What is a Ledger Nano S? What advantages does it offer over desktop, mobile, and paper wallets? Is it really worth spending £70 (or more) to purchase one? In this post, I tackle these questions (spoiler: I strongly recommend buying one), offer some security recommendations, and answer some frequently asked questions.
Original Post: https://quickpenguin.net/ledger-nano-s/
Overview
This post is divided into three main parts:
- The basics: Walkthrough what a hardware wallet is, the main advantages of one, where you can buy the Ledger Nano S (in the UK), and links to setup guides (if you need them).
- Security recommendations: Outline some security best practices and features of the Ledger Nano S you might not know about (e.g., hidden wallet function).
- FAQ: Answer some of the most frequently asked questions which I've seen on /r/LedgerWallet about the Ledger Nano S.
The basics
What is a hardware wallet?
Hardware wallets are USB devices - with their own screen - which don't expose your private keys. When attempting to send funds from a wallet stored on a hardware wallet, you'll be required to verify the transaction details on the hardware wallet. Even if the computer you were connected to was infected with malware, it can't touch your cryptocurrency funds without authenticating the transaction through the hardware wallet.
While a hardware wallet isn't considered as secure as cold-storage wallets (e.g., paper wallets) by some, they are much better than hot wallets (e.g., desktop or mobile wallets). They come well recommended by the cryptocurrency community due to the advantages described below.
Why should I buy a Ledger Nano S?
From my experience, the main advantages are:
- Secure: Prevents malware from hijacking your funds. All transactions must be verified on the device itself, not your computer, before they are broadcast.
- Convenient: Supports a growing number of cryptocurrencies, which you can store in one place. Also works with third-party software like MyEtherWallet (which means you can send/receive ERC-20 tokens too).
- Easy to use: Follow some simple directions and you'll be good to go - no need to be a tech wizard.
- Inexpensive: Costs approximately £70 (when you include shipping). For the peace of mind this offers, it is cheap.
- Compact and discrete: The size of a normal USB drive, with a metal casing. It is branded on the outside, but it is still discrete and portable.
Read more details about the Ledger Nano S here.
Using a Ledger Nano S also puts you in control of your cryptocurrency. Here's an exert from a recent post on Hackernoon:
For those who don’t know, leaving your coins on an exchange does not mean those coins are yours. You are simply trusting the exchange to release them to you at some point if you so request it. You have no idea of what level of security these exchanges deploy, nor should you trust any security they report to have. Your coins are stored in a trust-maximized and centralized entity, almost entirely defeating the purpose of using Bitcoin.
I don't doubt that lots of people leave significant funds on exchanges (e.g., Coinbase/GDAX, Binance, etc.,). Because of that, centralised exchanges are big targets for attackers. There are details of the (numerous) previous hacks of exchange services here. In the last month, Nicehash (a mining marketplace) lost over 4,700 BTC in a hack. This should illustrate the value in something like the Ledger Nano S.
When should I buy a hardware wallet?
Consider buying a hardware wallet like the Ledger Nano S when you have between £500 - £1000 worth of cryptocurrency (i.e., the cost is <10% of your total cryptocurrency holdings).
If you're planning to purchase more cryptocurrency in the future, buying a hardware wallet when you have less than £500 might not be a bad move either. It's a neat bit of kit - you won't regret it.
What coins and tokens are supported by the Ledger Nano S?
The Ledger Nano S supports Bitcoin (BTC), Ethereum (ETH), and Litecoin (LTC). In addition, the Ledger Nano S supports a growing number of alternative cryptocurrencies, such as Dogecoin (DOGE), Ripple (XRP), Vertcoin (VTC), Qtum (XST), and more. Through MyEtherWallet, it also supports Ethereum ERC-20 tokens (e.g., Augur, SALT, WAX). There's a video walkthrough by Boxmining which walks through using MyEtherWallet with it here.
You can find the full list of supported cryptocurrencies here (along with installation tutorials for each one).
Support for Monero (XMR), Cardano (ADA), and more (!) is in development (see here). We'll hopefully have Monero (XMR) support by the end of Q1 2018.
Where can I buy a Ledger Nano S?
You can purchase a Ledger Nano S from:
I'd recommend you purchase directly from the manufacturer (i.e., the official website) - because it seems like the cheapest place. You can find further UK resellers of the Ledger Nano S here.
Setting up your Ledger Nano S
The Ledger Nano S comes with instructions and guides you through the process on the device itself (it's straightforward).If you require it, check out:
Recommendations
Verify your 24-word seed
After you've completed the initial setup of your Ledger Nano S, it's sensible to verify that the seed you've written down is 100% correct. Follow these steps:
- Complete initial setup of Ledger Nano S.
- Transfer a small amount (<£5) of a cryptocurrency to your Ledger Nano S.
- Reset your Ledger Nano S (enter the PIN code incorrectly 3 times).
- Recover your existing wallet by entering the 24-word seed you wrote down during the initial setup.
If this works (and you're able to access the funds you previously transferred to the Ledger Nano S in step 2), then you can sleep well knowing that you've written the 24-word seed down correctly. It's a faff, but worth checking before you put serious funds onto it.
Securely store your 24-word seed
Ideally, you should:
- Not store your 24-word seed on a digital device (otherwise things like this can happen). Use paper, card, or something like Cryptosteel.
- Never enter your seed into any website.
- Split the 24-word seed into multiple parts (Winklevoss twins do exactly this).
- Create (at least) two backups of your 24-word seed and store them in two separate locations.
- Keep the location of your 24-word seed secret. Only share this with trusted parties (e.g., your beneficiary).
- Enable your hidden wallet (see below).
- Consider storing your 24-word seed in a fireproof safe or storage box.
It might be annoying to arrange, but taking these steps protects against you against the eventuality that one of your backups is compromised in some way (e.g., house burns down or is burgled). It's worth the effort for the peace of mind.
Enable your hidden wallet
The Ledger Nano S recently added a plausible deniability function, which allows you install a second (hidden) wallet on the device which is accessed through an alternative pin. In the event that an attacker is forcing you to open your Ledger Nano S, this security feature allows you to misdirect the attackers away from the wallet with the majority of your funds.The official Ledger website recommends that you:
- Use the first PIN code (the main wallet) for smaller amounts (i.e., daily use).
- Use the second PIN code (the hidden wallet) for saving and hiding larger amounts (i.e., irregular use).
In the event that attackers accessed your 24-word seed, only the main wallet (with the smaller amount of funds) would be displayed (if you set it up as described above).
You can learn more about this function, and how to set it up, here. There are recent Reddit threads here and here which might be helpful too.
It's important to understand this function properly before you enable it. Although I recommend using this function, it isn't mandatory - you can always come back to this and set it up later when you find it necessary (or you understand it better).
Verify wallet software downloads
Always verify that the wallet software you're installing is official. Ideally, follow instructions and links on the official website and sense-check them (e.g., is the author legit?) too.
You can find links to relevant documentation (including tutorials) for each supported cryptocurrency on the official website here.
Why do I bother mentioning this? Recently, there was a fake Ledger Manager which popped up as the first result when searching the Chrome web store. It was removed from the Chrome web store shortly after, but it probably caught some people out.
Somewhere around Q1 and Q2 of 2018, we're expecting the Ledger team to release a new set of native apps (instead of running through Chrome). You can keep up-to-date with their progress by checking their Trello board.
FAQ
If I uninstall applications on the Ledger Nano S, will I lose all my coins?
No. From this guide, Ledger support staff clarify that:
...your Nano S can hold about 5 applications at the same time, but you can deal with many more applications - as many as stated on the Ledger Manager - by removing and installing the ones you need to manage. Removing an application won't make you lose your coins: you will be able to see your balance and transact as soon as the coin application has been installed again.
Why does my bitcoin (BTC) receiving address change every time I use it?
This is a feature which helps protect your privacy. All of the addresses it gives you are linked to the same wallet. This support article explains that:
Ledger Wallet Bitcoin Chrome application manages multiple addresses on the same account as it supports Hierarchical Derministic (HD) protocol, a security and privacy feature. So each time you want to receive bitcoins, it generates a new address always pointing to your own account. Of course, each address remains active and yours, if you need to use them more than once. Each transaction will be displayed on your application.
What happens if I lose my Ledger Nano S?
If someone attempts to access your Ledger Nano S, it will be wiped if the incorrect PIN is input 3 times. You can select a PIN code which has 4, 5, 6, 7, or 8 digits from 0-9. For a 4-digit PIN, there are 10,000 possible combinations (100,000,000 if you use an 8-digit PIN). If you've selected a truly random PIN code, the chances of someone guessing it (in just 3 attempts) are low. Check out this post and don't set a PIN which is easy to guess (e.g., your birth year, repeating digits, 1234, etc.,). I'd recommend you set a randomised 8-digit PIN.
You can access your wallets (and funds) by restoring on another Ledger Nano S using your 24-word seed. Even if your old (1st) device is not wiped, you can restore and access your wallets on another (2nd) Ledger Nano S by going through the restoration process on it - without impacting the state of the old (1st) device.
This should highlight why securing your 24-word seed is critical. If someone gets access to it (without you knowing), they can easily sweep all your funds. This is why I also recommend eventually setting up the hidden wallet function (see above) so that the majority of your funds are not lost if your 24-word seed is compromised.
What attacks are still possible?
Hardware wallets require you to verify transactions on the physical device before they are broadcast. Whatever is shown on the device (destination address, amount to send, and fee paid) can't be changed thereafter. As long as you verify that the address shown on the hardware wallet itself is correct, you should be fine. Even if malware modifies the destination address (when copy/pasting), you should be able to spot this when verifying the transaction details on the hardware wallet.
However, if the destination address is modified before you get to it (e.g., the address is changed on-screen before you copy it), then there would no discrepancy when verifying the transaction on the hardware wallet. In such cases, you might unknowingly verify a malevolent transaction. In such cases, the hardware wallet is not to blame (it fulfilled its purpose).
A Reddit user brings up a valid point here too. Mere ownership of a hardware wallet flags you as a cryptocurrency user, which might be something you want to keep secret. While the Ledger Nano S is more discrete than the Trezor, I would prefer something even more discrete than the Ledger for this reason. Just keep it well hidden when not in use and you'll avoid this issue.
There is also the risk of a wrench attack, which I've described previously in the 'Enable your hidden wallet' section above. You can reduce your risk of being targeted by being sensible with the information your broadcast about your activities and investments online and in real life. If you do disclose information about your investments, do make sure you clearly convey the confidential nature to the other party (and the reasons why it has to be so).
Read about further security risks here.
How can I verify the integrity of the Ledger Nano S?
If you want to verify the integrity of the Ledger Nano S yourself (to verify yourself that it hasn't been tampered with), then you can find details here to start you off. This is for advanced users only.
Are there alternatives to the Ledger Nano S?
You could check out the Trezor - but it's more expensive and supports fewer cryptocurrencies.
There are also Bitcoin 'credit sticks' available from Opendime. There's also the (recently announced) Coinkite Coldcard (by the same company). You can buy these from MyHardwareWallet (a UK reseller). Both these options look interesting, but I wouldn't recommend them (for beginners) over the Ledger Nano S or Trezor.
Need help?
You can usually find answers to your questions, as well as the most up-to-date news, from these resources:
Anything to add?
Did I miss something? Or did I make a mistake? Let me know in the comments below or tweet me. I do appreciate feedback and comments.