One of the main indicators in suspicious used HW wallets is that firmware is detected without setup, if your firmware is already setup then avoid that device.
It depends on the device you use. For example, Trezors get shipped with no firmware installed. Once you unpack it, you get to choose if you want to use the the multi-coin or Bitcoin-only firmware. Ledgers come with the firmware already installed. Worse case scenario, it will be an outdated firmware that you can upgrade. A fake Ledger can't connect to Ledger's servers through Ledger Live. I assume Trezor uses a similar approach with their proprietary software, the Trezor Suite. 
Topic: About Hardware wallet] I am curious to learn; please help. (Read 127 times)
Most decent hardware wallets have some sort of check if they're genuine and run vendor based genuine firmware. This is not entirely foolproof, but better than nothing. If you download vendor software apps for the hardware wallet, always carefully check hash checksums of your downloaded file(s). Always, period!
Your hardware wallet needs an own indipendent display to show you what your signing device is about to sign or to verify an address. You need always, I mean really always, to check carefully what you are about to confirm on your hardware wallet. Never omit this check, period!
The mnemonic recovery words of your wallet should never touch an online digital device, write them down physically on paper, stamp them in metall but never ever enter them on an online computer, period! Carefully document your recovery words, purpose, time of creation, etc. and keep those details safe, really safe and secret. Don't ever dare to make digital pictures of such details with your mobile smartphone, period!
Make yourself familiar with recovery and usage of your chosen hardware wallet. Use Testnet bitcoins/satoshis for that as those don't hurt if lost. You can get Testnet coins for free, no big deal, there exist "faucets" for free.
Your hardware wallet needs an own indipendent display to show you what your signing device is about to sign or to verify an address. You need always, I mean really always, to check carefully what you are about to confirm on your hardware wallet. Never omit this check, period!
The mnemonic recovery words of your wallet should never touch an online digital device, write them down physically on paper, stamp them in metall but never ever enter them on an online computer, period! Carefully document your recovery words, purpose, time of creation, etc. and keep those details safe, really safe and secret. Don't ever dare to make digital pictures of such details with your mobile smartphone, period!
Make yourself familiar with recovery and usage of your chosen hardware wallet. Use Testnet bitcoins/satoshis for that as those don't hurt if lost. You can get Testnet coins for free, no big deal, there exist "faucets" for free.
~snip~
The Ledger wallet has a tamper-evident seal that covers the USB port and the edges of the device.
The seal has a unique QR code that can be scanned using the Ledger Live app to verify its authenticity.
The Ledger wallet has a tamper-evident seal that covers the USB port and the edges of the device.
The seal has a unique QR code that can be scanned using the Ledger Live app to verify its authenticity.
I've bought several Ledger HW over the years and I've never seen such protection, so I'm not sure where you got this information from? Even Ledger explains on its official website why it does not use anti-tamper seals and what you should pay attention to in order to protect yourself from fake or modified devices.
So be careful and it should be on the official site for less worry.
Buying from the manufacturer is something that is recommended, but you still have to keep in mind that the device travels for a while, and that it ends up in the hands of various people, whether it's delivery people, customs or someone else. We know from the experience of some forum members that their packages containing HW were opened, although this does not mean that there were malicious intentions.
If you want to be somewhat safe, when you buy a device and generate a seed, first send a smaller amount that you can afford to lose and leave it like that for a while - and if nothing bad happens, assume that the device is safe.
The solutions above will solve your doubts about the third party, but if you are skeptical about the developer of the hardware wallet itself, using an open source OS with airgapped devices will give you high security.
Is that really safe?IMO, if you've doubted that it has been tampered with, it's better not to use that hardware wallet at all.
There are several signs that you can determine a tampered hardware wallet, has physical damage on the item. For example on Trezor device, has a holographic seal with the Trezor logo that covers the USB port and the edges of the device. The seal has a unique serial number that can be verified on the Trezor website to confirm its authenticity.
The Ledger wallet has a tamper-evident seal that covers the USB port and the edges of the device.
The seal has a unique QR code that can be scanned using the Ledger Live app to verify its authenticity.
So be careful and it should be on the official site for less worry.
One of the main indicators in suspicious used HW wallets is that firmware is detected without setup, if your firmware is already setup then avoid that device.
The solutions above will solve your doubts about the third party, but if you are skeptical about the developer of the hardware wallet itself, using an open source OS with airgapped devices will give you high security.
The solutions above will solve your doubts about the third party, but if you are skeptical about the developer of the hardware wallet itself, using an open source OS with airgapped devices will give you high security.
but they did not explain how a new user could detect if a hardware wallet has already been tamper with before purchasing it.
Just assume that all HW wallets vend in 3rd party shops are tampered with (actually it is only in doubt), then that will prevent you from buying other than the official site no matter how well they guarantee you.
Thank you Charles-tim, I will just ask here if I need the help
I am busy learning about Bitcoin and security, particularly hardware wallets, since I found out that they are the most secure wallets to use and hold bitcoin.
Cold wallets, also called offline wallets are the safest and most secure. Paper wallet and wallet on airgapped devices are cold wallets. Some people do not consider hardware wallet as a cold wallet unless it is not used for making transaction. Some people consider hardware wallet to be safer and more secure, but they only prefer to consider it cold storage wallet if not used for making transaction, or if it is perfectly airgapped, without connecting it using USB cable, but using just QR code for signing transaction.But a hardware wallet gives convenience and also able to support more coins. Also safer than online wallets and can be used as a cold wallet.
So I read some articles online, but they did not explain how a new user could detect if a hardware wallet has already been tamper with before purchasing it.
To know if a hardware is not original or tampered with, it can differ from the company that manufactured it. Best to order it directly from the company, or an official reseller is the best.After buying it, you still need to check if it is fake or tampered with. OmegaStarScream post should be helpful about that.
Or if you want to buy any hardware wallet that you like that is not Trezor or Ledger Nano, you can let us know for us to let you know more about the wallet and how to know the fake or tempered with ones.
Just make sure you're buying directly from the wallet's official site and not from Amazon or other third-party sellers and you should be fine.
But to answer your question, it really depends on the wallet you're buying. You can check these articles if you're planning to buy a Trezor or Ledger wallet:
https://trezor.io/learn/a/authenticate-model-one
https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true
https://support.ledger.com/hc/en-us/articles/4404382029329?support=true
But to answer your question, it really depends on the wallet you're buying. You can check these articles if you're planning to buy a Trezor or Ledger wallet:
https://trezor.io/learn/a/authenticate-model-one
https://support.ledger.com/hc/en-us/articles/4404389367057-Is-my-Ledger-device-genuine-?docs=true
https://support.ledger.com/hc/en-us/articles/4404382029329?support=true
I am busy learning about Bitcoin and security, particularly hardware wallets, since I found out that they are the most secure wallets to use and hold bitcoin. So I read some articles online, but they did not explain how a new user could detect if a hardware wallet has already been tamper with before purchasing it. This is the safest wallet to store Bitcoin in cold, but scammers could sometimes tamper with this hardware wallet, and if someone is not aware, they can use it and all assets are lost. My question is, How is it possible to know if a hardware wallet has been compromised? I can't find answers in article I have read.
https://medium.com/radartech/hardware-wallets-explained-da8bd93ce801
https://www.coindesk.com/learn/how-do-hardware-wallets-keep-crypto-safe/
https://bitpay.com/blog/hardware-wallets-explained/
I want to learn it for my use, I can also be of help to my friends or newbies if they need help.
https://medium.com/radartech/hardware-wallets-explained-da8bd93ce801
https://www.coindesk.com/learn/how-do-hardware-wallets-keep-crypto-safe/
https://bitpay.com/blog/hardware-wallets-explained/
I want to learn it for my use, I can also be of help to my friends or newbies if they need help.
Jump to: