UFO are literally Unidentified Flying Object, so obviously someone saw them, but not identified.
I can also show real security vulnerabilities for previous version of ledger devices, and I can argue that ledger recover is another intentional ''vulnerability''.

One guy tried to do it, and he even release source code on github, but I didn't follow how far he went with that project.
Here, I found this github link (use at your own risk):
https://github.com/darosior/ledger_installer

Really?  
It's not happening inside toaster obviously...

I remember seeing this back when it first got released. The developer himself says it's only created for testing purposes and is never meant to be a replacement app for Ledger hardware wallets. Looking at his GitHub, there haven't been any changes for 7 and more months.

On a different note, I am not sure where the software gets the bitcoin app from. It must communicate with Ledger's servers and get it from there I would believe. If not, what's the source and who has checked it...

Here it was said that we should not update the firmware to stay out of the possibility of Ledger Recover unauthorized access. Although there is no guarantee that such an option did not exist before, Ledger has now decided to force Ledger Live users to update the firmware.
Thus, it is no longer possible to use the BSC and ETH applications on Ledger Live without a firmware update. (BTC wallet is still functional with the old firmware)

I don't follow news about ETH and BSC, but is it possible that these two networks had some network upgrades in the recent past, which would require that you install the newest firmware to support those upgrades? I know that the Ethereum changed something around its blockchain fees a few months ago, making L1 and L2 fees cheaper.

If they wanted to force the new firmware on everyone, why would it not be forced on users who only hold bitcoin? Like you said, you can still work with your BTC with the old firmware.

Typical case when companies are trying to force something on customers to get more money...
Few years ago I remember there was a large group of people who started lawsuits against Ledger when personal information leaked, so I am sure this is not the only lawsuit against ledger.
I think they are going to have to change how they are doing business after one of their founders David Balland was recently hijacked and blackmailed.
 

So, if attackers gained access to Ledger's code base, how long until this scenario becomes a reality?

Absolutely.

There's so much potential for Ledger's built-in key extraction over the internet to lead to things going very wrong.  Catastrophically wrong.


I'm sure some Ledger owners will read that and think "I don't use Recover, so it's not a problem."

Not true.  The API used to extract keys over the internet is baked into Ledger's firmware.  Ledger's closed-source firmware.  There's no way to prove Ledger or their partner companies don't have access to the user's keys even if the user opts out.

There's no way to prove it.

And Ledger has already proven themselves to not be trustworthy.  They've lied to their customers, many times.  Their code has been hacked.  Their hardware has been hacked.  Their ex-employees still have access to their codebase, and at least one ex-employee that we know of has been phished, leading to hackers getting access to user's coins.  Ledger Live tracks everything the user has and does & phones out that data to who knows where.


I'm blown away by the fact that anybody still trusts Ledger.

That still requires an aweful amount of trust.

They (Ledger) still exist only for the reason that at least 90% of those who bought their devices do not know the difference between a public address and a private key, or even the difference between Bitcoin and blockchain. If they knew that, they would have stopped using their devices the moment all this incredible information surfaced.

In fact, for a long time now, there hasn't been much difference whether someone stores their private keys on CEXs or on Ledger devices - it's just a question of who gets hacked first. The difference is only in the false security that comes from the fact that for years we have been saying that hardware wallets are a completely safe way of storing private keys - and today I would conclude that any such device that connects to the internet is probably a much bigger risk than we thought.

Ledger invested a lot in marketing, painting quite successfully the picture that their hardware wallets are a safe choice to secure your private keys. How can I describe it? ... The crypto mob probably sees Ledger as sort of OG hardware wallet, even when Trezor came first, Ledger easily overturned Trezor.

For the mediocre knowledged crypto user Ledger is synonym to hardware wallet, isn't it? They feel safe with Ledger, appreciate the tons of shitcoins and shit-tokens supported and don't care if it's open- or closed-source. If it works, it's fine, period!
The more experienced and/or knowledged crypto users should see it differently. Many of us here do.

When common people don't understand why it's imperative to keep your mnemonic recovery words and your private keys strictly offline, they don't care that Ledger's Recovery Subscription is a fundamentally wrong idea.


I don't quite agree when you say there's not much difference between a wallet on a CEX and one on Ledger devices. Or do you mean non-custodial online wallets like what Coinbase or blockchain.com offers?

The problem for me lies in the trust you need. If you don't use Ledger's Recovery Subscription, can you be sure your wallet secrets can't be extracted by Ledger's firmware API without your consent?

For me a hardware wallet should be an offline-signing device. It shouldn't be able to connect to a network in any way. It shouldn't have an API to extract main wallet secrets. A USB connection to the hardware wallet should never be able to get to private keys or other vital main wallet secrets like the seed (no internal wiring, no verifyable firmware code to allow this).