Using a hardware wallet is one of the best steps that you can take to secure your bitcoin holdings. Having recently reviewed the Trezor wallet, we at CoinGecko Buzz want to review the other hardware wallets on the market to evaluate their security features and ease of use. One of the oldest hardware wallets on the market is the Ledger hardware wallet. We requested a device from the guys at Ledger so that we could do a review.
The Ledger guys sent us not one but four Ledger devices for review. We received our package via UPS shipped all the way from France only two days later! We are very pleased that Ledger uses a courier like UPS (instead of going through the national postal system) to ensure fast delivery and also for added security.
In our package were these four devices:
a) Ledger Nano
d) Ledger OTG
Having just reviewed the Trezor wallet, I was a little confused initially when I received my Ledger package with four different devices. I was expecting only one Ledger device like the Trezor, but here I was faced with four devices.
I decided to start my review with the Ledger Nano, as that is the primary hardware wallet.
Ledger Nano Hardware Wallet Review
One thing to note about the Ledger Nano is that the packaging is absolutely top quality. I am pretty sure that the guys at Ledger took inspiration from Apple in designing the entire user experience because the feeling I had while unboxing the Ledger Nano was similar to how I felt when I unboxed my iPhone 5 three years ago. I dug through some drawers to find my old iPhone 5 box and placed it next to the Ledger Nano box for comparison.
One thing to note about the Ledger Nano box is that because Ledger wants to ensure a pleasant unboxing experience for the user, it does not attach a hologram security sticker like Trezor does. The sticker that came attached to my Ledger Nano was half-peeled, making it easy for me to remove the sticker without damaging the box.
It would be relatively easy for anyone to tamper with this Ledger Nano box, but thankfully it is shipped through a more secure provider like UPS or DHL, ensuring added security. The downside of using a hologram sticker and glue-sealing the box like Trezor does is that the unboxing experience becomes difficult and not seamless. The unboxing process damages the Trezor box, whereas my Ledger box still looks beautiful after the unboxing. I am sure that the Ledger designers considered this and decided that they wanted an Apple-like unboxing experience, consequently choosing this method instead.
UPDATE 24 November 2015: I was informed by Joël Pobeda, COO of Ledger, that Ledger Nano boxes do not need hologram stickers because they use attestation, a better approach to proving the authenticity of hardware wallets. Attestation is a cryptographic challenge presented to the Ledger device whenever it is connected to the computer. Here is a video displaying the attestation process on a legitimate Ledger device and a compromised Ledger device.
In the Ledger Nano box was a small envelope containing the instructions and recovery seed booklet. Again, by placing my iPhone 5 envelope next to the Ledger Nano envelope, I noticed that both are very similar.
The Ledger Nano also came with a black leather case containing a credit card-sized security card with jumbled letters and digits for the password. This reminds me of the scrambled 1-9 keypad on the Trezor device that changes each time the device is plugged in. The downside with this card is that the jumbled alphabet locations are set only once.
Finally, a picture of the actual Ledger Nano hardware wallet device. When folded in, it is very tiny and light—smaller than a normal USB thumb drive, and great for carrying around.
The instructions for using the Ledger Nano are short and sweet, making me eager to get started using this device. In contrast, I was overwhelmed when I read the long set of instructions for the Trezor; plus, those instructions were printed on thin paper.
Step 1, according to the instructions, is to open Chrome and head to http://my.ledgerwallet.com. I was asked to install a Chrome extension for the Ledger Nano.
Installing the Chrome extension was a breeze. I was then asked to insert my Ledger device into the USB slot of my computer.
There was some confusion on my end when I had to slot the Ledger Nano device into the USB port. I was not sure which side I had to slot the Ledger Nano in and whether it was fully slotted in. I had to try multiple orientations, and even when it was completely slotted in, there was an exposed golden part on the Ledger Nano device, causing me to try forcing it in farther before I realised that the Ledger Nano device had been fully inserted.
The Ledger Nano device had been fully inserted when the instructions on my screen changed to the following.
I proceeded with the instructions to create a new wallet and was told that I needed a trusted computer to proceed.
This was in contrast to the Trezor, for which a trusted computer is not required. To solve this problem, the second device that came with my parcel, the Ledger Starter, is supposed to be used together. The Ledger Starter device is absolutely stunning with its shiny metallic look.
Retailing for only €5.50, the Ledger Starter is a device that comes with an offline Linux operating system that will help provision a computer to initialize the Ledger Nano even on a compromised computer. Unfortunately, the Ledger Starter works only with a PC or desktop Mac, so I could not use it on my MacBook Air. I asked the Ledger guys if there is any plan to support the Ledger Starter for Mac notebooks in the future, and received the following reply:
We do not plan to support it, as the next version of our firmware will not need a secure boot to initialize the wallet. The seed will be shown scrambled on the screen (the physical recovery card being the key to unscramble it), so a malware could not do anything bad during initialization.
Here is the official Ledger video showing how the Ledger Starter works if you are interested.
Trusting that my MacBook Air was not compromised, I proceeded with the next step—initializing my Ledger Nano. I was asked to set a PIN for my Ledger Nano. Once confirmed, I had to write down the recovery seed.
The Ledger recovery card is really pretty, but one annoying thing that is evident is that I was asked to write the 24-word recovery phrase from left to right instead of top to bottom. This caused me to mess up the order, as I was expecting to write in one column from top to bottom for the first 12 words before going to the second column to write the next 12 words. This is not natural, and I hope that Ledger changes the orientation for future cards.
I was then asked to confirm two randomly selected words from my recovery phrase to ensure that I had correctly stored the recovery phrase. The recovery phrase page allows me to copy and print my recovery seed, a function which, while useful, simply encourages people to store the recovery seed on a computer in a possibly insecure manner.
After this step, there were some configurations that were automatically done on the device. I was then asked to unplug my device and plug it back in. Doing so, I was asked for my PIN.
Keying in the PIN, I was presented with a wallet, which looks quite pretty.
I was navigating around the settings when I noticed that I could pair a smartphone with the wallet. I decided to give this a go to see how much security I could add to the Ledger Nano.
Pairing my iPhone to the Ledger Nano was a fast and straightforward process. I downloaded the Ledger Wallet iOS app from the Apple app store and followed the instructions.
During this pairing process, I was asked to take out my security card and key in some codes using the jumbled letters. Up to this point, I was wondering when the security card would be used, as the instructions said only that it is “required to authorize sensitive operations”.
I decided to send some bitcoins over to my wallet to see how it operated. Receiving the bitcoins was seamless and worked like any other wallet. I then tried to return the bitcoins to test the security credentials.
To send out funds, I had to confirm on my paired iPhone that I wanted to authorize this transaction.
Once I hit the Confirm button on my iPhone, the transaction was broadcast to the Bitcoin network. One thing to note about the Ledger wallet is that I have to hit the Refresh button to show my outgoing transaction, as it does not auto-refresh. It would be good if the wallet could auto-refresh in the future.
I am very pleased with the ease of use of the Ledger Nano. With this transaction complete, I have to say that it is a very well-designed product.
Retailing for €29 (roughly USD31), the Ledger Nano can be shipped worldwide via DHL Standard for €19 or UPS Express for €45. Assuming use of DHL Standard, the total cost of buying the Ledger Nano will be €48 (roughly USD55); this is almost half the price of the Trezor, which retails for USD99.
I wanted to know if the Ledger Nano device supports altcoin wallets and was referred to this Knowledge Base page. Technically the Ledger device supports altcoins so long as the altcoin supports BIP32 and BIP39. However, the altcoin client application must also support the Ledger device. If the altcoin developer has forked the latest Electrum or Mycelium version, it will support the Ledger.
According to Ledger, "We plan to add ourselves support of Litecoin and Dogecoin to the Ledger Chrome app." I will be waiting for the time when the Ledger Nano device can also support the various altcoins in the market through the Ledger Chrome app.
One device that Ledger has that is really cool is the Ledger Unplugged. It is a Java card that is similar in size to a credit card and that works with any NFC-compatible device like the latest Android smartphones. You can authorize transactions by tapping this card on your Mycelium-enabled Bitcoin wallet on your Android smartphone.
Currently this is the only such product available on the market. Although it is not widely used, I think this idea is very novel and is great for mobile users wanting added security. Users can use this card as a security device instead of using the Ledger Nano on an Android connected via the Ledger OTG, which can be very cumbersome. The Ledger Unplugged device retails for €29; to me, it is a great value for the money.
The Ledger OTG is simply a USB On-The-Go device to support the use of the Ledger Nano on Android smartphones. It is an adapter that plugs into the Android smartphone and provides a USB input for the Ledger Nano.
Retailing for only €4, the device supports only Android smartphones; Ledger informed me that it is impossible for it to support iPhones.
Overall, I would say that the suite of Ledger hardware devices is a good start for someone looking to enhance their bitcoin security. I am truly impressed with the design of the Ledger devices—they look really beautiful. The price for which the Ledger retails is the lowest in the market for hardware wallets and is good for someone looking to enhance their bitcoin security but who does not want to pay too much money. The Ledger Unplugged is especially good for someone looking for hardware wallet support on mobile devices.
The downside of the Ledger Nano wallet is the need to have a trusted machine to initialize the device. Not many people know how to set up a secure machine from scratch, not to mention the time it will take to learn and implement it. The Ledger Starter is supposed to solve this problem, but some may be intimidated by the need to mess with the BIOS settings to load the Ledger Starter. In addition, it is not supported on Mac notebooks.
Ultimately, there is no method that can make your bitcoins completely hack-proof. What these Ledger devices do is boost the barriers that prevent hackers from dispossessing the bitcoins you have. For many, this will be a device worth investing in to increase bitcoin security. Order your Ledger Nano now.