DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

Jonathan Flower
Jonathan Flower

Posted on • Updated on

How to Ledger Nano X - the bulletproof 40 year plan

I am setting up my Ledger Nano X and geeking out a bit on how to be absolutely certain I am not getting hacked. There are 2 attack vectors to consider before I setup my cold wallet:
1) Someone might have installed custom firmware before it made it to me.
2) The Ledger Live app I download might not be authentic.

These are relatively easy to protect against by first verifying the hash of the Ledger Live app and second by re-installing the firmware on my Ledger Nano X.

Verify you have an authentic Ledger Live app:

Downloaded the latest build from GitHub: https://github.com/LedgerHQ/ledger-live-desktop/releases

I am using a Mac so I opened up the terminal and ran this command after downloading the Ledger Live app:

shasum -a 512 ~/Downloads/ledger-live-desktop-2.26.1-mac-2.dmg
Enter fullscreen mode Exit fullscreen mode

Compared that to the hash published on Ledger's website Hash Checking instructions for Ledger Live. In my case, everything checked out and I am highly confident I have an authentic Ledger Live application. The only way a hacker could have fooled me at this point is if they hacked GitHub and Ledger's website (good luck!).

Side note: I could not find the hash for the Ledger Live iOS app. It is a little more difficult to check hashes for iOS apps, but it is possible. Since the app goes through the Apple App Store, this is not a huge concern.

Reinstall the firmware

The Ledger Live app is used to install the firmware so we are building on the extra steps we have taken to make sure we have an authentic Ledger Live app:
https://support.ledger.com/hc/en-us/articles/360013349800-Update-Ledger-Nano-X-firmware?docs=true

Setup

After that, the setup process was easy to follow. I generated a unique PIN number to secure my Ledger. For the recovery phrase, I cut the cards provided by Ledger in half so that only half of my recover phrase will be in one location at a time. I stored the two halves in different locations in my house. I then shared 3 more sets of cards with trusted family members. Two of which are in another state. So as long as all of Texas and Georgia do not burn down, I should be good. Haha! Honestly the main reason I shared it with 3 is because I expect at least two of them will loose at least one of the cards over the next 20 years. I instructed them to store the two cards in different locations in their house.

I plan to make one additional copy out of engraved aluminum (or something with a higher melting point if possible) as soon as I get a chance. I expect I won't need it again for 20 - 40 years, so it needs to be something that will last. Regular pen ink starts to fade after about 20 years.

Another thought is that once I am over the 100k mark I will store a set of cards in a safety deposit box.

Top comments (0)

🌚 Browsing with dark mode makes you a better developer by a factor of exactly 40.

It's a scientific fact.