Recently, I ordered my Ledger Nano X and kept on biting my nails until I received it. The order was delivered from France via Ledger‘s international courier partner. I was able to track each and every step of the delivery in transit. I uploaded all my requested verification documents for customs and received the parcel in 7 days, flat. I was so excited!

I realized that I haven’t purchased something which actually matters for a long time, and now, I have bought one! I hastily opened the courier packaging. There it was, a wonderful white box, engraved with the name “Ledger”. I opened the box and held the Ledger Nano X. The feeling of joy was pure! I repacked the box, kept it in my personal storage and went out for some personal work.

I sat with my Ledger Nano X in the night. I have never used a Ledger before. Cryptopia just got hacked, Tradesatoshi is acting strange, I wanted to feel safe. I went to Youtube and played Boxmining’s review. Neat!

Wait, what? His box has a plastic wrap! Did I have one? Nothing here, nothing inside the courier packing, nothing in my dustbin. So? I got a panic attack. All the other problems in my life automatically got deprioritized.

I pressed the left button of the device. The Ledger logo popped up. Then it said “Low battery”. Do they deliver discharged devices? More panic attack. Hold on Ani! Do not proceed with set up, first do some research.

It was myself, my Ledger Nano X with all components spread on the bed, and Google.

There’s not much you can find about the Ledger Nano X in Google right now. It is a new device. I assumed that the basic fundamentals of Nano X and Nano S will be the same and went ahead with my research.

What should I call it? A plastic cover, wrap, tamper-proof seal. I used different keywords.  Looks like Ledger has stopped providing tamper proof seal for quite some time. My device did not have it anyway. I can see people are purchasing from Amazon. Be very worried my friend! I quickly opened my delivery package, I opened the invoice and rechecked, yes it has come from Ledger, France. One point ticked!

Okay, so I can see in Google that many have received the Nano X without the plastic wrap. Also, for some, the device came with a Pin, written down! I opened my box. Everything looked new. No already generated pins, written down in the recovery sheet. Another point ticked!

Now I called up the courier service. What they told me was “Yes there is every chance that a Customs Officer might have opened and checked my parcel. Happens all the time.” I prayed, please that be the case. So, I emailed Ledger Support and went to sleep. It was a windy night, and I had a nice sleep.

Next morning, I found their reply in my mail, the box comes with a plastic wrap! Heart attack now! What should I do? Should I return this? Or am I acting like a fool, there might be some solution. Calm down. So, it’s me and Google again.

Ok, I found something, Ledger has a page to check if the device is genuine.

  • Origin of the Ledger product
  • Box contents
  • Condition of the Recovery sheet
  • The initial state of the Ledger device

Let’s start again. Point 1 ticked. Point 2 Ticked. Point 3 ticked.

I now found the courage to switch on my device. I found that the screens are taking me in the same flow as mentioned in the support page. This means my device is in factory settings.

I then set up my own pin and passphrase. (If the pin and keys would have been already set up, that means my device is compromised.) Luckily, seems that this one is not. Ok, point 4 ticked.

Ledger does not provide a tamperproof seal as it can easily be duplicated. I installed Ledger live and checked if the device hardware is genuine. Ledger Live showed that it was genuine! Thank God. This is point 5.

Everything should be fine. My device should be safe. But I still felt uneasy. I need to be doubly convinced. As this device held no crypto, I reset my device again back to factory settings and generated a new pin and passphrase. This is my point 6. I should be safe now.

To summarise, below are the steps I checked to ensure that the device has not been tampered with before I actually start using it.

  • Origin of the Ledger product
  • Box contents
  • Condition of the Recovery sheet
  • The initial state of the Ledger device (Pin should be generated by you, it should not be already generated!)
  • Check via ledger live if the device is genuine.
  • Do a factory reset and regenerate pin and passphrase. (Not mandatory, just for your peace of mind)

I am hoping that in my case the Customs Officer might have thought, “Oh! What’s this device which looks like a pen drive but is not a pen drive! Lets open and check it.” Can’t blame him, it’s his duty.

On your side, if you follow the above tricks, you should be OK.

N.B: Oh sorry, I forgot one important point. Do not broadcast your passphrase on the internet.

LEAVE A REPLY

Please enter your comment!
Please enter your name here