Ledger is shadowbanning users who mention their key extraction firmware

In the Ledger sub tonight, a user posted a question to ask about how hardware wallets can get attacked.

This was my reply, which has been shadowbanned by Ledger:

“I understand the ledger holds the private key on the secure chip”

Sadly, that's not true anymore. Ledger wrote API code to extract keys from the device and send them over the internet to Ledger and their partner companies for their Ledger Recover service. In theory, that only happens if you subscribe, but since Ledger's code isn't open, there's no way for any of us to prove what it does or doesn't do.

Don't trust. Verify. Right? Well, you can't verify Ledger's code, so you have to decide whether or not you trust them.

Any hardware wallet can possibly get rogue firmware to extract keys, but Ledger actually put key extraction in their own firmware. I can't trust that.

“You now have an API in your firmware to extract seeds”

HERE'S A LINK to the user's question. Notice my reply isn't there. Here is a direct link to my reply, which I assume you can see.

The user is asking about how Ledger wallets can be attacked. The fact that his wallet now features key extraction code seems important, especially since he's specifically asking about safety and hacks, but Ledger is shadowbanning anyone who tries to give him that information.

If anybody is working on a class action lawsuit against Ledger, I hope you're keeping track of what they're doing.

This is what Ledger told customers:

“Private data, such as your private keys will be protected and never leave the device due to the combination of BOLOS and the Secure Element.”


Then Ledger wrote firmware to extract keys from our devices and send them over the internet to Ledger and their “partner companies.”

That's fraud.

Ledger can't even promise those companies won't share your seed:

“These companies are not slaves to Ledger. We just have commercial agreement.”

— Ledger CEO Pascal Gauthier

But if you mention any of this on Ledger's sub, you'll be shadowbanned.

I'll give Ledger's CEO the last word here:

“If, for you, your privacy is of the utmost importance, please do not use our product, for sure.”

50 thoughts on “Ledger is shadowbanning users who mention their key extraction firmware”

  1. So basically they are pushing their firmware update no matter what and when people are complaining about it they ban them?

    Wow that is like a sure way to a bankruptcy.

  2. Their image doesn’t get better, what a poor way of public communication they have, it’s really a shame.

  3. when i click on your reply link it shows the post, shows single comment thread, and shows “wow, such empty”

  4. I’m spreading my crypto over multiple wallets now, I used to trust ledger with almost all of my portfolio, which was a mistake.

  5. Some replied to my comment and when I clicked the notification poof nothing.
    They are very pretty active on this. Putting their efforts in the wrong direction.

  6. They just hurt themselves more and more the more we go. Nothing they are doing in the ledger sub is helping them.

  7. “Fraud” is a bit of a stretch here. Just don’t use their products. What exactly would justify a lawsuit?

  8. So, I’ve turned my head once, and now Ledger is the bad guy? Is it really that bad, or just mildly concerning?

    What are my other options, Trezor is what I see mentioned. Isn’t it just as bad?

  9. Ledger is continuously gaslighting their users.

    If you bought it recently, file a chargeback under false advertising. Worked for some people!

  10. First they got hacked and exposed around 500.000 buyers information details and now this!

  11. Thanks for your informative accurate account of where any ledger owner stands as far as safety and security, no one should be able to shadowban you though mate you speaketh the truth 👊🏼

  12. I’m still with them, but will likely move away now, purley because of the shady shit like this. Short term I don’t think they are a risk, but longer term, they could screw their users as the tech evolves.

    From what ive seen they have very little loyalty to existing customers and lack integrity or values, which has clearly filtered down from the CEO. He should be ousted from ledger.

  13. Still the same question: how could the CEO have allowed such a mistake to be made, one that wiped out the reputation Ledger had built up over the years?

  14. They’ve been pretty tolerant with all the rants the next few weeks after the drama started. But there has been a lot of abuse from a few Karens that were spamming their sub.

    Your post history is totally empty, so i wouldn’t be surprised if you’re currently using an alt account to continue your war against Ledger

  15. Man, Ledger are really shite at open and honest communication with their user base

  16. muzzling free speech. way to go ledger. why limit yourself to a single fiasco, start a cluster.

  17. How tf does someone give this statement and still is CEO?

    That’s a fucking PR shitshow

  18. I was days away from ordering one of these. I will stick with the password protected txt on a usb

  19. Was amazing how fast this product fell out of good graces.
    At least the type of people who got to the using Ledger step, should be informed enough to know and able to get their crypto off that device.

  20. The fact that it’s just an API to extract seeds, it makes Ledger a very easy target.

  21. “If, for you, your privacy is of the utmost
    importance, please do not use our product, for

    Can someone please explain why he said this? I don’t understand why he would make such a ridiculous statement. I have a ledger Nano X.

  22. Op, your reply is the top reply to that question. I’m not sure what you’re talking about.

  23. Yep anyone who tries to have a discussion about their new key recovery software is completely shadowbanned.

    Is this not the biggest red flag.

  24. I’m moving away from Ledger and have chosen Keystone over Trezor. Airgapped, open source. All it does is read / present qr codes (of signed transactions). So you don’t even risk a potential malicious firmware update to steal your keys in the future.

  25. It’s not just Ledger mods, but there’s a good chunk of ledger fans or fake people who are defending this move by ledger and calling anyone who talk about the key extraction “ignorant” or “overreacting”. These idiots will shoot themselves in the foot and only then realize they are fucked over by the black box ledger code.

  26. I moved the last of my assets off Ledger yesterday, it wasn’t much just a few Reddit avatars, but still I didn’t feel comfortable using them any more.

    It’s quite sad because I’ve been a customer since 2017 and own two devices at the moment.

  27. At what point did ledger start uploading keys to the cloud? Was it a certain software update to the device that enabled this functionality? Was it a ledger live update?

  28. What people seem to not get: hardware wallets will never be trustless.

    Irrespective of how much open source their code is.

    Hardware production is not and will not be trustless any time soon, at least as long as you cant build it and all its components at home – basically not going to happen ever.

Comments are closed.