Do you have a genuine hardware wallet?
BitPrime has been a massive advocate of keeping your funds off an exchange or web wallet where possible since day one. A genuine hardware wallet (or paper wallets) offers the best security for storage of your digital assets as it isn’t continuously connected to the internet.
Remember the Cryptopia security breach earlier this year? Hacks happen on exchanges; exit scams happen on exchanges; exchanges ghost out and put their hands in the air.
Even Binance suffered a hack earlier this year however they very quickly came to the party, honoured their customers and wore the loss.
We suggest if your crypto assets worth more than the price of a hardware wallet you should purchase one to keep your tokens secure. If you don’t have one you won’t need to read any further.
We also cannot suggest more strongly that you always buy your device directly from the manufacturer.
But what if you didn’t. How can you verify that the hardware wallet you got from TradeMe, eBay, Amazon etc. for 50% off is the real deal?
There are reports of devices purchased from the manufacturer in bulk, tampered with, re-packaged to the point they look authentic. Then, they were re-sold on sites like eBay and Amazon at hugely discounted rates only for the end-user to lose their hard-earned investment to theft.
We’re covering the Nano S, Trezor One and Model T in this post but first, please be aware that this is only a guide. As trading cryptocurrencies becomes mainstream, the bad guys are going to get better at what they do, and BitPrime cannot be held responsible for any losses.
Ledger Nano S
Ledger hardware security includes a built-in chip which stops physical interference with the device. But how do you know that your Ledger has this installed? What other indicators are there?
1. The recovery sheet
New Ledger devices generally come with two blank recovery sheets, as illustrated below. This is where you write down your 24-word recovery phrase (mnemonic phrase) when you’re setting the Ledger up. If either of these is already written on, game over.
2. What’s in the box?
With the Nano S, you’ll receive the device, a “Getting Started” card, two recovery cards, a micro-USB cable, two lanyards and another card. This card is headed “Did You Notice?”. This describes the chip mentioned above, comes with all Ledger Nano S devices and is pictured below.
3. What’s on the screen when you plug it in?
“Welcome” and “Press both buttons to begin” scrolls across the screen when you first connect your device. You’ll then be prompted to set up a PIN, not enter a PIN. If there’s a PIN provided somewhere in the packaging, again it’s game over.
If you’re still concerned, and you’re a tech-savvy, advanced super-user (can’t stress this enough), Ledger have a guide on their support site here.
This isn’t recommended unless you know exactly what you’re doing. This process requires opening up the Ledger, and there is a possibility that you will render your device – should it be the real thing – unusable and non-refundable.
What should you do if you receive a Ledger Nano S that you believe has been tampered with?
While BitPrime provides technical support for troubleshooting transactions and initial set-up, any concerns over your Ledger’s integrity should be referred to Official Ledger support. You can reach out to them here.
One reported scam with Trezor devices, particularly when purchasing through Amazon, is where an individual will buy multiple devices, replace them with fakes and then return them. Amazon will then release them back into their inventory and dispatch to the next unsuspecting customer.
All aside, let’s breakdown the ways we know to check your new Trezor One is likely the real thing.
1. Holographic Seal
Trezor incorporates a holographic seal with Trezor One packaging. Fakes that are currently in distribution will have almost identical packaging to the ones shipped directly from Trezor. In the images below from SatoshiLabs (creators of Trezor), you’ll see a clear distinction between the seals on each. You will also see how you should expect the barcode sticker to appear on the back of the box. In this instance, the one on the right is the real one, and you can see it’s placed evenly. Note these images show the boxes unwrapped, but when you receive your device, it should be sealed in plastic. If not, it’s not a good sign.
2. What’s in the box?
The Trezor One comes with two recovery phrase cards, a very small branded lanyard, a short micro USB cable and the four Trezor stickers. Again, if the recovery phrase cards are pre-filled in, do not go any further. You will be filling those in yourself when you set up the device. When you first pick up the Trezor One, it may feel light and “plasticy”; this isn’t a red flag – they are incredibly light and still a work-horse.
These are the two primary signs you’ve purchased a genuine Trezor One, but of course, if you have any concerns, please reach out to Trezor Support. From personal experience, I can confirm Trezor’s support team are fantastic and come back to you very quickly.
Trezor Model T
This device is the newer of the two and most of the details are the same, so I’ll keep this short.
1. Holographic seals
The Model T does not have any holographic seals on the original packaging. Below you will see what I received directly from SatoshiLabs.
What I think is brilliant here is that they have now placed the hologram directly over the USB input which you can see below.
2. What’s in the box?
The device, two recovery phrase cards (if they’re filled in, they’re no good), a getting started guide, a magnetic dock, a USB-C cable and four stickers.
To recap, these are some simple ways you can check to see if the hardware wallet protecting your hard-earned cryptocurrency is legitimate. Of course, the absolute best way to be sure is to purchase directly from the manufacturer.
Finally, always follow simple security measures such as keeping your passphrase stored somewhere secure (but don’t lose it!). Never give your private keys to anybody; BitPrime staff will never ask for them. Regularly update your device’s firmware when prompted by the device’s software, e.g. Ledger Live. For more security tips, please see this post here.