This review is NOT sponsored.
From the beginning of 2017, I’ve been a user of Ledger hardware wallets, and today I’d like to share an updated review of the Nano X.
The purpose of this review is both to introduce the wallet to those who are unfamiliar with it and to highlight some of the enhancements made since the product’s initial release in 2018.
Because my primary concern is security, I will also provide some important information that I hope will assist you in remaining safe and avoiding being scammed.
What’s a Ledger Nano X?
Known as a hardware wallet, the Nano X is capable of storing up to 100 different assets at the same time and supports over 1500 different assets.
In addition to the mainstream cryptocurrencies such as bitcoin, ethereum, ripple, litecoin, Stellar, and monero, it also supports many alternative cryptocurrencies and their derivatives, such as ripple.
The following is a comprehensive list of the assets that are supported.
On the outside, the Nano X is similar in appearance to a pen drive, with a stainless steel cap.
However, despite the fact that the Nano is made of plastic, it feels significantly more durable than the average pen drive.
The device has a screen with a resolution of 3013 mm and two buttons.
It can be connected to your computer via USB (for MacOS or Windows) or to your phone via Bluetooth (for iOS 9 or Android 7 or higher versions).
While the Nano X appears to be straightforward, the device is actually quite sophisticated, sporting a ST33J2M0 secure element of the highest quality and its own operating system.
If the device is protected against remote attacks, it is also highly resistant to attacks even if the device is compromised physically, as in the unfortunate event that a hacker gains physical access to it.
Note: I say “highly resistant to attacks” to avoid confusion. If your device gets lost or stolen, it’s critical to restore your funds with the recovery seed and transfer them to a different wallet asap. No matter how secure the device is, you don’t want hackers to possess the chip that has your encrypted keys on it.
What does the Ledger Nano X do?
The device has two functions:
The first one is to store your personal keys. As you are probably aware by now, all of the coins are stored on the blockchain; your wallet merely contains a set of keys that prove your ownership of the coins stored on the blockchain.
Create a so-called software wallet on your computer and back up your keys on a USB stick, or even create a cloud wallet and put your trust in a third party to store your keys for you, as described above. While this is not a particularly bad idea for small amounts of cryptocurrency, it is far from safe for larger amounts.
If you have a computer or a smartphone, you are probably aware of the vulnerability to hacker attacks. Even the most sophisticated antivirus software cannot detect a number of keyloggers and trojans, which can immediately begin leaking your personal information to hackers as soon as they appear on your device.
When the Nano X enters the picture, things get interesting. Its second function is to authorize transactions while keeping the private keys secret.
Following these steps will make operating a cryptocurrency wallet from an infected computer or smartphone safer, as long as you adhere to the rules and regulations (as detailed in the sections below).
Transactions are signed by the Nano X, which has signing authority. In spite of the fact that you are unable to initiate transactions directly from the device, you can use it to manually confirm every transaction you make by pressing one of the two physical buttons located on the device.
Here’s how it works:
- You start by creating your wallet on the device, and you write down the recovery words somewhere safe.
- Then, you link a software wallet of your choice to your Ledger device. This way, you can use the interface of that software wallet to manage the funds on your Ledger.
- Every time you send crypto to someone, you will have to either confirm or deny the transaction by pressing one of the two buttons on your Nano X. The screen will display the recipient address, which will allow you to verify that you’re sending the funds to the right person.
- If a transaction was initiated by a hacker, you will be able to decline it, and keep your money safe.
Simply put, if a hacker is successful in initiating a transaction from your wallet, they will not be able to complete it unless you physically press the button on your Ledger to confirm the transaction.
Observation: Although the Ledger provides an additional layer of protection against hackers, it is still recommended that it only be used in conjunction with a computer that has a freshly installed operating system in order to avoid MITM attacks.
More on that in a moment.
What’s New: Ledger Live
Initially, all Ledger devices were designed to work exclusively with third-party wallets and exchanges. The majority of the major wallets and websites allow you to connect your ledger device to them in order to add an additional layer of security.
Now, Ledger has decided to simplify things for their customers by releasing their own app, which features a simple interface for storing, buying, selling, swapping, and stacking crypto. Mac OS, Windows, iOS, and Android users can download the app.
Although Ledger developed the app, two of its key functions are still powered by third parties – the buy/sell option is powered by the Coinify gateway, and the swap option by Changelly.
To avoid scams, download the app from the official Ledger website.
What happens if you lose or steal your Nano X?
If this unfortunate event occurs, you will most likely have enough time to use your 24-word recovery phrase on a new device to regain access to your funds and transfer them to a new wallet.
This is how.
As you are probably aware, the wallet is secured by a four- or eight-digit pin.
If the wrong pin is entered three times in a row, the seed is deleted from the device, protecting it from brute force attacks.
There have been discussions about additional methods that a hacker could use to access the data on the chip, but those require time and specialized equipment.
What if you forget your twenty-four-word recovery phrase?
If you retain access to your ledger, you can create a new wallet (be sure to record the new recovery phrase) and transfer all your funds to it.
Pro Tip: You can backup your recovery seed using a Cryptosteel Capsule Solo or billfodl.
The Nano X is the most recent model, and it includes more features and provides a more enjoyable user experience than the Nano S.
Both devices are still manufactured and supported by Ledger, with one significant difference being the user experience:
Additionally, visit the official website!
|Ledger Nano X||Ledger Nano S|
|Apps installed simultaneously||Up to 100||Up to 20|
|Compatible crypto assets||1,500+||1,500+|
|Bluetooth||Yes, can be connected to smartphones||–|
|Screen size||128 x 64 pixels||128 x 32 pixels|
|Connector||USB Type-C||USB Type Micro-B|
Ledger Nano X Hacks and Scams – All You Need to Know
Since its release, numerous attempts have been made to both hack the device and trick Ledger users into sharing their private keys in some way.
None of this was known to the Ledger’s early adopters, resulting in the loss of hundreds of users’ cryptos.
If you’re new, you’ll benefit from others’ mistakes and will have a more pleasant experience with your Ledger.
Please read this section carefully to get a better understanding on what to, and what to not do:
Attacks by a Man in the Middle
Malware can infect your PC without you or your antivirus noticing.
Once a computer has been infected, you can no longer rely on the information displayed on the screen.
While your Ledger prevents hackers from gaining access to your recovery seed and completely wiping your wallet, they can still reroute your payment to a different address if you are not vigilant.
When conducting a transaction, ensure that you follow the steps outlined here.
Additionally, you should keep your wallet-accessing PC offline and dedicated to that purpose, and use a separate PC for general web browsing.
Please do not confuse an MITM attack with a normal UTXO-induced BTC address change.
If you are perplexed, read this topic.
9 months ago, a man started this thread in which he claimed his Ledger was remotely hacked.
Following some investigation, it was determined that the man downloaded a third-party Chrome wallet extension and entered his 24-word seed there.
The lesson here is that the official Ledger app will never request your 24 words.
Additionally, there is no official Ledger Chrome extension, indicating that the app downloaded by the man was clearly created by scammers.
Vendors of Third-Party Goods
Certain individuals purchase their devices on websites such as eBay and Craigslist.
There are some truly “sweet” deals to be found there, but here’s the thing – nothing comes for free.
In 2018, a young hacker by the name of Saleem Rashid claimed to have hacked a Ledger device.
His method necessitates him possessing the physical device in order to flash it with custom firmware via USB.
As far as I am aware, this issue has been resolved, and Saleem Rashid has been inducted into Ledger’s hall of fame.
While it is unknown whether there are additional exploits for the Ledger device, the lesson is fairly obvious: avoid third-party sellers.
To be clear, the Ledger Nano X is a highly secure device with an integrated integrity check system.
Nonetheless, it’s prudent to be as cautious as possible.
Attacks on the Supply Chain
As detailed in this blog post by Kaspersky Labs, a hacker could potentially implant a hardware implant into the Ledger, causing it to leak funds.
While a hacker is unlikely to gain access to your device if you purchase it directly from Ledger, it’s always better to be safe than sorry.
Solution: Ledger devices are simple to disassemble, and this short tutorial demonstrates how to easily disassemble your Ledger Nano and check for tampering.
Private Keys That Have Already Been Created
As demonstrated in this video, some third-party sellers substitute their own documentation for the original Ledger documentation.
They essentially pre-set the device for you.
They generate a private key and duplicate it twice.
They place one copy in the box and cover it in scratch-off ink to make it appear as though it came directly from Ledger.
The scammer retains the second copy, which enables them to access your funds until you reset your device and create a new set of recovery words.
You may be thinking, “Who is going to fall for this?”
The thing is, with over two million Ledger devices sold worldwide, you can bet that a sizable proportion of people will fall for this.
Websites Associated with Phishing
There have been (and most likely continue to be) a slew of phishing websites that look identical to Ledger’s.
These websites’ primary objective is to entice you into sharing your 24-word recovery phrase.
Takeaway: Ledger will never ask you for your 24-word recovery phrase or for cryptos.
Please take a moment to peruse this screenshot gallery to get a sense of how inventive scammers can be.
Breach of Data
In June 2020, a data breach on Ledger’s e-commerce website API resulted in the exposure of the contact information of over 8500 Ledger device owners.
The information leaked was limited to email addresses, phone numbers, and names.
There was no compromise of payment or credit card information.
Nevertheless, this enabled scammers to send emails and text messages to Ledger users, enticing them to click on links leading to phishing websites.
Takeaway: While this specific breach has been resolved, it is prudent to treat all emails and messages with suspicion, even if they contain your full name.
Even the largest companies experience data breaches, so please do not click any links in emails, regardless of how credible they appear.
Getting your own Ledger Nano X
The Nano X is available from all major online retailers.
As previously stated, a skilled hacker is capable of tampering with the device, so it’s always prudent to avoid third parties as much as possible.
I purchased my Ledgers directly from their official store and had them shipped to me via DHL Express.
I understand that €119 for one Nano X is not cheap, but for those of you interested in purchasing your own Ledger, here is the link.
Additionally, consider storing your seed words in the Cryptosteel Capsule Solo.
Additionally, a backup pack comprised of a Ledger Nano X and a Nano S is available.
You receive both for a total discount of 20%.
You can keep the Nano S in your home safe and use the Nano X for on-the-go transactions.
At this point, it is widely accepted that hardware wallets are required for secure cryptocurrency storage.
The more valuable cryptocurrencies become, the more attention various types of thieves pay to them.
There are several companies that manufacture hardware wallets, and while I have no doubt that the majority of them produce high-quality products, I personally prefer Ledger.
Ledger products have a solid track record, and the company’s active bounty program aids in the continuous improvement of its products.
Again, this review was not sponsored by Ledger.