Author

Topic: How do you know if your cold storage wallet is secure when bought on Amazon? (Read 153 times)

full member
Activity: 161
Merit: 100
Only buy from official websites.
member
Activity: 93
Merit: 39
How would you know if that seed was pre-made by someone else, say the person that sold it to me on Amazon? Would it have been pre-written on the seed paper I save somewhere safe? I've heard they would give you a pre-made pin?

Two ways a hardware wallet might be compromised by an intermediary:

1. The seller preloaded a seed and PIN. They'd have to tell you the PIN for you to be able to use the device. To look legitimate, they'd also have to give you a printout of a seed. The given seed might not be the real seed - they just have to make you think you can recover the devise. If the devise made you choose a PIN and write down a seed, then you are safe from this type of tampering.

2. The seller loaded malicious firmware. You may think the device is working normally, but it is really showing you a preselected seed. Ledger has some mechanism to check the firmware when you go online. Trezor comes with no firmware loaded, forcing you to (hopefully) download an untampered version.
jr. member
Activity: 112
Merit: 1
I might be a little paranoid right now that's why I'm asking for educated opinions only. If it makes any difference I own 2 keep key wallets and one Ledger nano s.

You know it's secure based on the reputation and history of the Keep Key and Ledger Nano S wallets.

The device is set up once you receive it. At that time you select the PIN, you receive the 24 word pass key, you open/create your wallets within the device. Technically the device is an encryption tool. If it were previously used you wouldn't be able to set up the accounts. You'd know long before you were about to transact any Bitcoin to it.

Awesome this settles my concern, the very fact that I was able to configure it from scratch myself and create my own pin shows the fact that it was new and untampered with.
hero member
Activity: 1008
Merit: 510
So I heard that even a cold wallet if bought on Amazon, could be compromised today. So they went on explaining that it's possible somebody has the private keys and sell a "brand" new looking wallet to you and then once you set it up and put your coins/tokens on there one day they could possibly wipe your wallet clean. I wanted to get any educated opinions on the truthfulness of this claim, is that true?

I understand if the wallet comes with the 12-24 word seed with it when you buy it or if it comes with a pin number included, but what if I or anyone who buys a wallet on Amazon get the wallet and creates there own pin and writes down the seed for themselves and the paper has not been written on prior to that, is this scenario safe?

I might be a little paranoid right now that's why I'm asking for educated opinions only. If it makes any difference I own 2 keep key wallets and one Ledger nano s.

Thanks

I recommend that you generate your own wallet offline. You can use a address generator and run it offline to generate the public and private keys and print them out. This is a paper wallet which is what I prefer. This is the one way to ensure that no one has possession of your private keys. I have several wallets that I generated that I don’t even use yet so I can use them in the future.
hero member
Activity: 1106
Merit: 638
I might be a little paranoid right now that's why I'm asking for educated opinions only. If it makes any difference I own 2 keep key wallets and one Ledger nano s.

You know it's secure based on the reputation and history of the Keep Key and Ledger Nano S wallets.

The device is set up once you receive it. At that time you select the PIN, you receive the 24 word pass key, you open/create your wallets within the device. Technically the device is an encryption tool. If it were previously used you wouldn't be able to set up the accounts. You'd know long before you were about to transact any Bitcoin to it.
jr. member
Activity: 112
Merit: 1
Thank you two, I bought three hardware wallets on Amazon and they were sealed and seemed very legit. When I configured them I did it as a new wallet and when I wrote down the seed phrase it was generated by the wallet itself. How would you know if that seed was pre-made by someone else, say the person that sold it to me on Amazon? Would it have been pre-written on the seed paper I save somewhere safe? I've heard they would give you a pre-made pin?

So bc the wallet created the seed upon the configuration that means that it's a new seed correct? I ask this bc I understand whoever owns the seed owns the coin and that's what made me paranoid since I bought from Amazon, a re-seller of the ledger nano s and keep key hardware wallets (3). All came pre-packaged and sealed and seemed and smelled brand new I guess I'm just nervous bc I'm new to this sector and want to make sure that I protect the few coins I have, and not have all my eggs in one basket that why I got 3.

I'm pretty sure mine are legit bc it asked me to configure as a new device, I set a new pin for them, and then wrote the seed it generated word by word number by number in order in front of my eyes. I just ask because I recently heard of people buying scam wallets and got paranoid.
full member
Activity: 336
Merit: 102
'Cold wallet' is an umbrella term. If it is a paper wallet, there is no need to buy anything, you can generate it yourself, although not all generators are safe. The best way is probably to download an offline generator software and then run it on a 'cold' (offline) computer for wallet generation and printing. If it is a cold storage, then all you need is a cold computer to generate and store the wallet (Electrum (https://electrum.org/) has this option). If it is a hardware wallet (Ledger or Trezor), it should obviously come in a sealed package directly from the manufacturer. The seed should be generated when you configure the wallet. Anything with a sign of previous usage is not safe. Seed is everything, is allows to completely restore all keys (public and private) and addresses. One who knows the seed owns the coins.
sr. member
Activity: 952
Merit: 339
invest trade and gamble wisely
So I heard that even a cold wallet if bought on Amazon, could be compromised today. So they went on explaining that it's possible somebody has the private keys and sell a "brand" new looking wallet to you and then once you set it up and put your coins/tokens on there one day they could possibly wipe your wallet clean. I wanted to get any educated opinions on the truthfulness of this claim, is that true?

I understand if the wallet comes with the 12-24 word seed with it when you buy it or if it comes with a pin number included, but what if I or anyone who buys a wallet on Amazon get the wallet and creates there own pin and writes down the seed for themselves and the paper has not been written on prior to that, is this scenario safe?

I might be a little paranoid right now that's why I'm asking for educated opinions only. If it makes any difference I own 2 keep key wallets and one Ledger nano s.

Thanks

That's true. Seed must be generated by you. Once the seed is known to others then no pin can protect your funds. Seed is a full backup of that wallet (it overrides the pin protection ... e.g. if you forgot your pin you can use seed to restore the wallet).

Don't buy cold wallet (paper or w/e  wallet it is). Buy Hardware wallet instead.
Hardware wallets generates brand new seed for you (if not satisfied you can reset it and generate again brand new seed ...).


jr. member
Activity: 112
Merit: 1
So I heard that even a cold wallet if bought on Amazon, could be compromised today. So they went on explaining that it's possible somebody has the private keys and sell a "brand" new looking wallet to you and then once you set it up and put your coins/tokens on there one day they could possibly wipe your wallet clean. I wanted to get any educated opinions on the truthfulness of this claim, is that true?

I understand if the wallet comes with the 12-24 word seed with it when you buy it or if it comes with a pin number included, but what if I or anyone who buys a wallet on Amazon get the wallet and creates there own pin and writes down the seed for themselves and the paper has not been written on prior to that, is this scenario safe?

I might be a little paranoid right now that's why I'm asking for educated opinions only. If it makes any difference I own 2 keep key wallets and one Ledger nano s.

Thanks
Jump to: