Ledger Nano X in 2021 – What’s New and How to Not get Scammed – My Updated Review


This review is NOT sponsored and contains affiliate links.

I’ve been a user of Ledger hardware wallets since 2017, and today I’d like to post my updated review on the Nano X.

In this review, I’d like to introduce the wallet to those who are new to the product, as well as talk about the features that have been added since 2018. Since my main focus is security, I will be also sharing some critical information that will hopefully help you stay safe and avoid getting scammed.

What’s a Ledger Nano X?

The Nano X is a hardware wallet that supports over 1500 different assets, and can store up to 100 of them at the same time. It supports all of the mainstream cryptocurrencies such as Bitcoin, Ethereum, Ripple, Litecoin, Stellar, Monero, as well as many alt coins and their derivatives. Here’s a full list of the supported assets.

On the outside, the Nano X looks like a pen drive with a stainless steel cover. The body of the Nano is made of plastic however, it feels way sturdier than that of the average pen drive. The device features a 30×13 mm screen, and two buttons. It can be connected via USB to your desktop (MacOS or Windows) or via Bluetooth to your phone (iOS 9+ or Android 7+).

Despite its seeming simplicity, the Nano X is an advanced device that features a high-end ST33J2M0 secure element, as well as its own operating system. This makes the device immune to any remote attacks, as well as makes it highly resistant to attacks even in the unfortunate case a hacker gets their hands on the physical device.

Note: I say “highly resistant to attacks” to avoid confusion. If your device gets lost or stolen, it’s critical to restore your funds with the recovery seed and transfer them to a different wallet asap. No matter how secure the device is, you don’t want hackers to possess the chip that has your encrypted keys on it.

What does the Ledger Nano X do?

The device has two functions:

The first one is to store your personal keys. As you probably know by now, all of the coins are out there in the blockchain; your wallet just holds a set of keys that prove your ownership of those coins.

You can obviously create a so-called software wallet on your PC and back up your keys on an USB stick, or even create a cloud wallet and trust a third party to store the keys for you. While not a particularly bad idea for small sums of cryptos, this method is far from safe.

You probably know how vulnerable are computers and smartphones to hacker attacks. A number of keyloggers and trojans remain undetected even by the best antiviruses, and can leak your personal keys to the hacker as soon as they appear on your device.

Here’s where the Nano X comes into play. Its second function is to authorize transactions while keeping the private keys secret. This way, you can operate a cryptocurrency wallet even from an infected computer or smartphone safer, as long as you follow certain guidelines (as detailed in the sections below).

The Nano X has signing authority for transactions. While you cannot initiate transactions straight from the device, you do use it to manually confirm every transaction you do by pushing one of the two physical buttons on the device.

Here’s how it works:

  • You start by creating your wallet on the device, and you write down the recovery words somewhere safe.
  • Then, you link a software wallet of your choice to your Ledger device. This way, you can use the interface of that software wallet to manage the funds on your Ledger.
  • Every time you send crypto to someone, you will have to either confirm or deny the transaction by pressing one of the two buttons on your Nano X. The screen will display the recipient address, which will allow you to verify that you’re sending the funds to the right person.
  • If a transaction was initiated by a hacker, you will be able to decline it, and keep your money safe.

Simply put, if a hacker gets to initiate a transaction from your wallet, they won’t be able to complete it without you physically pushing the button on your Ledger.

Note: Even though the Ledger does offer an extra layer of protection against hackers, it’s still a good idea to only connect it to a PC that has a freshly installed operative system on it to prevent MITM attacks. More on that below.

 

What’s New: Ledger Live

The Ledger Live is a new application that is being developed and hosted by Ledger. As its description states, Ledger Live is “the one-stop shop for your crypto”.

Originally, all Ledger devices only operated with third-party wallets and exchanges. Most of the biggest wallets and sites allow you to link your ledger device to them to add that extra layer of security.

Now, Ledger decided to make life easier for their customers and released their own app that offers a simple interface for storing, buying, selling, swapping, and stacking your crypto. The app is available for Mac OS, Windows, iOS, and Android.

Note: Even though the app is developed by Ledger, two of its key functions are still powered by third parties – the buy/sell option is powered by the Coinify gateway, and the swap option by Changelly.

Make sure to download the app from the official Ledger website to avoid scams.

Common Questions

What happens if your Nano X gets stolen?

In the unfortunate event this happens, you will most likely have some time to use your 24 word recovery phrase on a new device to access your funds again, and transfer them to a new wallet. Here’s how. As you know, the wallet operates with a 4- or 8- digit pin. The seed gets wiped out from the device if a wrong pin is entered three times in a row, so the device is protected against brute force attacks. There are talks about other methods a hacker can potentially use to access the data on the chip however, those require time and specialized equipment.

What happens if you lose your 24 word recovery phrase?

If you still have access to your ledger, you can create a new wallet (make sure to write down the new recovery phrase), and transfer all your funds there.

Pro Tip: You can back up your recovery seed on a device such as a Cryptosteel Capsule Solo or billfodl

 

The Nano X is the newest model, and it offers more features, and an overall better user experience compared to that of the Nano S. Both devices are still manufactured and supported by Ledger, with user experience being one of the key differences between the two: Also check on official website!

Ledger Nano X Ledger Nano S
Apps installed simultaneously Up to 100 Up to 20
Compatible crypto assets 1,500+ 1,500+
Compatible wallets 50+ 50+
Bluetooth Yes, can be connected to smartphones
Screen size 128 x 64 pixels 128 x 32 pixels
Connector USB Type-C USB Type Micro-B
Battery 8 hours
Price €119 €59

Ledger Nano X Hacks and Scams – All You Need to Know

Since its release, there have been quite a few attempts to both hack the device itself, as well as trick Ledger users into sharing their private keys in one way or another. None of this was known to the early adopters of the Ledger, and hundreds of users lost their cryptos. If you’re new, you’ll have the privilege of learning from other’s mistakes, and have a more pleasant experience with your Ledger.

Please read this section carefully to get a better understanding on what to, and what to not do:

Man in the Middle Attacks

It’s no rocket science that malware can infect your PC without you or your antivirus noticing it. Once a PC is infected, you can no longer trust what’s displayed on your computer screen. While your Ledger will prevent hackers from accessing your recovery seed and wiping your wallet completely, they can still reroute your payment to a different address if you’re not cautious enough.

Solution: When making a transaction, make sure to follow the steps detailed here. Also, ideally you want to keep your wallet accessing PC offline and only for that purpose, and have a different PC for regular web surfing.

Note: Please do not confuse a MITM attack with a normal BTC address change due to UTXO. If confused, read this topic.

Chrome Extensions

9 months ago, a man created this thread where he claimed that his Ledger got hacked remotely. After some investigation, it became clear that the man downloaded a third-party Chrome extension for the wallet, and introduced his 24-word seed there.

Lesson learned: the official Ledger app will never ask you for your 24 words. Besides, there is no official Ledger Chrome extension, so that app the man downloaded was clearly made by scammers.

Third-Party Sellers

Some people buy their devices from sites like eBay and Craiglist. You can find some really “sweet” deals there but here’s the thing – nothing comes for free.

Back in 2018, a young hacker named Saleem Rashid claimed to have being able to hack a Ledger device. His method requires him to have the physical device in order to install a custom firmware on it through USB.

As far as I know, this issue has been addressed, and the Saleem Rashid now appears on Ledger’s hall of fame. Now, it’s unknown whether there are other ways to exploit a Ledger device so the lesson is pretty clear: avoid third-party sellers.

Don’t get me wrong – the Ledger Nano X is a very secure device that also has an inbuilt integrity check system. Still, it’s a good idea to play it as safe as possible.

Supply Chain Attacks

As this blog post by Kaspersky Labs details, a hacker could potentially install a hardware implant on the Ledger to make it leak your funds. While it’s certainly not easy for a hacker to get their hands on your device if you order it directly from Ledger, it’s always better to be safe than sorry.

Solution: Ledger devices are easy to open, and this short tutorial shows how to easily disassemble your Ledger Nano, and check whether it’s been tampered with.

Pre-Made Private Keys

As this video explains, some third-party sellers replace the original Ledger documentation with their own.

What they do is they basically pre-set the device for you. They create a private key and print two copies of it. They put one copy in the box and cover it with scratch-off ink, making it look like this is how it came from Ledger. The second copy remains in the possession of the scammer, allowing them to access your funds unless you reset your device and create a new set of recovery words.

You might think “who will fall for this?”. Thing is, with over two million Ledger devices being sold worldwide, you can bet there’s a good share of people who could potentially fall for this.

Phishing Websites

There have been (and probably still are) quite a few phishing websites that look exactly like Ledger’s. The main aim of those websites is to lure you into sharing your 24 word recovery phrase.

Takeaway: Ledger will never ask you for your 24 word recovery phrase, neither it will ask you to send them cryptos. Please, take a minute to check this screenshot compilation to get a better idea on how creative scammers can be.

Data Breaches

Back in June of 2020 there was a data breach on Ledger’s e-commerce site API that leaked the contact information of over 8500 Ledger device owners. The leak consisted of strictly email addresses, phone numbers and names. No payment or credit card information was compromised. Nonetheless, this allowed scammers to send both emails and text messages to Ledger users, prompting them to click on links that would lead them to phishing websites.

Takeaway: While this particular breach was fixed, it’s a good idea to take any emails and messages with a grain of salt, even if they contain your full name. Data breaches happen even to the biggest companies, so please don’t click any links from emails no mater how credible they look like.

Getting your own Ledger Nano X

All of the major online stores sell the Nano X. As we saw earlier though, a skilled hacker can potentially tamper with the device, so it’s always a good idea to avoid third parties as much as possible.

I personally bought my Ledgers from their official store, and got it shipped to me via DHL Express.

I know €119 for one Nano X isn’t exactly cheap but for all of you looking to getting your own Ledger, here is the link. Also consider the Cryptosteel Capsule Solo to store your seed words.

There is also a possibility to buy a back up pack that consists of a Ledger Nano X and a Nano S. You get both for a total of 20{aa99edd08dd66036bd4af6c3dbe8af9b4ab31fcc55a521c2956d094a6dcd3a48} discount. You can store the Nano S in your home safe, and take the Nano X with you to make transactions on the go.

In Conclusion

At this point in time, it’s common knowledge that hardware wallets are a must for safe cryptocurrency storage. The more valuable cryptocurrencies become, the more attention they get from all sorts of thieves.

There are several companies that make hardware wallets, and while I don’t doubt that most of them make good and reliable products, I personally lean towards Ledger. Ledger products have a good track record, and the company’s active bounty system helps to improve its products constantly.

Again, this review was not sponsored by Ledger.

Disclaimer: This is not financial advise, I am not a financial advisor, this is for educational purposes only. If you want to invest in cryptocurrency please do your own research and invest at your own risk, 1stMiningRig is never liable for any decisions you make. 1stMiningRig may receive donations or sponsorships in association with certain content creation. 1stMiningRig may receive compensation when affiliate/referral links are used.

Thank you for reading. As always, your comments, suggestions and questions are welcome.

Subscribe and stay tuned for further updates!

To receive the latest updates follow me on social media! ?





Source link