Security Tips for Hardware Wallets

Best practices for securing a hardware wallet

Getting used to self-custody can be tricky, but we’ve got you covered. Here are our essential tips for hardware wallets.

Hardware wallets empower you with self-custody of your crypto. That means absolute ownership and control of your coins, tokens, and NFTs. But with great power comes great responsibility: self-custody requires a firm understanding of your environment and the risks you face. Using a hardware wallet doesn’t make you invincible against social engineering, physical threats, or human errors. Here, we tackle a few of the most important threats, so you can enjoy self-custody and complete security.

The 24-Word Recovery Phrase

Ledger’s recovery sheet contains the 24-word recovery phrase. This unique list of words is generated by your hardware wallet.

Why do you need a recovery phrase?

There are two basic reasons why you would need access to your recovery phrase:

  • Loss or destruction of your hardware wallet: you can enter your recovery phrase on a new device to recover full access to your crypto assets;
  • Cloning to a new device: by entering your 24 words on another device, you’ll be in possession of two hardware wallets you can use independently. Another reason to clone a device would be when upgrading to a newer model.

The recovery phrase is essentially a very powerful backup of all your crypto assets, enabling you to access everything you own from any device. The only problem? It permits absolutely anyone in possession of that phrase to do the same thing. Anyone getting access to these 24 words would get immediate access to your crypto assets, and that makes it an extremely sensitive piece of data. Therefore, it is of the utmost importance that your recovery phase is correctly secured. Any compromise, at any time, could lead to catastrophic losses.

Additionally, it is critical to make sure that you have generated the 24-word recovery phrase yourself. Never, ever, use a preconfigured device. You must ensure you are the only one in the world to have knowledge of this specific recovery phrase.

As the availability of your recovery phrase is critical, you may wish to verify that you’ve indeed written it down correctly and that you can actually read it without error.

General Safety Principles

Having a hardware wallet set up with a verified backup in a secure place may protect you from a digital attack, but you are still vulnerable to potential physical threats such as a burglary or a hostage situation. This is why you must follow these basic rules:

  • Never tell anyone that you own cryptocurrencies. If you do, make sure to keep the real value of your assets to yourself.
  • If you are active in the online cryptocurrency community, protect your real identity and always be mindful of the information you share.
  • Do not keep your Recovery sheet in a safe at home. A bank vault is much more secure. Not having immediate access to your backup increases your resilience to physical threats.
  • If you have large amounts of cryptocurrencies that you do not need frequent access to, keep your hardware wallet in the bank safe as well. You can use another hardware wallet with lower amounts for frequent use.

Security Steps To Verify Your Receiving Address

When you need to share your receiving address so you can be the recipient of a payment, you must take extra precautions to ensure you don’t fall victim to a man-in-the-middle attack. An attacker in control of your computer screen could show you a wrong address which would make him the beneficiary of any transaction sent to it.

You must verify the recipient address shown on your screen by displaying it on your device.

When requesting a receiving address on Ledger Live, you are prompted to connect your hardware wallet and open the corresponding app. The address will then be shown on the secure display of the device, and you’ll be able to verify that it matches the one on your screen.

If you are using a software wallet (many third-party applications are compatible with Ledger devices), we recommend sending a small amount first to make sure that you have properly received it. This test should ideally be done on another computer. You can reuse the address that you have just verified for the test.

Beware of Blind Signing!

When you’re transacting with crypto, you will usually see the details of your transaction on a web page, on the screen of your computer or phone. But since that device itself is connected to the internet, the display could have been tampered with by a hacker. In short, it’s never possible to know for sure what you’re agreeing to when viewing the details on a connected device – this is known as blind signing, one of the biggest security issues for crypto users.

To prevent falling victim to this attack, always verify the transaction details on the Trusted Display of your Ledger device before approving the transaction. Your Trusted Display is completely isolated from your internet connection, which means it cannot be tampered with by hackers. The result? You can always trust the details you see on your Ledger device and verify that your transaction is safe.

Crypto self-custody requires discipline. Having a Ledger hardware wallet might not make you invincible – but heeding our essential self-custody tips will help you avoid scams and mistakes as you explore everything blockchain has to offer.

Knowledge is Power.

FAQs

Q: Why is it important to secure your recovery phrase?
A: The recovery phrase is a backup of all your crypto assets and anyone in possession of it can access your funds. Keeping it secure is crucial to avoid catastrophic losses.

Q: Why should you verify your receiving address?
A: Verifying your receiving address ensures that you don’t fall victim to man-in-the-middle attacks, where attackers can change the address on your screen and receive your funds instead.

Q: What is blind signing and how can you avoid it?
A: Blind signing is when you approve a transaction without verifying the details displayed on a connected device. To avoid this security issue, always verify the transaction details on the Trusted Display of your hardware wallet.

Conclusion

Securing your hardware wallet is essential to protect your crypto assets. By following these security tips, including securing your recovery phrase, practicing general safety principles, and verifying receiving addresses, you can enhance the security of your self-custody journey. Stay informed, stay vigilant, and enjoy the benefits of owning and controlling your crypto.