Why I Stopped Using Ledger Hardware Wallets

This is a Ledger Nano S, and this is a Ledger Nano X. These were my first ever hardware wallets. Now, I have too many to count. These Ledger devices of mine did a great job. They kept my Bitcoin secure at the beginning of my self-custody journey, but eventually I discovered that Ledger has some serious security flaws, and it may not be the most secure way to store my Bitcoin. I completely stopped using Ledger a long time ago, and I never recommend Ledger to my clients. In this video, I will explain exactly why. I will begin with the issues that are quite concerning, but may not impact the actual security of your funds. Then, closer to the end of the video, I will explain the problems that really cross the line. Before we begin, my name is Cole, and I run the Southern Bitcoin a YouTube channel, which you're currently watching. I also run a consulting business where I help people build their Bitcoin security setups one-on-one, tailored to their own needs. If you need help with Bitcoin security, you can book a free call with me below. And with that, let's jump right into the video. Let's begin by discussing Ledger's database breaches. When you buy a new Ledger, you're going to have to provide them with your email address, your name, surname, and your home address or your PO box. Unfortunately, Ledger has had two major data breaches where all of this information has been made public for the entire world to see. This is particularly bad for a company that sells hardware wallets. Attackers don't just know your name, your email, and where you live, they also know that you own a hardware wallet, and they probably know that you own cryptocurrency at that address. The worst leak from Ledger was back in 2020, and if we read this blog post from Ledger themselves, we can see that approximately 1 million email addresses were leaked, and on top of that, the personal information of 272,000 users was leaked as well. That included your postal address or your home address, your first name, your last name, your telephone number, and your email address as well. So, all this information was leaked for the entire internet to see. Scammers, hackers, and attackers had access to this, and the consequences were severe. Massive phishing campaigns were launched against these email addresses, and these people who gave Ledger their home addresses. If we take a look at another blog post from Ledger, we can see some of the top phishing campaigns that are going on at the moment. So, firstly, here we have some fake emails that are being sent to Ledger users' email addresses, and it will usually be something like this. Following a security incident, we now require 2FA on your account. Please click this link to set it up. This email was not sent from Ledger. It was sent from a scammer, and when you click this link, you will probably be asked for your Bitcoin seed phrase. And when you put that seed phrase into this fake website, they will quickly extract that seed and wipe all the cryptocurrency from your wallet. These are just two examples of fake emails, but scammers have probably created a thousands of different variants, and they've probably sent millions of emails by now trying to scam people of their cryptocurrency. If we scroll down, we can see that people are even being sent physical mail. Here is a physical piece of paper that was sent to one of these people with a QR code, and it doesn't quite end there. In January 2026, another breach happened with Ledger customer data. One of the most important parts of keeping your Bitcoin safe is operational security. This is being private about your holdings and how you secure your coins. This breach definitely did not help. In the modern day, preventing leaks like this is quite difficult, but there are other hardware wallet companies that respect your privacy far more than Ledger does. These other companies take minimal data, and they completely wipe your personal information after you've received your order. We also have DIY hardware wallets like the Seed Signer that allow you to build a hardware wallet without ever handing over information to any third-party company, and that is point number one. Ledger has a history of not keeping your private data secure, and as a result, millions of people are constantly being harassed by scammers and attackers, as I've shown you on screen. The next thing I want to discuss is Ledger's multi-coin design. I personally believe that Bitcoin is the best asset to own. There is no second-best cryptocurrency, and that is why this channel focuses on Bitcoin security. If you're anything like me, you probably want a hardware wallet that is dedicated to keeping your Bitcoin as secure as possible. But Ledger supports thousands of different tokens and altcoins. They do DeFi, NFTs, and they have staking functionality. Now, here's the problem. Supporting thousands of tokens means that the code base on your Ledger is very large and complex. More code means more potential vulnerabilities, more attack surface, and it's simply harder to audit the entire system. And because the developers are focused on supporting thousands of coins, they are not fully and completely focused on keeping your Bitcoin secure and bringing you the latest Bitcoin features. That's why I prefer Bitcoin-only hardware wallets. Devices like the Coldcard or Seed Signer have far simpler firmware. They are easier to audit, and they have less attack surface. The developers are completely focused on securing Bitcoin and bringing you the latest Bitcoin features. They are not worried about managing thousands of random coins. Now, to be fair to Ledger, they do have a world-class team, and they spend a lot of money on research and development. They also have an app isolation model on their devices. This means that you install individual apps for each currency, and in theory, the Bitcoin app is isolated from the Ethereum app, and so on. They've done real engineering work here, and that is a genuine layer of protection. But I still prefer a hardware wallet that has one job, to keep my Bitcoin secure and bring me the latest Bitcoin features. Another design difference between Ledger and other hardware wallets is how they connect to your computer. Ledger connects to your computer or your phone with a USB cable or with Bluetooth. Other hardware wallets like the Coldcard or the Seed Signer do not require a cable connection at all. These devices use SD card or QR codes. These devices never plug directly into your computer, and that means they are air-gapped. With air-gapped devices, you decide when your computer talks to your wallet. With USB, the communication is continuous and automatic. As soon as you plug that device in. The next point I want to make is the Ledger wallet dependency, but first, a bit of context. When you use a hardware wallet, there are two key components that you will interact with. Firstly, you have the hardware wallet itself, and then you have the companion app that sits on your computer. For Ledger in particular, you would plug your Ledger into your computer, and you would connect that to the Ledger wallet companion app, previously known as Ledger Live. Other hardware wallets like Coldcard and Seed Signer are designed to work with any companion you want from the beginning. You set them up, and you connect them to whichever software tool you prefer. You could use Sparrow wallet, Blue wallet, Electrum, whatever feels right for you. Ledger doesn't work this way. If you buy and use a Ledger, you must use the Ledger wallet app to do the initial setup of your device, to download new apps, and to update firmware. You can use third-party wallets later, but everyone must start with Ledger wallet, and most people just stick with it. So, what's the problem with Ledger wallet? The first issue is privacy. Just by reading Ledger's privacy policy, you can see that they store information about you. For example, they collect your wallet address and on-chain data in order to calculate the global amount of assets that Ledger secures. I would suggest reading their privacy policy to read all the info they collect and store about you. Ledger wallet also connects to Ledger's service by default to fetch your balances and your transaction history. This means that Ledger's infrastructure must see your crypto addresses, and they must see your transaction history, so that they can tell you what your balances are. Ledger also does not let you connect to your own Bitcoin node at all. So, if you use Ledger, you can never fix this privacy issue, and you can never be a truly private Bitcoin holder. In contrast, a companion app like Sparrow doesn't collect user data at all. You can connect it to your own node, and your information stays with you and only you. Another reason I don't like Ledger wallet is because it's completely cluttered. They push a whole bunch of services on you, buying, selling, Ledger Recover, and a card service. Ledger wallet is basically designed to generate more revenue from you. I just want a wallet and that's all. When I consult for people and help them secure Bitcoin, I want the same thing for them. I want them to use a clean, focused wallet, not a platform that's designed to upsell them. Now, the [clears throat] next two issues I will discuss are the more serious security issues. They build on top of each other, so I want to explain them in order. When you set up your hardware wallet for the first time, you will be given a seed phrase. This is a set of 12 or 24 words that looks something like this. These words are everything. Anybody who has your seed phrase can access your crypto. Hardware wallets were invented and are specifically designed to keep the seed phrase secure. They generate it completely offline, they store it offline, and they never let it leave the device. They do this with a specialized chip known as the secure element. The secure element is what actually stores your seed phrase and approves transactions. It is built to be secure against all sorts of different attacks. Now, here is the issue with Ledger. The core firmware that runs this secure element chip, so the code that manages your seed phrase is completely closed source. This means nobody can independently verify or audit the code that manages your seed phrase. We have no way of telling what the code actually does inside of your Ledger. Another hardware wallet, Trezor, is fully open source. Both the firmware and the hardware are open. SeedSigner is another option that does not use a secure element at all, and it is also completely open source. With Ledger, you are trusting their word that the closed source firmware behaves honestly. With the open source alternatives I mentioned, you can verify this yourself. The whole point of Bitcoin is to not trust, but to verify. With Ledger's model, you must trust them. If you are currently using Ledger and you want help migrating to a more secure setup, or you are just not confident in the security of your Bitcoin, I offer one-on-one consulting where we work through your setup together. If you're interested, you can book a free introduction call with me. I will leave a link to that below and a QR code on screen. And this brings us to our next issue, which ties everything together. In May 2023, Ledger announced a service called Ledger Recover. It's a subscription service that encrypts your seed phrase, extracts it from your device, and splits it into three shards. Those three shards are then shared with three custodians: Ledger, Coincover, and EscrowTech. The idea is that if you ever lose your Ledger and your seed phrase backup, you can use this service to recover your cryptocurrency. When Ledger announced this new service, it was not well received at all, and many people vowed to never use Ledger again. And I will explain exactly why. Your hardware wallet is designed to keep your seed phrase secure. It's supposed to never leave the device, but this service does just that. If you opt into Ledger Recover, it encrypts and extracts your seed phrase from your device and sends it to third parties over the internet. Let me repeat that. It pulls your seed phrase from the device and sends it to third parties online. This is the complete opposite of what a hardware wallet is supposed to do. A hardware wallet is supposed to keep your seed phrase offline. It's the whole reason you bought one. Now, it is important to note that this service is optional. Ledger users are not forced to use Ledger Recover, and if you do not use it, Ledger will not extract your seed phrase and share it with these third parties. But here is where the deeper problem lies. The fact that this service exists means that the firmware has the technical ability to extract your seed phrase and transmit it online. Before this announcement, users assumed that this was impossible, that the secure element was a one-way vault. After the announcement of this new service and the massive backlash, Ledger tweeted and then deleted this tweet. Technically speaking, it is and always has been possible to write firmware that facilitates key extraction. You have always trusted Ledger not to deploy such firmware, whether you knew it or not. And because the firmware is closed source, as previously discussed, you have no way to verify whether this extraction capability is limited to Ledger recovery or whether it can be triggered in other ways. You are ultimately trusting that Ledger only allows seed extraction under the conditions that they describe, and you cannot verify that yourself. If you do use this service, which I strongly recommend against, Ledger has also admitted that a government could subpoena the custodians and access your funds. Coincover's own FAQ has confirmed that they will comply with production orders from law enforcement. So, not only are you trusting third parties with your seed phrase, they can also hand over your coins to the government if they are ordered to. Ledger Recover is completely against the ethos of Bitcoin and of being your own bank. And because of that, I can never support Ledger or recommend them. If you want to understand how Bitcoin wallets actually work and how to keep your coins secure, I have a full course that teaches Bitcoin security from the beginning. You can learn more at the bitcoin course.com, and I will leave a link in the description. The code airgap20 will get you 20% off. And that [snorts] is the end of this video. If you have any thoughts or questions, leave a comment below, and I will see you in the next one. Cheers.