it's been exclusively on the Ledger Nano X. This is for situations like, say, for example, your security phrase gets deleted, your device stops working. Oh my God, panic, panic, panic. Or maybe in some grim circumstances, what if you pass away? And what it does is that it will magically restore this device if you provide your identity. So this is like a passport identity or your face to a trusted third party. And in fact, it's not just a single. You have to convince two of three trusted parties that you are this person, you hold these funds. And if two out of three of them agree, they will restore your access to your Ledger and your keys for you. I took a look at the mechanics of how this works. Essentially, what happens is that all of the operations are done in the secure enclave of the trip, which is the most secure part of the Ledger. What it does is that, say, for example, there is a key inside. It splits it into three due to some mere sharding. And they encrypt each of these keys before they leave the device. On top of that, you have to confirm on the Ledger screen that you are doing this operation. So it is opt-in, in theory. And hackers will be able to trick you because you have to view this on your Ledger screen. So they can't hide a message there or something that someone tricked you to activate this feature. You have to look at the screen, read the notifications, approve it. And then it shards the data and it goes. You actually need two of the three shards in order to magically restore the message. It's kind of like cryptographic knowledge. And it's actually been used in a lot of industry applications. And that process is generally considered quite safe. And I can understand why they're promoting this as a feature and why I think their management thought this was a good thing to roll out on previous devices. Okay, now let's switch gears for a bit. All right, let's go back to our hardcore crypto aspects. Not your keys, not your crypto. Why is everyone upset about this? Well, it's because now that this feature has come out, it has given a way for keys to leave this device. You see, when the key is generated, when you first buy one of these devices, the key is generated on the device. Never does it enter a computer system or it just never has access to the internet. Even when you connect the computer with a cable to the device, the security key is never ever revealed to your computer. Only signed transactions, only the results of those transactions are ever sent to the computer. They're the result of signing and not the signing key itself. I think that's a very important fact to distinguish here. And this is one of the reasons why we have one of these devices. So people are very upset because while Ledger kind of misled us to believe that these keys never leave, now that there is a mechanism for this key to leave, people are questioning what Ledger has told us all along. This is very important to remember as well because the way these secure modules are designed is that this is a closed source secure module. So closed source means that we do not know what is actually written there. And we do have to trust Ledger that they didn't write any bad code into the secure module. Now, the problem here is that I feel that this secure module has additional features that we were not told about at the beginning. This is kind of revealed in this statement here. This is not automatically enabled by any firmware updates. This is your choice. So this implies that this feature was already built into the Ledger hardware from the get-go. Now, what kind of two possibilities can there be risks to our Ledgers? So first and foremost, the recovery process could be not as secure as they say. There's still situations where those entities can be tricked into revealing their fragments. So this is done by social engineering, people pretending to be you, and, you know, with the frequency of deep fake these days, it might be more possible than we think. This has led me to the conclusion that I will never, ever use this feature. I'll never, ever opt into this feature because, you know, at the end of the day, I don't feel like losing my, like, Ledger is a risk. I buy multiple one of these, right? So for me, all right, I'll never, ever use Ledger recovery. It's not something for me. The other risk that I feel like could be possible is because that there is this feature now, and once this feature is activated, hackers can look at the mechanics of how this key is broken. If hackers really do figure out how these mechanics works, they can try to figure out a way to break these mechanics and hack into our system in ways that we don't know. So now that I know about this, I feel like I feel it's less safe of a device for me personally to use. Finally, what am I doing about Ledger and do I still use Ledger? So here's the deal. I own different types of coins, and for Bitcoin and Ethereum, I'm looking to transfer them to a Trezor. So simple as that. I feel like I don't trust the Ledger as much. So for coins that are easily handled by the Trezor, I'm gradually moving it over. Now, why I say gradually is because I'm not panicking. This has been, you know, if this feature has been already baked into the secure module, then fine. It's been existing for a long time. There's no urgency here to rush to migrate. So I don't want to have any migration risks. I actually have an engraved wallet, which is completely air-gapped. And this is actually even safer because it never even connects physically to any device other than itself. So actually, pretty even better. All right. So migration in progress. Now, unfortunately, unfortunately, I guess fortunately for Ledger, unfortunately for me, is that I do own coins that are not supported by a Trezor. So for those coins, I'll continue to use the Ledger. And yeah, I just have to suck it up. Like, I'm not happy about this, but I'm going to suck it up. You know, honestly, like, I feel really sad here because this is a device I use most of the time. And I'm actually most used to this interface. And it has most of the coins here. So it's just the most convenient one. But at the end of the day, I do need to protect myself. And I feel like this was not Ledger acting in my best interest. This was, I want devices where the key is always held on the device no matter what condition. So yeah, there will be a migration for Bitcoin, Ethereum, to a Trezor, other coins. All right, guys, that's pretty much the end of the video. I'd love to hear what you guys think about this new feature and if you're concerned about security ramifications as well. Are you guys angry? Are you guys salty? I'd love to hear in the comment section below. And with that, guys, thank you guys so much for watching this video. I'll see you in the next one.