Secure Wallet Setup — Initialize your Ledger device the right way

Follow a clear, step-by-step flow to get your hardware wallet ready, protect your recovery phrase, and verify your accounts — designed for first-time users and security-focused power users alike.

Why this setup matters

Hardware wallets like Ledger store your private keys off the internet. A proper setup ensures that your keys are generated securely on-device, your recovery phrase is protected, and you have independent verification that nothing was tampered with. Skipping steps introduces risks — this page walks you through best practices that reduce common vulnerabilities.

Quick overview

On-device key generation: Keys never leave the device.
Secure PIN & passphrase: Multiple layers of access control.
Recovery phrase handling: Offline, physical backup only.
Device attestation: Verify your device’s integrity before use.

Follow these steps

Unbox & inspect: Verify the seal and physical integrity of the package before powering the device.
Power on & initialize: Create a new wallet on the device — never accept a pre-initialized device from an unknown source.
Set a secure PIN: Use a 6–8 digit PIN that is not guessable and not reused elsewhere.
Write your recovery phrase by hand: Store it offline, in a secure physical location. Do not take photos or store digitally.
Verify device attestation: Use the companion app to confirm the device’s certificate and firmware authenticity.
Optional passphrase: Consider an added passphrase for a second layer of protection (act as a 25th word).
Test a small transaction: Send a minimal amount first to confirm address correctness and end-to-end flow.

Start setup

Security Score (CVSS-like)

This simplified, CVSS-inspired security indicator estimates setup risk based on common misconfigurations and user choices.

Current Setup Risk: Low

Score interpretation: Lower is better. This metric reflects the combined effect of three components: device integrity, recovery handling, and access controls (PIN/passphrase). Follow the checklist above to move the score toward Minimal.

Score breakdown

Device integrity: Verified attestation reduces tamper risk.
Recovery handling: Physical-only storage reduces exfiltration risk.
Access control: Strong PIN and optional passphrase lower unauthorized access risk.

Common mistakes to avoid

Photographing or storing recovery words in the cloud.
Accepting a pre-seeded device without verifying attestation.
Using weak or reused PINs across devices or services.
Skipping a test transaction and transferring large funds immediately.

Ready checklist

Box seal intact
Device booted and updated
Recovery written offline
Attestation verified
Test transaction complete

Need extra help?

If you prefer guided assistance, schedule a session with a certified configurator or consult the official documentation for step-by-step screenshots.

Get support

FAQ

Can I store my recovery phrase digitally?: No — storing recovery phrases online significantly increases risk of theft. Use only physical backups like metal plates or sealed paper in secure locations.
What if I lose my device?: Recover your wallet with the recovery phrase on a new Ledger or compatible wallet. Keep your recovery secure and accessible to trusted parties if appropriate.
Is firmware verification necessary?: Yes. Firmware verification prevents compromised or tampered devices from being trusted.