Ledger Start Hub

Understanding the **'Why'** is as important as the 'How.' A hardware wallet fundamentally changes your relationship with your assets. You are moving from a system of **delegated trust** (exchanges holding your keys) to **self-sovereignty** (you holding your keys). Your Ledger device is not a place where your crypto is stored; instead, it is a cryptographic vault that stores your **private keys**. These keys are the mathematical proof of ownership on the blockchain. Without them, your crypto is inaccessible, even by you. The device keeps these keys **offline**—a state known as **cold storage** —which is the only method that provides genuine immunity against sophisticated cyberattacks, malware, and remote hacking attempts. The single-point-of-failure is now shifted from a centralized server to your physical security protocol.

The Private Key vs. Public Address Paradox

When you receive crypto, you share your **public address**, which is akin to an email address—it's visible to everyone and poses no security risk. Your Ledger controls the **private key**, which is like the password to that email account. The device is explicitly engineered to ensure the private key never leaves the secure, certified chip. The device's only purpose is to **sign** transactions—to mathematically prove you authorize a movement of funds—without ever exposing the key itself to your computer, which is inherently insecure. This separation is the core of Ledger's security model, making it impervious to operating system exploits or network eavesdropping. The total complexity of this system is designed to provide trust through verifiable cryptography, not through organizational promises.

Before you even power on the device, you must confirm its **physical integrity**. The primary threat at this stage is a **supply chain attack**, where a malicious actor intercepts the device, compromises it, and reseals the packaging. If a device has been tampered with, it could contain pre-generated keys, making your funds vulnerable from the moment you deposit them.

The Anti-Tampering Protocol (Detailed)

1. External Packaging Check: Examine the box for any signs of re-gluing, tears, smudges, or differences in texture. The security seals or films must be perfectly intact and show no evidence of having been peeled and replaced.
2. Internal Component Audit: Verify the contents against the Ledger documentation. Missing items, extra cables, or non-standard documentation can be red flags. The genuine Ledger comes with specific Recovery Sheets (paper cards).
3. The State Test: Power the device on. A genuine Ledger that has never been set up will **NEVER** display a pre-written 24-word recovery phrase on its screen or on paper in the box. It will only prompt you to **Set up as new device** or **Restore from Recovery Phrase**. If it attempts to give you a pre-written phrase, immediately turn it off and contact Ledger support.
4. Genuine Check in Ledger Live (Later Stage): While not immediate, remember that the Ledger Live application has a **Genuine Check** feature. This cryptographic attestation process confirms that the secure chip inside your device is authentic and that the hardware’s firmware has not been compromised. Never skip this software verification step.

Connect your Ledger device (Nano X or S Plus) to your computer using the supplied USB cable. The device will light up and initiate the setup. Navigation is performed using the device’s physical buttons—usually two buttons for selection (left/right) and confirming an action (pressing both simultaneously).

Setting the Protective PIN (Physical Security Layer)

The PIN is the first line of defense. It secures your device locally, protecting it from physical theft or loss. The PIN is required every time the device powers on and needs to be used for a transaction.

• Length and Complexity: The PIN must be between 4 and 8 digits. Choose a non-obvious number (avoid 1234, 0000, or dates of birth).
• On-Device Entry: You select each digit on the device screen using the buttons and confirm it. This process is fully isolated, ensuring even a keylogger on your computer cannot capture your PIN.
• Confirmation: The device will require you to enter and confirm the PIN twice. Do this slowly and accurately.
• The Three-Attempt Wipe: For robust security, the Ledger device implements a destructive fail-safe. If the PIN is entered incorrectly three consecutive times, the secure chip performs a **factory reset**, permanently deleting the private keys stored on it. This is not a loss of funds, but a necessary security measure; you would then use your 24-word Recovery Phrase to restore your funds onto a newly initialized Ledger (or the same one).

This is the most critical step of the entire process. The 24-word Recovery Phrase (often called the seed phrase or mnemonic) is the **single, hierarchical, deterministic master key** that mathematically controls access to all crypto accounts you will ever create with this Ledger.

The Power of the 24 Words (BIP39 Entropy)

The words are drawn from a standardized list of 2048 words (BIP39). Your 24 words represent 256 bits of cryptographic entropy, meaning there are $2^{256}$ possible combinations, a number so astronomically large it is practically impossible for any computer, even a quantum one, to guess. The words are generated *randomly* and *exclusively* by the secure element chip inside your Ledger, isolated from any internet connection.

The "Never Digitized" Imperative

To maintain cold storage security, the phrase must **never** be converted into a digital format. If it touches a keyboard, camera, microphone, or network, it becomes a permanent liability.

• Forbidden Storage Methods: Cloud storage (Google Drive, iCloud, Dropbox), email, text messages, password managers, photo albums, screenshots, or any digital note-taking app.
• Vulnerability Context: If you digitize the phrase, a hacker in another country can steal your crypto instantly and remotely. The physical paper key is your only defense against this.

The Mandatory On-Device Verification

After writing down all 24 words, the Ledger will prompt you to verify the phrase. This is a crucial self-check. The device will typically ask you to confirm a few specific words (e.g., Word 10, Word 18, and Word 24) by selecting them from a list on the device screen. This step guarantees that you have recorded the phrase accurately before the setup is finalized. **If you fail this check, you must start the entire generation process over.** This prevents the catastrophic scenario of having a ledger with funds but a recovery phrase that is unusable.

Implementing the 3-2-1 Backup Strategy

Your physical Recovery Phrase must be protected against all environmental and physical hazards. A recommended best practice is to adapt the traditional **3-2-1 backup rule** for your seed phrase:

• Three Copies: Have three copies of your 24-word phrase.
• Two Different Media Types: The original paper is susceptible to fire/water damage. Use at least two media types, such as the paper card and a **metal backup solution** (stamped or engraved steel plates are resistant to heat and water).
• One Off-Site Location: Store one copy in a separate, geographically distant location. For instance, Copy 1 in a home safe, Copy 2 in a bank safety deposit box, and Copy 3 sealed in a durable medium at a trusted relative’s house. This protects against localized disaster (e.g., house fire, flood).

Ledger Live is the essential software interface for managing your accounts, installing blockchain apps on your device, and checking your balance. It is important to treat the download process as seriously as the device setup.

Official Download Protocol

Always download Ledger Live **only from ledger.com/start**. Never click on search engine advertisements that claim to link to Ledger Live, as these are frequently phishing links designed to steal your information or swap receiving addresses during transactions. After installation, launch the app.