Safe to use a second-hand hardware wallet?

[RedSlayerX]

This topic has already been raised, and someone believed that it 'should be closed' as it had been 'answered a number of times' (with personal, high-level 'belief' rather than technical fact).
Thus, I couldn't add a comment to it, and have re-raised it.

I am considering buying a second-user hardware wallet, and was in the process of researching the risks involved of pre-users 'hacking' such a device, when I came across the above post and wanted to add what seems to be a pretty definitive / thorough investigation into this (from a purely technical / expert point-of-view rather than simple 'gut-feel').

The link to this is here: https://blog.gridplus.io/hardware-wallet-vulnerabilities-f20688361b88

This guy isn't 'guaranteeing' anything (I wouldn't post it if he had, because we should all know that there is no such thing as '100% secure').

ATB,

Red

[TheQuin]

The danger in buying a second-hand hardware wallet is that the original owner will be able to access it if you don't follow the correct procedure and make a new seed.

This case was reported recently. https://cointelegraph.com/news/life-savings-stolen-from-second-hand-ledger-hardware-wallet

In this case, according to the article, the seller inserting his own recovery seed rather than the random seed assigned by the manufacturer.

[mk4]

The danger in buying a second-hand hardware wallet is that the original owner will be able to access it if you don't follow the correct procedure and make a new seed.

This case was reported recently. https://cointelegraph.com/news/life-savings-stolen-from-second-hand-ledger-hardware-wallet

In this case, according to the article, the seller inserting his own recovery seed rather than the random seed assigned by the manufacturer.

Doesn't Ledger have a feature whereas the device will be sort of checked if the device is tampered with when the device is connected to the internet? Which is the reason why their boxes doesn't have tamper proof seals. I honestly think what happened to that guy in the article you linked just didn't use the "create a new wallet" feature, instead he/she used the wallet the seller left it with. Most likely human error in my opinion.

[TheQuin]

@mjglqw It's difficult to tell from that article or the reddit report by the user exactly what happened. But yes I agree it is most likely down to the user not knowing what they were doing. That was the point of posting it here really.

[TryNinja]

@mjglqw It's difficult to tell from that article or the reddit report by the user exactly what happened. But yes I agree it is most likely down to the user not knowing what they were doing. That was the point of posting it here really.

That's what happened:

"The Ledger came with a recovery sheet which had a 24 word recovery seed, to see the seed I had to scratch off the silver foil/paint that was covering it."
Source by OP

Which should look exactly like this:



The device itself is probably safe to be used.

[TheQuin]

Thanks @TryNinja

I don't have a Ledger, the OP just reminded me of seeing that news article. Could you say what exactly you should do if you bought a secondhand one?

[mk4]

@mjglqw It's difficult to tell from that article or the reddit report by the user exactly what happened. But yes I agree it is most likely down to the user not knowing what they were doing. That was the point of posting it here really.

That's what happened:

"The Ledger came with a recovery sheet which had a 24 word recovery seed, to see the seed I had to scratch off the silver foil/paint that was covering it."
Source by OP

Which should look exactly like this:

https://i.imgur.com/DsICkge.jpg

The device itself is probably safe to be used.

I've seen that news. I thought what OP posted was different. But yea, it is due to human error. If only the person that got hacked took a few minutes to read the instructions and made his/her own wallet instead, this wouldn't have happened. It baffles me how people don't take extra safety precautions when handling huge amounts of money.

[baileym]

I use a ledger nano s.  To reset, enter the wrong passcode 3 times and it will reset.  You then have it create a new account.  Pretty easy.  I bought mine new but reset it just to make sure there was no tampering.   My ledger had me write the code down.  Not sure about the scratch off sheet you have??