
Setup checklist (what to prepare)
- A clean, offline surface and a pen for writing your seed phrase.
- Metal backup plate or recovery card (recommended for long-term storage).
- Official companion app on a trusted computer or mobile device (download instructions: /ledger-live-download-install).
- Time: 15–30 minutes for initial setup and at least one small test transaction.
And yes — do this with a small test amount first. But don't rush the backup step.
Step-by-step: How to set up your hardware wallet
Below is a general, step-by-step flow. Exact screen text differs by device, but the sequence is consistent across major hardware wallets.
Initialize, PIN, and seed phrase
- Power on the device and choose "Set up as new device" (or similar).
- Create a PIN on the device. Choose a PIN you can remember but that isn't easy to guess; avoid simple patterns.
- The device will display your seed phrase (the recovery phrase). This is the master key to your accounts (BIP-39 standard in many cases). Write it down on the provided recovery card — do not take photos or store the phrase digitally.
- Confirm the seed phrase when prompted.
If you lose the seed phrase, you lose access to your private keys. Simple.
Install companion app and coin apps
- Install the official companion app on a trusted computer or phone (link: /ledger-live-download-install).
- Connect the device, follow on-screen prompts to pair, and allow any requested permissions.
- Install the specific coin apps you need (space management varies by device). See /install-apps-manage-space and /supported-cryptocurrencies.
- Add accounts in the companion app and receive a small test transaction to confirm everything works.
Seed phrase, backups, and advanced options
A seed phrase is typically 12 or 24 words following the BIP-39 standard (which defines how words translate to a private key). If offered alternative schemes (like Shamir / SLIP-39), they let you split recovery into multiple shares which increases resilience but also adds complexity.
12 vs 24 words; BIP-39 and SLIP-39 (Shamir)
- 12 words are convenient and still secure for many users; 24 words add entropy and future-proofing against brute-force advances.
- SLIP-39 (Shamir) allows you to split backup into multiple shares that require a threshold to recover. This helps distribute risk across geographic locations or trusted parties.
What I've found: SLIP-39 is excellent for estate planning or institutional setups, but it requires careful record-keeping of share distribution.
Metal backups and storage practices
Paper can degrade. Steel or other metal backup plates protect your seed phrase from fire and water. Store backups in secure, geographically separated locations if you hold significant value. See /backup-recovery-best-practices for templates and checklists.
Passphrase (the “25th word”): benefits and risks
A passphrase is an optional extra string added to your seed phrase. It acts like a 25th word but is not stored on the device. Benefits: it creates hidden wallets and adds another layer of protection. Risks: if you forget the passphrase, the funds are unrecoverable even with the original seed phrase.
I believe passphrases are powerful for advanced users who can reliably manage them. For many people, a properly secured 24-word seed with metal backup and geographic distribution is sufficient. Read more on passphrase trade-offs: /passphrase-usage-risks.
Firmware updates and authenticity verification
Firmware updates patch vulnerabilities and add new coin support. Always update firmware via the official companion app and verify the update's authenticity per the device's verification guide (for step-by-step checks see /firmware-updates-and-verification).
Never install firmware files from random links or third parties. If an update fails or the device behaves unexpectedly during an update, consult /troubleshoot-firmware-stuck.
Connectivity: USB, Bluetooth, NFC, and air-gapped signing
Connection type affects convenience and attack surface. Air-gapped signing (signing transactions without a live network connection) is the most secure model for large, long-term holdings, though it is less convenient.
Connection comparison table
| Connection |
Pros |
Cons |
When to use |
| USB (wired) |
Stable, no radio attack surface |
Can be vulnerable to compromised host if used carelessly |
Everyday desktop use; preferred for large transfers or firmware updates |
| Bluetooth |
Convenient for mobile; wireless |
Larger attack surface; requires caution in public settings |
Small, frequent mobile transactions; avoid for very large balances |
| NFC |
Quick pairing for payments |
Limited device support; short range only |
Mobile payments and quick confirmations |
| Air-gapped (QR/SD) |
Highest isolation; signs offline |
Slower, more complex workflow |
Long-term cold storage, vault-style setups |
For air-gapped workflows, see /air-gapped-signing.
Multisig, cold storage strategies, and inheritance planning
Multi-signature setups distribute signing power across multiple devices or people and reduce single points of failure. Use multisig if you want redundancy (and shared control) or a stronger defense against loss or theft. Read the compatibility notes before building a multisig wallet: /multisig-setups.
For inheritance, a documented plan with clear instructions and secure distribution of backups is essential. Consider legal advice and keep sensitive elements split across trusted parties.
Common setup mistakes to avoid
- Buying from unofficial sellers or marketplaces.
- Photographing or storing your seed phrase on cloud services.
- Typing your seed phrase into a phone or browser wallet.
- Skipping a test transaction before moving large sums.
- Using the same passphrase across multiple accounts.
For troubleshooting tips and recovery steps see /troubleshoot-firmware-stuck and /recovery-when-device-breaks.
FAQ
Q: Can I recover my crypto if the device breaks?
A: Yes—if you have the seed phrase (and passphrase, if used), you can restore to another compatible hardware wallet or supported software that accepts the seed format. Test recovery on a spare device if possible.
Q: What happens if the company goes bankrupt?
A: Your crypto lives on the blockchain and is controlled by your private keys, not the company. Still, company failure can affect support, firmware availability, and integrations—keep recovery options documented and use widely supported standards (BIP-39, widely supported derivation paths).
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth increases convenience at a small cost to attack surface. For very large balances, prefer wired or air-gapped workflows. For daily small transactions, Bluetooth is often acceptable with good operational hygiene.
Getting started with Ledger Live: installing apps and adding accounts
Once the device is initialized, the real day-to-day work happens inside Ledger Live, the companion app for desktop and mobile. In my testing I always download it directly from the official source and verify the installer, rather than clicking search-engine ads, which are a common phishing vector.
Installing coin apps
Ledger's secure chip has limited storage, so each blockchain needs its own small app installed via the Manager (labelled "My Ledger" on newer builds). To add Bitcoin, Ethereum, or Solana:
- Connect and unlock your device, then open My Ledger.
- Search the coin and tap Install — the app loads onto the device in a few seconds.
- Removing an app never deletes funds; balances live on-chain, tied to your seed.
On a Nano S, expect to juggle apps because space runs out fast; the Nano X and Flex hold far more.
Adding accounts
An "account" in Ledger Live is a view of one derivation path. Go to Accounts → Add account, pick the asset, and Live scans the chain and imports any address with history. A tip from experience: always confirm the receive address on the device screen before sharing it — the on-device display is your defense against clipboard-hijacking malware. You can rename accounts and track portfolio value, but Ledger Live never holds your keys.
Troubleshooting: device not recognized, PIN, and hidden wallets
Hardware wallets are reliable, but connection and access issues are the questions I get asked most. Here is the order I work through them.
"Device not recognized"
Nine times out of ten this is a cable or port problem, not a fault. In my testing:
- Swap the USB cable for a data-capable one — many charging cables carry power only.
- Try a different port, ideally directly on the machine rather than through a hub.
- Close other wallet software that may be holding the USB connection.
- On desktop, restart Ledger Live; on Android, enable OTG and grant permission.
PIN lockouts and resets
Three wrong PIN entries and the device wipes itself — a deliberate anti-theft feature, not a bug. Your coins are safe as long as you hold the recovery phrase: reset, choose "Restore from recovery phrase," and re-enter your words to rebuild every account.
Firmware and stuck updates
If an update stalls, keep the device connected, reopen Ledger Live, and let it resume. Interrupting rarely bricks the unit, but a fresh restart usually clears it.
Missing balance / hidden wallet
If a passphrase-protected (hidden) wallet shows an empty balance, you almost certainly typed a slightly different passphrase — even one character creates a brand-new, valid wallet. Re-enter it exactly, matching case and spaces, to recover the funds.
Is Ledger safe? Secure element vs. the 2020 data breach
This is the question that stops most buyers, and the honest answer separates two very different kinds of risk.
The device is genuinely hardened
Ledger devices are built around a Secure Element — the same certified (EAL5+) chip class used in passports and bank cards — paired with a custom OS that isolates each app. Your private keys are generated on-device and, in my testing, never leave the secure chip; every transaction must be physically confirmed on the screen. That architecture has never been broken remotely.
The 2020 breach was about data, not coins
In July 2020 Ledger's e-commerce database leaked, exposing roughly a million emails plus names and shipping addresses for a subset of buyers. No seed phrases, PINs, or funds were compromised — the wallets stayed secure. The fallout was a wave of phishing emails and, for some, physical-threat scams. The lesson: guard your personal data and never enter your 24 words anywhere but the device itself.
How it compares
| Factor |
Ledger |
Typical air-gapped rival |
| Secure Element |
Yes (EAL5+) |
Varies |
| Closed-source firmware |
Yes |
Often open-source |
| Connectivity |
USB / Bluetooth |
Often QR-only |
| Track record of remote theft |
None |
None |
No wallet removes the need for good habits, but the device itself remains a sound choice for self-custody.
Conclusion & next steps
A careful, staged setup protects long-term holdings. Start with the checklist, write down and secure your seed phrase, and verify firmware using official channels. In my testing, a small test transfer followed by scheduled backups saved time and stress later.
Want more detail? Read the beginner walk-through (Getting started), how to verify firmware (Firmware verification), and deeper backup strategies (Seed phrase management).
If you prefer a checklist PDF or step-by-step walkthrough for a specific connection type, check the related guides linked above and the compatibility matrix: /compatibility-matrix.
Stay secure, and always confirm addresses on your hardware wallet screen before sending funds.