Curious about the Ledger Nano S?
Wondering if its all its cracked up to be?
Does it actually keep your coins safe?
Find out in this in-depth review covering everything you need to know about the Ledger Nano S and how we think it stacks up against other hardware wallets on the market.
The Ledger Nano S is likely the most widely owned and well-known hardware wallet on the market. There is a good reason for that.
Ledger has done a lot of marketing around their “secure element” and has raised more VC money than any of their competitors have.
In this Nano S review, we put the device to the test and explain if secure elements are all they’re cracked up to be.
But first…
The Ledger Nano S (and all hardware wallets) have two jobs: to generate and to safely store private keys.
Private keys are like the master passwords to your crypto wallet. If someone has the password, they can control your coins.
Many newcomers wonder, “Is crypto actually stored on my Nano S?”
Technically…no. The crypto isn’t really stored anywhere because it doesn’t exist in the physical world. It’s just a number assigned to an address (or wallet) on a blockchain. The Nano S protects against hackers getting your private key and stealing your coins from that address.
We’ll uncover how exactly the Nano S does that in great detail below.
The Ledger Nano S was first introduced in 2016 and is a multi-currency hardware device.
The Nano S supports over 1,600 cryptocurrencies.
Keep in mind that the Nano S hard drive is very small, so you’ll only be able to manage three to five of those 1,600 coins at a time. “Supported coins” just means you have the option to manage them on Ledger hardware.
It’s also worth noting that for many of these coins, you cannot manage them using Ledger’s native software, Ledger Live. Instead, You will need to pair the Nano S with a 3rd party wallet software. This is especially true with ERC20 tokens.
You can see a full list of these coins (as well as which ones are supported natively on Ledger Live) by checking out our supported coins page.
The Nano S stores these coins by creating and storing your wallet’s private keys offline.
Info:The price of the Ledger Nano S has dropped by about half since it was first released and currently retails for $59 USD making it the most affordable hardware wallet available.
The Ledger Nano X has since been introduced as a successor and holds a higher position in the Ledger product line by offering more features (more on the X below) for a steeper price tag.
Of all the big three hardware wallet companies (Trezor, Ledger, and Keepkey), Ledger offers the most popular and inexpensive hardware wallet on the market at only $59.
This includes free shipping to most countries as well.
See how the Nano S stacks up against other competing hardware wallets
In our opinion, the capabilities and features you get for a mere $59 is outstanding. Other hardware wallets offer more features with a better user experience (touch screens, larger hard drives, and Bluetooth capability), but you pay a steep premium for them, and they aren’t at all necessary. If you are fine with a wallet that does exactly what it needs to do (store private keys) and has no history of hacks in the wild, it would be hard to find better value than the Nano S.
But, it is worth covering some of the features the Nano S lacks compared to its big brother, the Nano X.
What does the upgrade get you? And is it worth it?
The Nano S can be thought of as Ledger’s value-focused hardware wallet product.
That’s because the Nano S offers the least amount of features of all the hardware wallets they sell.
Take a look at the table below to see all the similarities and differences.
With the high degree of risk present in managing digital assets, due diligence of a hardware wallet begins with opening the package.
Pay careful attention to this section so that you can make sure your Nano S packaging matches the one in the pictures below to make sure your product is real.
As of 2019, the Ledger Nano S branding is clearly visible on the outside of the box and is shrink-wrapped in plastic.
Previously, the upper and lower sections of the box were sealed with a tamper-proof sticker. This is no longer the case.
Instead, there is now a reassuring card inside which indicates why. More on this below in the “Root of Trust” section.
Regardless, never buy any hardware wallet device from anyone other than the manufacturer or an official reseller (we are one of those authorized resellers).
The box contains:
The box is nicely made and keeps the Nano S safe during shipping.
In addition to the clarification about the security seal, three cards for your seed word backup are provided along with instructions to continue on to Ledger’s website to begin setup.
The Nano S features two hardware buttons used to navigate the simple on-screen user interface and confirm or cancel transaction signing.
The chassis is a textured black plastic finish that feels fairly sturdy, though I wouldn’t recommend sitting on it or exposing it to high heat.
The security features of the Ledger are unique in the industry.
The Ledger family of hardware wallets are the only fully-certified hardware wallets on the market certified by ANSSI, the French cybersecurity agency.
Both the Nano S and Nano X feature what is known as a ‘secure element’.
Specifically, the secure chip used is a ST31H320 with a CC EAL5+ certification. It is the black medium sized chip in the top left of the device above.
According to Ledger:
A Secure Element is a secure chip that...embeds intrinsic countermeasures against many known attacks. This kind of chip is tamper-resistant and protects your device to a range of different attacks.
The secure chip is what differentiates the Ledger from most other hardware wallets on the market in terms of key storage.
This prevents attackers from being able to steal your private keys even if they get a hold of the device.
Trezor, for instance, does not use a secure element, and there are known exploits for stealing private keys if someone physically takes your Trezor.
There are reasons to be skeptical of secure elements though, and these are the reasons why Trezor does not use them.
The biggest reason is that, currently, there are no open-source secure elements on the market.
This is troublesome for two reasons:
It Can’t be Audited
First, if any part of a hardware wallet is closed source, it means that the architecture of the hardware cannot be audited by everyone. Only a small group of people who are under non-disclosure agreements from the designers of the chip can audit it, and even if they find a security issue, they are not allowed to disclose it to the public.
Supply Chain Risks
Second, because these secure element chips are typically patented and closed-source, only one company can manufacture them. This creates attack surfaces on the chip since they could be pressured by governments or markets to create back doors into the chips and no one would ever know.
That said, secure elements do serve a purpose and closed-sourcing them can also benefit their security. While it’s true that closed-source chips can’t be audited by everyone, it also means that finding exploits in them is more difficult.
And, as stated previously, secure elements are more secure against attackers who physically take your hardware wallet.
So it’s really a tradeoff.
Wallets that use secure elements have more supply chain risks, but wallets without them have more physical security risks.
Trezor is working on an open-source secure element to get the best of both worlds, but it may be awhile before they release it. Until then, we are stuck with this tradeoff.
Ledger no longer ships with tamper-resistant tape to prevent attackers from opening the box and manipulating the device before you receive it. Instead, Ledger offers a software solution for any user to determine if
It achieves this through it’s “Root of Trust” tools.
Here is how it works: When you run the tool on the ddeveice, Ledger’s servers send the device a message. The device can only respond if it has a specific private key on the device.
If the device cannot respond, then it means the device either is not genuine or has been compromised and you shouldn’t use it.
Warning: This tool is only useful if you use it BEFORE transferring any funds to the device. If you send funds to the device and it is comromised, it won't matter if you use the tool since you funds will likely be gone by the time you find out.
Any hardware wallet that does not have its own dedicated screen is a pretty worthless piece of hardware.
Why?
The whole purpose of a hardware wallet is to air-gap your wallet. That means you able to confirm transactions and verify addresses on a device that is not connected to the internet.
If your hardware wallet did not have a screen, it would need to show you the addresses and transaction data on a screen connected to an internet accessible device.
Warning: This would defeat the whole purpose of the device in the first place, since the data on your screen could be easily manipulated (for instance, telling you that you are sending funds to one address when you are actually sending them to another).
Similarly, another reason all hardware wallets should have a dedicated screen is because you want to be able to view your recovery seed on a device that is not connected to the internet.
Below I will briefly mention the other security features of the Nano S hardware wallet.
If you want to learn everything there is to know about any of them, we cover them all in our Nano setup guide in great detail. They are (mostly) optional steps at set-up, so you can decide for yourself which to use and which to ignore.
Read More: Ledger Nano Setup Guide
I am including them here in case you already know what they are and just want to know if Nano S supports them.
Here are some of the features we think would be a good for Ledger to add to Nano products in the future.
The biggest feature missing from the Nano S (and all other Ledger Nano products) is support for PSBT (or ‘Partially Signed Bitcoin Transactions).
Using PSBT, you can use your wallet to send Bitcoin without connecting the wallet to any computer - whether via Bluetooth or USB cable.
Instead, you use an on-board camera on the wallet to scan a QR code and then sign the transaction that way.
The two-button navigation system on the Nano S and other Nano products is annoying and inefficient.
Of course, this simple navigation scheme does keep costs down, which price-conscious consumers enjoy.
However, having a touch screen similar to the Trezor Model T would make life a lot easier for users who use their wallet a lot.
That said, if you plan to move your coins to a hardware wallet and rarely use it after, it probably doesn’t matter that much.
Of course, all of the features above are nice to have, but if the company making the wallet isn’t reputable or legitimate, then you can’t really trust the device in the first place, so let’s talk briefly about Ledger as a company.
Yes!
Launched in 2014, Ledger boasts sales of 1.5 million wallets in 165 countries to date.
Ledger has demonstrated a high degree of engagement with the community at large by providing abundant support and addressing specific issues and risks. High-quality information has been forthcoming in regard to their firmware updates. We’ve even written about some of the more common firmware update issues, which you can read using the links below:
Read More: ‘MCU firmware outdated’ issue
Read More: ‘MCU firmware not genuine’ issue
On July 29, 2020, Ledger made it known that their ecommerce databases had been hacked. This meant that personal customer information had been taken. Ledger explains the extent of the hack:
An unauthorized third party who accessed our e-commerce and marketing database – used to send order confirmations and promotional emails – consisting mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number.
To be clear, no user funds were ever stolen. Only non-crypto related information about customers of Ledger was leaked.
A security researcher by the name of Monokh disclosed a bug regarding the way Ledger handles transaction signing within apps for Bitcoin and its derivative coins’ apps. He writes:
The ledger device exposes bitcoin (mainnet) public key and signing functionality outside of the "Bitcoin" app. It presents misleading transaction confirmation requests indicating the selected app's addresses and amounts when in fact different transactions are being signed.
You can see this demonstrated in the picture below:
Ledger responded by saying this issue is known but is left alone to make sure the hardware wallet remains easy to use.
This exploit is unlikely to affect most users. You would need multiple apps on your device that are forks of the Bitcoin blockchain for it to work. The attacker would then be able to know the Bitcoin xpub and prompt transactions for Bitcoin without using the Bitcoin app.
The Ledger Nano S is a worthy cold storage device, especially for newcomers. While the buttons, display and connectivity options have been improved upon with the Ledger Nano X, these are creature comforts.
The slightly smaller feature set of the Nano S won’t diminish the experience of a long-term HODLer who will most likely leave the device unused for long periods of time.
With the Nano S storing your keys offline and your seed words kept as backup in a secure location, the logical next step is to add a Billfodl to the picture. Committing your seed words to stainless steel will dramatically reduce the risk of fire, flood, chemical spill or most other catastrophe erasing your funds.
The Ledger Nano S is the most popular hardware wallet on the market, and there is a good reason for that. It’s small, inexpensive, and does exactly what it is advertized to do - keep your coins safe. It is well supported, and has a great history in terms of security. It does have it’s downsides though: it is clunky to navigate and the screen is very low resolution. You also need to connect it to a computer via a cable, which is not very convenient. The Nano X improves these shortfalls a lot, so it is worth checking out as well.
We give Ledger Nano S a score of 8.5 out of 10!
Not easily, but it has been hacked before, but only in a research lab setting by people who are actively trying to crack it. Ledger is very good about issuing updates to known exploits quickly and offers a handsome bug bounty for anyone who can find a vulnerability in their hardware or software
Ledger Nano S supports over 1600 coins, but can only hold up to 5 different cryptos at a time. Since it technically stores private keys and not coins, it can ‘hold’ an unlimited number of any particular coin you want.
If you lose your Ledger Nano S, it’s nothing to fear (most likely). When you set up your Nano S, you were given a 24 word phrase. This allows you to restore your wallet if you ever lose the Nano S or it is destroyed or stolen. If someone finds your Nano S, they are unlikely to be able to get your coins unless they are very skilled and have a lot of time before you move your coins to a new wallet.
Ledger is more secure if your wallet is found, however the Trezor does not have Bluetooth or a secure element, which reduces the risk of a remote attack on your device or tampering in the supply chain. The Trezor also has more features and a better screen if you choose the Model T.