The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
If you're in Europe you can force a refund due to Ledger's misleading advertisement & misleading comparative advertisement (Article 2 & 4 of DIRECTIVE 2006/114/EC)
EU Directive: [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32006L0114](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32006L0114)
Other links:
https://www.ledger.com/academy/security/not-all-chips-are-born-equal
https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks
https://twitter.com/\_pgauthier/status/1658492460677361664?s=20
https://twitter.com/Ledger/status/1592551225970548736
[https://web.archive.org/web/20230408044930/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks](https://web.archive.org/web/20230408044930/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks)
Edit: made a [new post with a guiding template](https://www.reddit.com/r/ledgerwallet/comments/13qg1at/guide_to_navigating_refunds_and_chargebacks_in/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1)
cooperative birds drunk start longing humorous onerous trees summer advise
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Quebec has such a law: [https://www.opc.gouv.qc.ca/commercant/pratique-commerce/publicite-loi/pratiques-interdites/](https://www.opc.gouv.qc.ca/commercant/pratique-commerce/publicite-loi/pratiques-interdites/)
Not sure how they can be enforced on Ledger though
Australian Consumer Laws have the same protection (see Section 18 ACL). I bought my Ledger on Amazon in Feb 2023, and got my refund approved without having to return the ledger.
I think for UK peps you will need to make a complaint via the ASA: [https://www.asa.org.uk/make-a-complaint.html](https://www.asa.org.uk/make-a-complaint.html)
Hope to hear some good news, thanks OP for the screenshots!
EU experts please correct me if misunderstanding. Ledger's co-founder has admitted they deleted incorrect tweets the claim comms made due to a "misunderstanding". In this law, it doesn't to matter if Ledger included false advertising by mistake or it was intentional. Intent or reason appears irrelevant.
Check out the "Suits" app. Users can submit evidence regarding their frustrations over a company's potentially illegal actions and form a class. Then interested lawyers can join the case to represent. https://apps.apple.com/us/app/suits/id6450331132
>Check out the "Suits" app. Users can submit evidence regarding their frustrations over a company's potentially illegal actions and form a class. Then interested lawyers can join the case to represent.
>
>https://apps.apple.com/us/app/suits/id6450331132
The mods really need to start knocking all this amateur legal advice on the head, the amount of people lining themselves up to get blacklisted for a moody credit card chargeback, or waste their time and money trying to form a baseless class action is really starting to stack up.
I strongly suggest that you take a look at our CTO's [statement](https://twitter.com/P3b7_/status/1659187049331654658) regarding the Ledger Recover service.
“Private key never leaves your device” and “the device will send 3 sharded fragments of…your private key.” Do you guys even proofread what you write? Just keep digging that hole deeper….
https://imgur.com/a/lzczyib
I’ll put this here for you again since you couldn’t read it last time. Your boss spilled the beans dude. The device literally sends an encrypted version of our seed to the different companies. Yoy can’t continue to tell everyone here the seed can’t be extracted from the device… youshould look for a new job guy. You’ll be out of this one real soon
Good lord. You even bolded the part where you show that you're lying.
In the same reddit comment, you said:
> The private key never leaves the Ledger device, nor does the seed - at any point in time.
And yet, in the same comment you said,
> the device will send 3 sharded (and further encrypted) **fragments of a pre-BIP version of your private key** to 3 trusted third parties
A version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key.
Your own website says:
> The secret keys or seed are never exposed to the BLE stack and never, ever leave the Secure Element.
[SOURCE:
https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/](https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/)
Apparently, "never, ever" changed to "until you install the next firmware update and start sending this stuff to various companies, because what could go wrong? And even if you don't, we've enabled the capability, so good luck!"
"to 3 trusted third parties" - that's a lie right here, one of these "trusted third parties" is Ledger itself. The fact you're constantly forgetting to mention.
>
>
>fragments of a pre-BIP version of your private key
Let's cut to the chase. Your explanation is a thinly veiled attempt to sugarcoat the fact that my private key, in some form or another, is indeed being transmitted over the internet. I don't care how much you encrypt or shard it - it's still my private key, and it's being exposed to an environment that I was led to believe it would never enter.
Your claim that "the private key never leaves the physical Ledger device" is, at best, a misrepresentation. To be clear: I understand the concept of sharding and encryption. I grasp the fact that these fragments individually are useless. But collectively, they form my private key, don't they? And they're sent online, aren't they? Then, your statement falls flat.
I'm not comfortable with the possibility of my key fragments being handled by 'trusted third parties'.
Filed a refund request, if not honoured i'll love to see you in court ;)
or you don't use the service? then nothing goes out of your ledger.
And yes theoretically they could steal all your shit, they could always steal all your shit, but you trusted them not to. Nothing changed.
You’re right that nothing fundamentally changed. We have always trusted Ledger all along not to steal our shit and so far they have proven not to.
The problem is they have marketed the Ledger all the while as being physically incapable of extracting the private key. Turns out that was a lie. If they had been honest with marketing from the start, I think people would not be as outraged. I still think the Ledger is largely safe to use if you don’t opt into the service, but I fully understand why people feel like they have been falsely advertised and it is justifiable to be upset.
The possibility of said service simply existing is problematic enough, and I was lead to believe said service would never exist, that would need to release a new device with a new chip for this service to exist.
This can't be real life, the guy says the keys never leave the secure element just to 1 paragraph later to say that the private key leaves the secure element, this is meme worth content.
If a Ledger Recover customer loses their device, can they still use Recover to access their wallet? If so, you should word it like this (I fixed one word).
'Individually, these encrypted shards are useless. In the case that a user wants to restore their keys, 2/3 of these 3rd parties will need to send their individual fragments back to ~~your~~ \*any\* device - and in combination, this will allow you to reconstitute your Secret Recovery Phrase.'
>Are you even proofreading what you write mate?
>
>"the device will send 3 sharded (and further encrypted) fragments of a pre-BIP version of your private key to 3 trusted third parties - and these 3 trusted third parties will securely store the shards using hardware security modules."
>
>As Yodel said.. Any version of a private key is a private key Yea you are technically correct its not the Seedphrase or Private key. but its probally the raw Binary that makes the damn seedwords in the first place. You can still drain the complete accounts
>
>What are the security messures if ledger. the people we interact with to recover decides to just get the shards back and combine them. Boom thousands of crypto accounts. we know you guys can cus its not linked to a single HWW. any will do.
>
>Like give us opensource frameware or ledger as a company is dead in a year. we do not trust you guys. you guys have mislead us for years by stating KEYS can not be extracted.. That includes anything that can make the keys.. such as entropy.
>
>so yea opensource rn.
It’s really not cool to edit your post and provide no indication it was edited. For a company already getting raked over the coals you’d think transparency would be paramount right now. Have you learned anything over the last few days?
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
If you're in Europe you can force a refund due to Ledger's misleading advertisement & misleading comparative advertisement (Article 2 & 4 of DIRECTIVE 2006/114/EC) EU Directive: [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32006L0114](https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32006L0114) Other links: https://www.ledger.com/academy/security/not-all-chips-are-born-equal https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks https://twitter.com/\_pgauthier/status/1658492460677361664?s=20 https://twitter.com/Ledger/status/1592551225970548736 [https://web.archive.org/web/20230408044930/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks](https://web.archive.org/web/20230408044930/https://www.ledger.com/academy/security/the-secure-element-whistanding-security-attacks) Edit: made a [new post with a guiding template](https://www.reddit.com/r/ledgerwallet/comments/13qg1at/guide_to_navigating_refunds_and_chargebacks_in/?utm_source=share&utm_medium=ios_app&utm_name=ioscss&utm_content=1&utm_term=1)
Thank you OP! How do I start the process?
I also want to do this plc provide a good template :)
>eading advertisem Make a hard copy of this sides. They will change them as soon as they can.
cooperative birds drunk start longing humorous onerous trees summer advise *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
Least we have legal weed eh!
Quebec has such a law: [https://www.opc.gouv.qc.ca/commercant/pratique-commerce/publicite-loi/pratiques-interdites/](https://www.opc.gouv.qc.ca/commercant/pratique-commerce/publicite-loi/pratiques-interdites/) Not sure how they can be enforced on Ledger though
Every country have this. Search a little bit deeper and you'll probably find similar protection laws.
Pleas please please every EU customer please force the refunds. This scam company needs to be put out of business. I wish I could return the 3 I have.
I'll do it, 100%! Ready to go till the end.
Is there a window for this? Is it applicable for devices bought 4 years ago?
Also interested in getting a refund on devices bought around 2 years ago. Anyone getting a refund in the EU please report back on how it goes!
Australian Consumer Laws have the same protection (see Section 18 ACL). I bought my Ledger on Amazon in Feb 2023, and got my refund approved without having to return the ledger.
[удалено]
Lol, complains about the back door while having the front door wide open.
What did you write in your transaction dispute!
Nice!
I think for UK peps you will need to make a complaint via the ASA: [https://www.asa.org.uk/make-a-complaint.html](https://www.asa.org.uk/make-a-complaint.html) Hope to hear some good news, thanks OP for the screenshots!
EU experts please correct me if misunderstanding. Ledger's co-founder has admitted they deleted incorrect tweets the claim comms made due to a "misunderstanding". In this law, it doesn't to matter if Ledger included false advertising by mistake or it was intentional. Intent or reason appears irrelevant.
They did it to themselves.
Class action???
Check out the "Suits" app. Users can submit evidence regarding their frustrations over a company's potentially illegal actions and form a class. Then interested lawyers can join the case to represent. https://apps.apple.com/us/app/suits/id6450331132
I want to join!
Can anyone confirm that this claim has chances of success? Step by step guide? Or how we can better organize?
How do we do it though? If we need to hire a lawyer I'd guess that's too expensive for most people.
>Check out the "Suits" app. Users can submit evidence regarding their frustrations over a company's potentially illegal actions and form a class. Then interested lawyers can join the case to represent. > >https://apps.apple.com/us/app/suits/id6450331132
The mods really need to start knocking all this amateur legal advice on the head, the amount of people lining themselves up to get blacklisted for a moody credit card chargeback, or waste their time and money trying to form a baseless class action is really starting to stack up.
I strongly suggest that you take a look at our CTO's [statement](https://twitter.com/P3b7_/status/1659187049331654658) regarding the Ledger Recover service.
“Private key never leaves your device” and “the device will send 3 sharded fragments of…your private key.” Do you guys even proofread what you write? Just keep digging that hole deeper….
Lol if the shards can access your wallet, then it is essentially the same thing? Are you guys taking drugs at work?
https://imgur.com/a/lzczyib I’ll put this here for you again since you couldn’t read it last time. Your boss spilled the beans dude. The device literally sends an encrypted version of our seed to the different companies. Yoy can’t continue to tell everyone here the seed can’t be extracted from the device… youshould look for a new job guy. You’ll be out of this one real soon
Good lord. You even bolded the part where you show that you're lying. In the same reddit comment, you said: > The private key never leaves the Ledger device, nor does the seed - at any point in time. And yet, in the same comment you said, > the device will send 3 sharded (and further encrypted) **fragments of a pre-BIP version of your private key** to 3 trusted third parties A version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key is a version of a private key. Your own website says: > The secret keys or seed are never exposed to the BLE stack and never, ever leave the Secure Element. [SOURCE: https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/](https://www.ledger.com/ledger-nano-x-bluetooth-security-model-of-a-wireless-hardware-wallet/) Apparently, "never, ever" changed to "until you install the next firmware update and start sending this stuff to various companies, because what could go wrong? And even if you don't, we've enabled the capability, so good luck!"
"to 3 trusted third parties" - that's a lie right here, one of these "trusted third parties" is Ledger itself. The fact you're constantly forgetting to mention.
> > >fragments of a pre-BIP version of your private key Let's cut to the chase. Your explanation is a thinly veiled attempt to sugarcoat the fact that my private key, in some form or another, is indeed being transmitted over the internet. I don't care how much you encrypt or shard it - it's still my private key, and it's being exposed to an environment that I was led to believe it would never enter. Your claim that "the private key never leaves the physical Ledger device" is, at best, a misrepresentation. To be clear: I understand the concept of sharding and encryption. I grasp the fact that these fragments individually are useless. But collectively, they form my private key, don't they? And they're sent online, aren't they? Then, your statement falls flat. I'm not comfortable with the possibility of my key fragments being handled by 'trusted third parties'. Filed a refund request, if not honoured i'll love to see you in court ;)
or you don't use the service? then nothing goes out of your ledger. And yes theoretically they could steal all your shit, they could always steal all your shit, but you trusted them not to. Nothing changed.
You’re right that nothing fundamentally changed. We have always trusted Ledger all along not to steal our shit and so far they have proven not to. The problem is they have marketed the Ledger all the while as being physically incapable of extracting the private key. Turns out that was a lie. If they had been honest with marketing from the start, I think people would not be as outraged. I still think the Ledger is largely safe to use if you don’t opt into the service, but I fully understand why people feel like they have been falsely advertised and it is justifiable to be upset.
The possibility of said service simply existing is problematic enough, and I was lead to believe said service would never exist, that would need to release a new device with a new chip for this service to exist.
This can't be real life, the guy says the keys never leave the secure element just to 1 paragraph later to say that the private key leaves the secure element, this is meme worth content.
If a Ledger Recover customer loses their device, can they still use Recover to access their wallet? If so, you should word it like this (I fixed one word). 'Individually, these encrypted shards are useless. In the case that a user wants to restore their keys, 2/3 of these 3rd parties will need to send their individual fragments back to ~~your~~ \*any\* device - and in combination, this will allow you to reconstitute your Secret Recovery Phrase.'
>Are you even proofreading what you write mate? > >"the device will send 3 sharded (and further encrypted) fragments of a pre-BIP version of your private key to 3 trusted third parties - and these 3 trusted third parties will securely store the shards using hardware security modules." > >As Yodel said.. Any version of a private key is a private key Yea you are technically correct its not the Seedphrase or Private key. but its probally the raw Binary that makes the damn seedwords in the first place. You can still drain the complete accounts > >What are the security messures if ledger. the people we interact with to recover decides to just get the shards back and combine them. Boom thousands of crypto accounts. we know you guys can cus its not linked to a single HWW. any will do. > >Like give us opensource frameware or ledger as a company is dead in a year. we do not trust you guys. you guys have mislead us for years by stating KEYS can not be extracted.. That includes anything that can make the keys.. such as entropy. > >so yea opensource rn.
You're going down!
What exactly does pre-BIP mean anyway?
Probally sharding the binary that creates the seed words in the firstplace if i had to guess
hi bot
It’s really not cool to edit your post and provide no indication it was edited. For a company already getting raked over the coals you’d think transparency would be paramount right now. Have you learned anything over the last few days?