Reddit Posts
An extract from Coin Bureau newsletter regarding the Ledger fiasco
Anyone interested in buying Bitcoin Conference Ticket 4/6 to 4/9 (below SRP)??
My account linked to my Secret Recovery Phrase (SRP) wont show up... I need advice
MetaOchtapas: For creators - Receive crypto donations directly to your wallet (not a scam, read before judge)
ive got 20k to play with and im between SRP /SOL/ ETH or just a SP500 mirror stock, any thoughts?
Finding all wallets/addresses tied to a given private key / seed phrase
Manually generating my own BIP39 24-word SRP
Mentions
The website then tells you you need to enter your SRP because MetaMask or some other wallet isn’t working. It’s nearly always MM as it’s the most popular. Everyone noob blames MM but it’s their own fault. Use a browser extension like [Wallet Guard to warn you of what you are or might be doing wrong.](https://www.walletguard.app/)
Rubbish… if he just connected it’s fine. They are trying to get you to enter your SRP. If he’s not signed anything he’s fine.
At the end of the day just keeping it simple instead of complicated is the safest method. Even keeping a bit on an exchange might save your ass if your hardware wallets get hacked. If you ever used LastPass to store a SRP rotate your wallets… start new ones as many have been drained.
If you mean accounts as on the same SRP then it’s all gone if the seed is revealed in anyway. The only way is different hardware wallets. Use mm as a dummy and install the hardware wallets as hardware wallets. Don’t use any of the MM accounts. You’ll need “Account 1” but only as a dummy.
The best advice can be found from the expert. [MyCrypto](https://support.mycrypto.com/staying-safe/protecting-yourself-and-your-funds) Spilt your funds over different SRP. If those get to big move funds out into a new SRP. How much is your decision 2k to someone is a lot and 10k to some is a little. I won’t harp on just read the articles.
You could buy a new one and enter your SRP on that and then use that. If everything is on that then you’re ok to play with the old one. If you haven’t got your SRP then be very careful. Transfer all the crypto out. Remember you can have multiple chains on it too…. So make sure you move that too.
Frankly, I live in a world where people who run red lights claim it was green. Even if they are shown photos. Memories are often incongruous with facts. And the story is incongruous: >Furthermore, Çeliktepe says he never kept the secret "12 words" or what's formally known as MetaMask's Secret Recovery Phrase (SRP) on his computer and therefore does not understand how his MetaMask wallet was breached, even if attackers would have gained access to his machine. Because we know how metamask works, we know one of two things *actually* happened. Either his passphrase is kept on the machine and it was somehow accessed by a devious and impossible-to-find-exploit somewhere in the code... or he followed the instructions he was given and proceeded to debug a problem with wallet connection by connecting his metamask wallet. Occam's razor suggests to us which of the two this is. As far as > 1) He's a blockchain dev so he's probably not stupid enough to willingly connect his wallet Or, maybe... he is. and > 2) If he did willingly connect his wallet then there's no real confusion about how the funds were stolen so why make such a big deal about it and have bug bounty hunters investigate how it could have happened? For the same reason people swear they didn't run the red light.
Metamask supplied me with the SRP
SRP was stored on paper never digital. In my briefcase.
My opinion is you shouldn’t be using a phone or crypto if you don’t know what you’re doing. There are literally 100,000 links of X for free “airdrops”… “give aways”… “Drop your Eth Address” … “Get whitelisted” etc etc … you are safe as long as you don’t follow the links and FOMO in with your SRP … that’s all they are after. An Apple iPhone is safer than a Laptop which could theoretically install a program or something nasty. Short answer no you’re safe as long as you don’t reveal that juicy SRP Secret Recovery Phrase (It’s not called a seed phrase anymore. It changed to make it sound secret… seed phrase is wishy washy) Sleep peacefully.
Hmmm... Celo is an EVM compatible network and both valora and frontier wallets are EVM compatible, so it should not be a problem. Not to further complicate matters, but could you try out metamask wallet with your seed phrases? In mm, it's called SRP. https://support.metamask.io/hc/en-us/articles/15527318680859-Network-profile-Celo
You mean this block stream Jade? Open source doesn’t mean it’s safe like I told you before: https://blog.ledger.com/blockstream/ Now that I see what your agenda is, I can hardly say yours is better at all. Had you told me something like trezor which is close enough to safe *if you use a passphrase* I would’ve just let this argument be. You literally linked an article about ledger database and not the device itself being hacked, which I addressed previously, pls don’t repeat sources that don’t support your arguments. I think what’s going on here is you lack a technical understanding of the hardware device architecture itself, which is fair not everyone is meant to be technical. Hardware wallets store the info needed to sign transactions, which you guessed it, is your SRP if you’re using a multi blockchain wallet like ledger, on their developer blog they even stated the NSA could possibly hack the ledger device, but through extensive time and resources. Data cannot leave a Secure element without permission of the secure element and is not susceptible to most forms of physical attacks, unlike block stream Jade. That’s the whole point of ledger using a secure element in their architecture and even in the architecture the data in the SE chip is supervised by the BOLOS system to make sure no application can get any access to the data from the SE chip. So no your data never leaves the SE chip raw in any form, not even the most malicious code. Ledger apps cannot extract raw data from the SE chip, it’s why you need the same SE chip to decrypt the data encrypted by the ledger SE chip and that’s even if the original owner sent you an encrypted form of the data, if they never approve the transaction, good luck finding that. That is different than block stream jade getting hacked by inputting your own malicious code to extract the data mentioned in the article.
You’re a bit mistaken on a certain part. You seem to think it was “built in” now. The possibility was always there, as the device stores your SRP within the architecture, as with other hardware wallet devices which are also capable. Your argument of “ledger has done it though no one else has” doesn’t hold weight because the other still have the possibility to do so or even worse, at least ledger is protected from majority of physical attacks I can’t say the same for others. As I said you are trusting companies not to maliciously expose your data, even open source code wallets. The difference is, ledger SE chip requires user input to export any data from it and even when it does the data is encrypted as that is how the SE element works regardless of the firmware deployed on BOLOS. Long story short, if ledger had the option to remotely just extract your seed without permission it would’ve been done. You still have to send your seed to the companies because ledger can’t interact with your wallet. Software applications in ledger never get access to info directly in the SE chip(where your SRP is stored), it directly states that in the developer site when explaining how the architecture interacts with the software. It’s a bit technical so I’ll spare you the boring parts, basically nothing happens until you hit the transact button in which case you’re willingly putting yourself into the Revover service.
This post is going against the pitchfork for ledger mob they won’t like this. OP even says he doesn’t care if other hardware wallets can do the same thing, he’s done with ledger. Far as I’m concerned, OP is farming karma. To answer your question, the average Joe paying a subscription fee to secure a bit of crypto prob wouldn’t be worth if you’re securing a small amount since they only insure $50k. The thing is, nobody thinks they’ll become the person who loses their SRP, until they end up on this subreddit saying they lost their SRP and asking how to recover their account. Your risk tolerance is up to you, but personally I’d rather not have Ledger map my KYC to my wallet since it breaks pseudo anonymity like the blockchain is meant to provide.
Well if you read the developer part of their site they explained what the firmware is, it’s just a BIOS system so it doesn’t have the capability to send anything on its own, it would have to interact with an app that *you downloaded* . Apps are open sourced btw. Take into account you need to approve the transaction as well. If ledger had access to all of our SRP through just a firmware as people are claiming, why even go through all this recovery app nonsense and make people create an account? Couldn’t they just zap your seed from your device and you just register your device through ledger live? It’s why the accusations that a BIOS(that is the firmware) can send something literally makes no sense. The real issue is that ledger is trying to map your KYC info to your wallet and break pseudo anonymity of the crypto users, that is what people should’ve been angered about imo.
I think that could explain some of the missing information, but not necessarily some of the comms that’s just outright misleading, and appears to be intentionally so. Like saying that your SRP is never shared when it’s something that’s for all intents and purposes the same thing. Or saying repeatedly that Ledger the company never sees your sharded key even though they are one of the theee custodians (along with another company that’s using Ledger provided technology). That doesn’t feel like rushed comms, that feels like comms designed to intentionally mislead people.
That’s a tough one. Your seed isn’t leaving the secure element even with the recovery feature. A reversible derivation of it is. That’s always been true, your BIP-39 SRP is a reversible derivation of your master key/seed. New wallets created through derivation paths are irreversible derivations of your master key in HD wallets. It may appear to be a distinction without a difference, but if you understand how this works in a reasonable amount of detail, it is important. It’s why the marketing is *technically* accurate, and people who understand how hardware wallets work wouldn’t be surprised by this at all, but there are people in between that may see this as surprising. But I’d urge people to just think this through logically. How else could hardware wallets work if this wasn’t possible? You have to be able to run some sort of code using your master key as an input otherwise the wallet simply wouldn’t work. I thught people understood this better than they apparently do. None of that absolves Ledger from what is a terrible idea with even worse communication. The way they’ve decided to implement this feature is awful and is clearly backfiring on them.
I experienced the same as you did for the first part. It logged me out on the PC it was set on and asked me to restore with an SRP. I generated 1000 accounts on the seed and none of those accounts was the one I was looking for unfortunately. I am on the matic network searching for these set tokens
Ahhh meant like that. First and foremost, the desired wallet address does not pop up in metamask when I generated new accounts. Secondly, it's MATIC. I have it set on Matic network so it should pop up. But again, the address does not show up in my metamask, no matter the amount of addresses generated. For context, I generated 1000 addresses under the same SRP which non of m were the address i was in search for.
Look up derivation paths for eth wallet, you probably do not have the correct settings to allow Metamask to show you the address you want to see. You can use other wallets like Xdefi, MEW, and other trusted ones, they may have more settings that can be tinkered to allow access to your account tied to the SRP.
Exactly, I am sure it's the correct one though. Did not make different SRP accounts whatsoever. Noted down the SRP in various ways to make sure it's correct.
If you lose your Secret Recovery Phrase 12/24 words, you are dead. If you lose the pass phrase/word (25th word) then you’ve lost your funds in the second batch of accounts created with the 25th word. Some people use 24 words… then make up a 25th… and put Main crypto in those set of addresses. The addresses with the 24 are basically a mini dummy should someone stumble on the SRP.
> If you are leaning towards Ledger and comfortable with Rarible or Opensea - here is a tip: search on opensea or rarible for “Ledger black on black.” Get the NFT for about 0.08 or less ETH. These NFT are redeemable for an actual Ledger X. 0.08ETH is less than the SRP of a new ledger device. Hope this saves you a few bucks. Since you mentioned being comfortable with Rarible/Opensea, how safe is purchasing one of those Ledger Nano X NFTs from there? Is one place preferred over the other, etc? Thanks in advance.
Go to Rarible, buy the black on black Ledger NFT for about 97-100 bucks, which is cheaper than the SRP. You can redeem an actual Ledger X using this NFT.
Safepal is a company incubated from Binance Labs program, while, Ledger uses a close sourced secure element chip. These are some of the arguments I’ve read in subs as to why they don’t support the these 2 wallets. My 2 cents: I chose my hardware wallet based on the crypto it natively supports. This helped me narrow down my options. Some hardware do not support newer blockchains. Others on the other hand, may support newer coins but may have to do use another front end application or site. As to the form factor you wanted something that you can attach to your car keys, I would gently advice against this. You may not want unnecessary attention to your hardware wallet. Plus, you may have to surrender your car keys for valet one fine day. If you are leaning towards Ledger and comfortable with Rarible or Opensea - here is a tip: search on opensea or rarible for “Ledger black on black.” Get the NFT for about 0.08 or less ETH. These NFT are redeemable for an actual Ledger X. 0.08ETH is less than the SRP of a new ledger device. Hope this saves you a few bucks. Whatever hardware wallet you ultimately end up with, this is already a positive step forward in securing your crypto. Good luck.
Personally… if you’ve already got a secret recovery phrase that you’ve created securely you can quite easily punch it into a ledger and connect that to say MetaMask. If you connect it as a Hardware wallet nobody can take a payment from you unless you click the buttons. You don’t even need to remember your MetaMask SRP.
Horrible idea. Consensus among every expert whose opinion I respect. Your Seed Recovery info includes both the passphrase and 24-word mnemonic. The danger of people stealing your SRP is infinitesimal compared to a "roll your own" protocol like this causing you to lose control of your assets in future not to mention your heirs. Do NOT do anything like this. Never digitise your Seed Recovery information, except to a hardware wallet or other dedicated airgapped device. Certainly never on anything capable of connecting to the internet. Etched onto steel plates, stored in multiple secure locations far from home, secure passphrase separately from 24-word mnemonic.
Kinda looks like the offer is in the eighth grade . I do not expect SRP to go up to twenty fifty a hundred dollars however I didn’t see it getting up to about the dollar fifty to a dollar seventy five range
You are not "acquiring" your coins. The only way to lose them is for you to reveal or lose your SRP You only need to restore a wallet, if you are going to spend some. Yes a HWW is the safest easy method of protecting your secrets. Also never rely solely on your memory, brains are fragile.
Yes this would be useful for international use, permanent nomads. Even befuddled homeless people should be able to secure their SRP.
I would SECURELY generate a new BIP39 Seed and its Recovery Phrase independent of any wallet client on an amnesiac air gapped linux boot computer. Then install that on a hardware wallet and use that with Electrum, or any other wallet client. The private key never touches any device that has ever been online. SRP backed up to cryptosteel in multiple locations, passphrase separate from mnemonic
I would SECURELY generate a new BIP39 Seed and its Recovery Phrase independent of any wallet client on an amnesiac air gapped linux boot computer. Then install that on a hardware wallet and use that with Electrum, or any other wallet client. The private key never touches any device that has ever been online. SRP backed up to cryptosteel in multiple locations, passphrase separate from mnemonic
>Apparently one private master key / SRP can derive millions of possible addresses? Wouldn't that process of finding all my addresses take forever? No, it is instant because the addresses are derived from the private key. It's not like the system has to go and find these addresses, they are simply "one equation away" from your private key.
What do you mean by "account number"? The 256-bit master private key can generate your 24-word SRP or vice-versa, right? So the two are really just versions of one thing?
I don't know how exactly mainstream wallets work so I can't answer your question. They may try that combination of SRP in every blockchain that they support. BTW your maths on your side question is wayyyyy off. Calculate it with permutation, not combination.
>How do I check to see that no one is already using that SRP? ez. just try importing it.
SafeRugPull (SRP) - awesome team, awesome ideas, and they know Wen Lambo! NFA/DYOR