The Ledger Nano S is one of the most popular devices on the market, but I think it’s incredibly overrated. So let me tell you why you should save your money.
So Ledger sold over a million units last year and, for it’s price and simplistic design, has received a lot of praise.
The Ledger comes in at the relatively cheap price of €79 (TREZOR One costs €89, TREZOR model T costs €149 and KeepKey is about €110 [$129]), but it’s popularity astounds me, because the security features are incredibly limited.
Coins supported: Bitcoin, Ethereum, Litecoin, Ripple, Dodgecoin, ZCash, Dash, Bitcoin Cash, Ethereum Classic, Steller, Bitcoin Gold and 16 more.
Dimensions & Weight:98mm x 18mm x 9mm & 16.2g.
Screen:Yes, Embedded Blue LED
Compatibility: Windows (7+), Mac (10.9+), Linux or Chrome OS. Requires Google Chrome or Chromium
Software supported: Ledger Apps, Ledger Wallet Bitcoin, Ledger Wallet Ethereum, Ledger Wallet Ripple, Copay, Electrum, GreenBits, MyEtherWallet, Mycelium, BitGo
So the Ledger Nano S does offer some pretty attractive features that are standard for all hardware wallets, such as multi-currency support, built-in-display, multi-app support, FIDO certified U2F, Backup & Restoration sheets and PIN protection, but that’s pretty much it. It’s barely a step up from a USB flash drive, and let me tell you why:
- No tamper-proof seal
When you open the box to your Ledger Nano S, you don’t find that the package is sealed with a sticker that is evidence that the box hasn’t been opened during the shipment process. This leaves all Ledger devices unprotected against supply-chain attacks. “Ledger doesn’t attach any tamper proof seal on its boxes anymore as it is not useful” – quoted from Ledger’s website. They claim that tamper-proof seals were originally just standard stickers and that the seals are easy to fake or replace. They argue that using an attestation is better because it picks up when an attacker has installed rogue firmware into the device, but it doesn’t account for physical access. It is trivial to perform a supply chain attack that modifies the generated recovery seed. Since all private keys are derived from the recovery seed, the attacker could steal any funds loaded onto the device. and, it also begs the question, “why not use both?” Is it because Ledger doesn’t value our security enough to take on the additional production costs?
- Closed source coding
Ledger is pretty much the only company that doesn’t have open sourced coding. You literally just have to trust ledger to do the right thing here. Since they program everything there would be next to no method for you to verify that everything matches their open source. If they wanted to put in a backdoor obviously they would make it appear as though it’s not there, pretty simple to do when it’s your hardware and your software. Simply put, trust is the major factor here. They defend this by open sourcing all high-level applications, but I’m not buying it.
- 8-digit PIN
A screen is essential for any hardware wallet and being able to verify addresses on your device’s screen, while also generating private keys, is important, but Ledger’s tiny screen is not exactly multi-functional with just two buttons available to use to control the interface. Therefore, likely because the process becomes tedious, the only protection from those who gain physical access to the device is a 8-digit PIN – not exactly Fort Knox.
To be fair to Ledger, they offer a sleekly designed device that they’ve managed to sell very well, but it is largely riding on the coattails of the meteoric rise of cryptocurrencies. It’s portable, functional and easy-to-use, but I’m gravely concerned by its security. There have been too many attacks and there are too many gaping holes in their system. And it bothers me that they aren’t budging on dealing with any of them when they were widely reported.
Unless you’re dealing with a small supply of tokens, the features that offer convenience simply aren’t worth it. If you are storing a sizeable sum of money on a hardware wallet, I would strongly recommend spending more money elsewhere.