Antwort auf: Ich wollte einen Ledger kaufen, aber jetzt bin ich unsicher.
There’s so many bad takes here in this sub. The bottom line is that people feel deceived by Ledger’s new seed recovery feature, which is opt in and has a monthly fee. Almost none of us is going to use this ever. This functionality, although most won’t use it, is now included in the firmware. The feature allows (with permission of the paying user) to split up the seed in 3 pieces, encrypt it and back it up on three different servers in case you ever lose lose it. Now, people didn’t know it was even possible for the firmware to read the seed and send it out. And they are now concerned that this functionality could be hacked and their seed would be sent out to a hacker… or something like that.
The truth is that a malicious firmware update could always steal your seed, because it could introduce any malicious code that can do whatever the hacker wants. This is true for any hardware wallet, not just Ledger. But of course this was never communicated by the companies like Ledger or Trezor because it makes their devices look less secure. Both companies have mechanisms in action that doesn’t allow a single employee to push a firmware update, it’s three people who need to come together to authorize any update to be published.
There’s no case or indication that this new recover feature actually makes the device more insecure, there haven’t been any hacks and it doesn’t look likely that there will be any. It’s just a theoretical additional attack vector. But people were just unaware of how much is possible with the firmware and that in the very end we do need to trust Ledger (or Trezor) that they don’t push malicious code onto our hardware wallets. Some of Ledgers code is closed source. But even for Trezor, who actually reads all the code before accepting a firmware update? Anything malicious would probably just noticed much much later.
I am not happy that Ledger is forcing this update on us, most don’t want it. But it doesn’t really make the devices less secure, as many people claim here. They just had a poor understanding of what firmware can do from the beginning and lofty marketing promises.
Now, for your last point, „don’t use Ledger for more than 50k“, this has nothing to do with Ledger, it’s not like the device get’s any less secure if you store more crypto value on it, lol. The warning is about different strategies to keep your funds safe if you have large amounts. Every strategy has different tradeoffs, even a hardware wallet is not 100% secure. Imagine someone knows you are crypto rich and puts a gun on your head. You will probably give them your PIN and they can access and steal your funds. So for large amounts, some people recommend to use multisig wallets, where the key to access the wallet is split into several pieces (3 of 5, or 5 of 7). And those pieces are either spread over different locations or people that than have to come together to access those funds. There’s also companies who help make this more user friendly such as casa.hodl
Anyway, multisig is a whole other can of worms, not convenient at all if you need to access your funds frequently (it’s more for holding large amounts of crypto longterm, where you don’t touch them in years…). And it increases the chance of user error. So for most of us, a hardware wallet is still the best compromise between usability and security. But I urge you to really inform yourself about safe seed storage and best practices for hardware wallets befor you handle large amounts. There’s so many people here who lost their funds because they didn’t save their seed properly (they might have uploaded into the cloud where it can be stolen easily, therefore it should never be stores digitally, not even a photo). Also, when you sign malicious contracts (using Ledger through Metamask or another defi wallet), then using a Ledger won’t magically keep you safe. So your hodl wallet should always really be cold storage and not be used to farm airprops and get free NFT mints and whatnot. Those contracts are high risk if you don’t have a clue of what you are doing.