Error: bad signature

[ghost]

A few users are reporting the error "1010: Invalid Transaction: Transaction has a bad signature" when trying to send KSM/DOT from their Ledger.

What does this error refer to? Can more context be added to the description?

[elfif]

Agreed. I'm usually very supportive regarding open source. But there is some real money on the line. I send my KSM to that wallet in order to stake it and i haven't been able to. It's been more than 2 weeks now. In the end your inaction is keeping some people money frozen. That's just bad.

[feelwelltm]

That's just b

yes they have to move !!!!!!

[feelwelltm]

from ledger no answer from 2 emails a week ago!!!! trash support from ledger

[jacogr]

As the ZondaX stated above, they are working on a recovery app which is the preferred option since the mnemonic never leaves the device. Additionally as they said (this team does the apps for Ledger for Polkadot & Kusama) anything else but the recovery app is not something they endorse nor would recommend.

Similar how crypto wallets in other ecosystems allow you to import Ledger-derived accounts directly, there are 2 other options already available which allows you to derive a compatible account and use that seed. Neither of these other options have been announced (although people following GH are aware of them), the lack of any announcement is specifically to allow for the first-prize option to be completed and to be available on the Ledger store.

The first non-recommended alternative is a command-line tool that can derive the ed25519 key from the mnemonic (already used by some in this thread on non-primary computers), the other is using the create account on the apps UI with the Ledger-compatible crypto option.

The primary objective for these are that you are not just dependent on one vendor implementation i.e. there are valid reasons to want recovery on another device (so it is not completely back-boxed and certainly vendor-neutral), however the ability to do this is also why there are so many "enter your mnemonic" phishing sites out in the wild.

TL:DR The best is waiting for the Ledger app from the ZondaX team, they are working hard on it, there are alternatives if you are willing to follow a strongly-not-endorsed approach.

[elfif]

Hello @jacogr and thanks for your answer that is putting some perspective. First i bought a ledger to avoid entering my mnemonics, so i do not consider the alternatives you are talking about and i think they should not be disclosed. Second i understand the issue is "in between" Zondax team and polkadot-js team, this thread is in polkadot-js so maybe we should more complain on the KSM ledger app Github repo regarding delay. On the other side the thing that scares me even more than my own case is the fact the issue is still out there, i mean i just tested polkadot-js and apart from a vague warning the option to make an account visible on all network is still present so basically even today someone could still end up in my situation, which is fully unacceptable. This kind of situation makes me wonder about who is the pilot in that plane. Even before thinking about how to help us recover our KSM the first priority should have been to stop the bleeding and not just by providing a warning.......

[jleni]

We've been definitely working hard on this special recovery mode to allow people retrieve KSM that were sent to incorrect pubkeys.

The code is ready and we are talking to Ledger to streamline the review process and publication.

Kusama App - DOT recovery mode

PLEASE DO NOT USE THIS CODE. THE APP WILL BE PUBLISHED VIA THE OFFICIAL CHANNELS SOON.

In the meantime, we are working on some detailed instructions once the app is published to mitigate any other user mistakes.

I agree that it would be important to avoid this from happening at the UI/UX level. In particular, we don't think this "recovery mode" should be kept as part of future releases and we will deprecate and remove it in the near future.

[jacogr]

The warning was not added for Ledger. Ledger accounts are not handled in any other way than other accounts. It was specifically added so people are aware of which accounts are shared between networks, most users have the bulk tied to networks, but some specific ones not. (Same reason why dev accounts are marked in a similar fashion)

The apps UI does not do handholding, doing so is not a focus. It is certainly not the simplest solution out there and it is not meant to be, the primary focus is on making it the most comprehensive advanced tool. I know this is not the expectation, but it is the reality of where focus is going.

There is lot that can and should be done. Around accounts there is a grant being worked on that has been awarded to a team that will finally bring some streamlining into at least the accounts sections (catering for non-advanced users that need guidance).

[elfif]

@jleni thanks for the update. I also posted on The KSM Ledger app issue, Zondax should update status there aswell.... My question is : "Do you have any idea how much people are impacted ?" Some users may have just deposited some KSM on the wrong address and never tried to access it since. We are only a few people complaining here but the issue was so easy to encounter you may have way more cases in the wild.....

[MagnatUK]

I hope this will be fixed. It is auctions time soon and funds have to be freed ;] Hope Ledger will be quick. Pls update here asap. thx

[feelwelltm]

YES YOU ARE RIGHT !!!!!!!!!!!!😎

[feelwelltm]

WE NEED THE KUSAMA FREE TO MOVE AROUND !!!!!!!!!!!!!🤐

[feelwelltm]

NO ANSWER FROM LEDGER YET???? I CANT EVEN STALKING WITH POLKADOT FROM LEDGER DO SOMETHING,AND MY KUSAMA ARE BLOCKED IN THE DOT ADRESS !!!!!!!!!

[daledenton1]

Nothing as yet! I've got over 100 KSM and 660 DOT that I can't do a fucking thing with!! They were hoping for it to be fixed within the week which was last week. This is real money, not a fucking game! This should not have happened! I'll be taking both my KSM and DOT out of Polkadot.js as soon as this is fixed. I've since found Kraken does staking for DOT and KSM that's a lot more straightforward than the polkadot.js crap!!

[Eightill]

I'm an average retail investor with the same problem. Getting the 1010 error when trying to withdraw KSM tokens and a "bad signature" error when trying to withdraw Edgeware tokens.

To the folks working on this issue: do you think the Edgeware errors are related to the KSM/1010 error?

Also, I'm not going to be like feelwelltm above and yell in all caps and use a hundred exclamation points, but this IS seriously inconvenient. Will you kindly post an update on this? Thank you!

[feelwelltm]

first error Spec version not supported. second error 1010,all my dot and Kusama are blocked I can't do a fucking thing with! polkadot.js is really a trap,really this is a game for your company with our real money???? daledenton1 you are 100% right...who knows how many people have the same problem and even don't know. Eightill this are my savings and is a big amount not a fucking game like daledenton1 is saying. WE WHANT THE MONEY FREE TO MOVE!

[MagnatUK]

Any update from Ledger ?

[elfif]

In my opinion guys we are complaining on the wrong place. I have some KSM stuck also, just to be clear. A fix is on this way on the ledger KSM app repository. Issue is declared there too : https://github.com/Zondax/ledger-kusama/issues/56 Development to have a recovery mode is done too : https://github.com/Zondax/ledger-kusama/pull/64

Now i'm not sure what is the current status of that process. I think they have to build a new version of the app containing that fix, test it intensively, submit it to ledger, wait for validation and prepare a documentation.

They are careful and i agree with that, even if it takes time, no one wants the cure to be worse than the poison.

[MagnatUK]

I was given this website by polkadot support. They said it should be fixed this week. We have Friday ... as long as it will be fixed before kusama auctions I can survive but losing on possible staking rewards ...

[feelwelltm]

in the ledger today was an update with kusama,I have made the update in my ledger but the same error 1010....offffff

[gorgos]

in the ledger today was an update with kusama,I have made the update in my ledger but the same error 1010....offffff

See my comment here, maybe try the second app version.

[elfif]

Hello there. @gorgos =>I successfully installed the kusama_sec app.
@feelwelltm @daledenton1 => you need to enable "Developer mode" in settings => experimental feature of ledger live. Then you will see the app called kusama_sec.

Nevertheless, issue remains on my side. I went to polkadot-js and i follow those steps:

• Switched to on the "only for this network" radiobox on my polkadot account that is managed by my Ledger
• Went to Kusama network and removed all accounts, just in case.
• Launch the kusama_sec on my ledger
• Import account from my Ledger

And then yes an account appeared, but it's empty. My KSMs are not there. This app generated yet another account with another public address. But it's still not the good one.

I have no idea how this thing got tested or even if there is only one potential issue regarding interactions between polkadot-js and Ledger......... I do believe this kusama_sec app might fix the issue for some but it fixes nothing in my case. Or maybe i'm not using it correctly, which is totally possible as no one issued instructions regarding how to use it.

[gorgos]

@elfif Going from the referenced PR: https://github.com/Zondax/ledger-kusama/pull/64/files#diff-23182787290de2724918bd148338edf92d101964ded597c540736d050a831f70R30-R34, you should be seeing a 'You are about to enable the DOT recovery mode.' message. You'll have to activate this somehow, I would look in the Kusama Ledger app settings on your device.

[elfif]

@gorgos, i checked already, nothing there apart enabling expertmode, which i did and it changes nothing

[jleni]

As explained here https://github.com/Zondax/ledger-kusama/issues/66#issuecomment-778172779 the last release was NOT about recovering KSM sent to Polkadot pubkeys.

As previously described, this is a very specific case (incorrectly sending coin to pubkeys in other chains) requires a recovery feature that is not standard and involves multiple stakeholders and a more complex process to get released. It is very unfortunate for affected people. We have been asked to contribute with a recovery solution for this community issue and several people in our team (in addition to other stakeholders) are working on a tool to help everyone affected.

We will soon provide access to this tool, videos, tutorials, etc. but we must follow the right process.

[dartollen]

Could we please have a status update? Thanks very much.

[daledenton1]

Anything??????

[elfif]

The way this issue is handled is a massive joke.

@jacogr you said 14 days ago that user handholding and so on was not in the actual priority for this project , like basically you do not care, this project in its actual state allows users to get their money stuck without receiving any warnings and it's normal..... @jacogr & @actions-user you seems to be the 2 devs really in charge here based on commit activity. You know during those last 14 days some more people got some money stuck because YOU DID NOTHING to warn them ? But in the same time you kept comitting some other stuffs to polkadot-js, because yes, this is a wallet after all, so allowing people to use it to keep their money safe is not a priority....

This thing is a joke

[jacogr]

The "actions-user" is a CI bot.

You can already re-create your account using the apps UI, so there is nothing that stops extraction and indeed it an avenue taken by people already that didn't want to wait on a Ledger recovery app.

The warnings for unassigned accounts are in the UI.

[Eightill]

Still getting the 1010 error also. WTF Kusama?!?! This is seriously BS.

[daledenton1]

Is there a tutorial or a walk through that is available for this process? Or is there someone willing to do one? I want out!!

[carlmcconnel]

So this supports Ledger accounts natively for a couple of weeks now. So not sure why people are swearing and waiting on a "Ledger recovery app" when you can just add the account anyway if desperate don't think it is good to need to have a Ledger to get access to funds for instance of Ethereum I can import my Ledger accounts without the Ledger.

Did this for mine to create additional peace of mind after I asked https://github.com/polkadot-js/apps/issues/4668 - there was also somebody commenting there on this issue where he unlocked.

• go to accounts
• remove the account
• use the + account
• selected advanced to get to the Ledger type option
• selected correct app and the account and address numbers
• check address against expected
• create
• use as normal

if you sent on the DOT network but only have a KSM app you obviously connect to polkadot and when creating select the kusama app or the pother way around. Hence the check against the address.

Once transferred, you can just remove the account and add your Ledger back - this is what I did after making sure I can use the account in the app and in the extension. Anyway for me after i know it is working feel safer now so if something does happen I always can always create the raw account and have access - as long as I have my seed.

[dartollen]

The issue is not that people can't add Ledger accounts. The issue is that people added a DOT Ledger account, then switched networks to KSM. That same DOT account is then auto-translated by polkadot.js.org into KSM format. However, if you send KSM to that translated KSM address, you can't recover it because you can't sign transactions using the KSM app on the Ledger. If you add a new KSM account from Ledger using same address type/index 0/0, it results in a completely different wallet address from the translated DOT address. People are very frustrated that they have significant amounts of money locked in accounts they cannot access. Solutions have been promised but not provided and no substantive updates have been given for weeks now. If there is some method of extracting via polkadot.js.org, much clearer instructions are needed.

[carlmcconnel]

That is exactly what the account import allows so you can add the translated address with the correct keys. In you example is the same as my steps that i set above

• connect to kusama,
• go to accounts,
• plus account,
• insert mnemonic,
• select advanced options,
• select type to be ledger,
• select polkadot type app (your example had ksm sent to dot app),
• create,
• use

[dartollen]

Thank you for the explanation - I appreciate that. The problem is that this solution involves the mnemonic leaving the Ledger. This defeats the whole purpose of using the Ledger in the first place and jeopardises the security of all accounts in all cryptocurrencies stored on that Ledger. It's good to know that there is a possible workaround, but it is not a solution which is compatible with the concept of using a hardware wallet.

[carlmcconnel]

Understood. I read above and my soliution is just 1 of the 3 suggested, there seems to be a ledger app one on the way.

[jleni]

The upgrade to both apps got accepted.. they should be published by Ledger very soon:

https://github.com/LedgerHQ/app-kusama/pull/7 https://github.com/LedgerHQ/app-polkadot/pull/4

Blog and videos are also ready to go! Stay tuned

You can find a bit more info here: https://medium.com/zondax/introducing-ksm-recovery-mode-465a1a30e6df

[dartollen]

Thank you for the update, Juan - much appreciated.

[icollectassets]

I'm throwing my ledger away. I just would like access my ksm. Please let me know if there's any way to access. There's been a lot of people "knowing what they're talking about" yet don't in this thread.

On Mon, Feb 22, 2021, 8:14 AM dartollen notifications@github.com wrote:

Thank you for the update, Juan - much appreciated.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/polkadot-js/apps/issues/4487#issuecomment-783404482, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ2V5OZASTRAW2M4NUKMH63TAJREXANCNFSM4WRK6G3A .

[daledenton1]

Very soon never seems to be that soon!

On 23 Feb 2021, at 8:07 am, ohhichase notifications@github.com wrote:



I'm throwing my ledger away. I just would like access my ksm. Please let me know if there's any way to access. There's been a lot of people "knowing what they're talking about" yet don't in this thread.

On Mon, Feb 22, 2021, 8:14 AM dartollen notifications@github.com wrote:

Thank you for the update, Juan - much appreciated.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/polkadot-js/apps/issues/4487#issuecomment-783404482, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ2V5OZASTRAW2M4NUKMH63TAJREXANCNFSM4WRK6G3A .

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fpolkadot-js%2Fapps%2Fissues%2F4487%23issuecomment-783674885&data=04%7C01%7C%7C1941085eb5e440fc76df08d8d775d6b4%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637496248399029241%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AmTJH8esCFn94dirxS9jMIPC7RQ0dncAheszTnzd1tw%3D&reserved=0, or unsubscribehttps://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FASUT2CPYGPANZ4YGIRFU7PLTALBQJANCNFSM4WRK6G3A&data=04%7C01%7C%7C1941085eb5e440fc76df08d8d775d6b4%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637496248399039232%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=l5n20X7kjx8lFUMZKHVlC5m1sdIs%2FoVrCMp3w0myrrA%3D&reserved=0.

[daledenton1]

The Ledger is a piece of junk! Doesn't even support most of the tokens I own. It's caused me nothing but headaches! Why release something that doesn't even work?!?!

[icollectassets]

its been 28 days, i see theres an update, it says the solution was to be released in a couple hours, but i dont see any way to do it. i need to remove my ksm, and sell it to make up for everything else in the market, please someone stop what they are doing thats more important than thousands and thousands of our money likely hundreds of thousands and explain this... my ksm isnt staking, this is 28 days of this.. one of you have to understand the urgency, and for whatever reason we get blamed for doing it when its a pretty shitty design maybe the use only on this network should explain what that does. anyone want to help? ill give you the fucking 24 word phrase at this point, i just want to be out of this wallet.

[daledenton1]

They think everyone is a fucking computer engineer and can just figure this shit out! One wrong click and goodbye to my $$$

[gorgos]

Guys I understand your frustration, but you're really complaining at the wrong place about the wrong things.

The initial issue: This has never been an issue with Ledger itself and not even with the separate company developing the Ledger Polkadot/Kusama app. They worked as expected and correctly. The issue was a UX problem inside polkadot.js. And as it seems it's only one guy working on polkadot.js, so you can't really blame him either. I think it would be good for Polkadot to allocate more funding towards polkadot.js. Add a few more devs and a UX designer.

The long wait for the fix: This has never been an issue with polkadot.js, nor the Ledger app devs. They added a fix pretty quickly, but I guess it takes time for Ledger to review apps. And you can't really blame Ledger either for doing proper app reviews. If they didn't, it would jeopardize the security of all Ledger users.

So again, no point complaining here. Send a message to the Polkadot support asking that polkadot.js should become more user-friendly. And don't forget no funds here were ever lost, you just have to wait.

[daledenton1]

So it's no one's fault then?! My funds just got stuck but hey I must have caused it!

[gorgos]

So it's no one's fault then?! My funds just got stuck but hey I must have caused it!

As I said, it's not your fault, but the core issue was Polkadot has missed that they are a number 4 coin now and completely gone into mainstream despite not even doing that much marketing. And with the publicity come users that require an easy to understand interface. Polkadot has such amazing dev support and documentation and tech, so now it's time to also make this more accessible to end users.

[icollectassets]

dude, give us the way to get it with our phrase so it can be on us. we want a solution this underdeveloped piece of shit app shouldnt have ever been put on ledger. period. dot and ksm should be taking this a little more seriously.

[icollectassets]

ksm is the only coin up.. i need to relocate that money. or break open treasury and compensate

[daledenton1]

Yeah would have been nice to have access before this massive fucking crash!

[gorgos]

dude, give us the way to get it with our phrase so it can be on us. we want a solution this underdeveloped piece of shit app shouldnt have ever been put on ledger. period. dot and ksm should be taking this a little more seriously.

Instructions were already posted here: https://github.com/polkadot-js/apps/issues/4487#issuecomment-783344215. With the note that this should only be done if you have only KSM on Ledger and afterwards reset it to a new mnemonic.

[icollectassets]

so the dot i have 5 days left unstaking makes it where i cant do it? this is definitely a fuck up someone isnt admitting to. in no way would something be designed like this.