Best Practices To Securely Buy Your Ledger Signer

So you’re ready to buy your Ledger signer, but don’t know where to start, or you’re second-guessing if it’s actually safe to buy on Amazon. What about a high-street retailer? How do you know the device coming off that shelf is a legit device?

In a space where scams are engineered to look indistinguishable from the real thing, healthy skepticism is the right instinct. But here’s the straight answer:  Buying from Ledger, from an official Ledger or Authorized Reseller storefront on Amazon, or from an Authorized Reseller,  is safer when combined with the Genuine Check.

This article will show you how Ledger’s Genuine Check and distribution chain works, which Amazon storefronts and retailers are officially authorised globally, and what red flags to watch for.

Please note, however, as a strict disclaimer: numerous unauthorized third-party resellers operate across online marketplaces, including Amazon. Purchasing hardware from such unverified sources introduces a number of supply chain vulnerabilities and security risks. Should you choose to purchase from these resellers, we strongly recommend taking additional precautions to verify the vendor’s legitimacy and confirm the product’s authenticity and integrity.

DISCLAIMER: MITIGATING SUPPLY CHAIN RISKS

While Ledger enforces rigorous security protocols across its distribution network, no global supply chain is entirely immune to highly sophisticated interception or tampering attacks. 

Furthermore, users must always perform a Genuine Check via Ledger Wallet™  upon device initialization for more security. 

Should you receive a package that appears opened, altered, or compromised from any authorised reseller—including Amazon—do not use the device and contact Ledger Support immediately. 

Ledger Genuine Check: Explained

Ledger Genuine Check is a cryptographic verification built into every Ledger signer. It confirms that the device contains a genuine secure element, i.e., it contains a proof mechanism.

Here’s how it works: During setup in a legitimate instance of  Ledger Wallet™, the app sends a ‘challenge’ to your device.

The Secure Element (a tamper-resistant chip found in bank cards and biometric passports) responds with a unique cryptographic signature using a private key injected at the factory. This key never leaves the chip and cannot be cloned or extracted. Ledger Wallet™ verifies the signature against Ledger’s servers. 

To protect this verification chain, always download the Ledger Wallet™ app exclusively from trusted sources: the official Ledger website for desktop or the official mobile app stores (iOS/Android). Never install software from unofficial links, third-party stores, or TestFlight builds—even if support claims there is an urgent issue—as these are common phishing vectors designed to compromise your device.

If it matches, your device contains a genuine secure element. If not, the check fails – do not use the device.

The Genuine Check is designed to protect against counterfeit devices. It verifies the Secure Element’s unique cryptographic signature against Ledger’s servers; a private key injected at the factory that never leaves the chip and cannot be replicated. Even perfect-looking packaging or branding can’t fake it. 

However, note that it cannot detect unauthorized physical modifications to the hardware—such as spying implants—if the original Secure Element remains intact.

This is why buying directly from Ledger or Authorised Resellers is safer: Ledger’s Genuine Check confirms authenticity, but cannot verify the device’s physical supply chain history. 

Furthermore, a genuine Ledger signer never asks you to enter your recovery phrase on a computer, phone, app, or website. Your 24-word secret recovery phrase is generated on the device during setup and should only ever be written down on the provided backup sheet (or your own secure method). 

If anything prompts you for it, it’s a scam.

Ledger Supply Chain: How Ledger Distribution aligns with security industry standards

Ledger’s supply chain is designed around compliance with rigorous industry security practices. 

Ledger safeguards its distribution network through premier partnerships. Ledger signers are deployed via top-tier, globally trusted logistics providers, including DHL, FedEx, or Colissimo.

We entrust our retail distribution to carefully selected Authorized Resellers, such as Fnac, Darty, and Best Buy. Through our Authorized Resellers program, Authorized Resellers are commercially incentivized to source inventory directly from Ledger or Ledger Authorized Distributors. This vetted logistics pipeline is structured to mitigate the risks associated with third-party wholesalers and grey market sourcing.

Furthermore, our distribution agreements contractually forbid these partners from restocking and reselling returned devices. Should you receive an opened or tampered package from any Authorised Reseller, including from a purchase made on Amazon, contact Ledger Support immediately.

Ledger maintains a dynamic, official registry of Authorised Resellers. To enhance product authenticity and supply chain integrity, we encourage consumers to purchase via Ledger.com or an Authorised Reseller. Purchasing from unlisted, unauthorised sellers adds a number of security risks.

Genuine Ledger Products: Addressing the Most Common Supply Chain Scams

The risks that circulate online like ‘pre-seeded devices’, tampered packaging, counterfeit units, etc., are real, and it doesn’t matter if it’s Amazon or any other retail source – verifying that you are buying from a legitimate reseller is one of your defenses against these sorts of attacks. Let’s understand some of the ways that attackers can target the supply chain.

Pre-Seeded Devices

Pre-seeding is when a bad actor generates a secret recovery phrase before a device reaches you, loads it onto the device or recovery sheet, and keeps a copy for themselves. The moment you fund the wallet, they can drain it remotely, because they hold the keys. The packaging may appear untouched.

Is there a chance your Ledger device was pre-seeded?

A legitimate Ledger device never comes with a recovery phrase or PIN code pre-configured. Ever. 

If your Ledger signer arrives with a recovery phrase written on a card, printed in the instructions, or presented at any point before you complete setup, do not use that phrase. Do not enter it into the device. Do not move any crypto to the accounts it generates.

Similarly, if your device comes already onboarded, with a PIN provided in the package, do not use that PIN.

The device itself might be physically intact, but given the evidence that the package has been tampered with to include rogue instructions, PIN, or recovery phrase, the utmost caution is required, and we do not advise using this device at all.

Unsolicited Devices

In May 2021, a user received an unsolicited ‘replacement’ Ledger device in the mail, complete with official-looking packaging, shrink-wrap, and a letter from the supposed CEO urging immediate migration.

The device concealed a soldered flash drive containing malware. Once the user entered their 24-word recovery phrase into the malicious app, the attacker drained approximately $78,000 from their wallet within 30 minutes. 

Legitimate Ledger replacements are never sent unsolicited. If you receive a device you didn’t order, do not plug it in. Another critical mistake is to type in your recovery seed into any application, including Ledger Wallet, regardless of how legitimate it appears. Never enter your secret recovery phrase into an application.

Tampered Devices

A tampered device is a genuine Ledger signer whose hardware has been modified after leaving the factory. 

The attacker’s goal is generally to get you to use the device in order to remotely exfiltrate what is displayed on the screen.

As explained earlier, the Genuine Check cannot detect all unauthorized physical modifications to the hardware. This is why buying directly from Ledger or Authorised Resellers is strongly recommended.

Examples:

Counterfeit Devices

A counterfeit device is a fake replica built to mimic a Ledger signer’s appearance. 

The attacker’s goal is to get you to use the device while they have full control of it, so they can drain your funds whenever they decide to. Counterfeit devices typically compromise your seed either by interfering with the seed generation process or by exfiltrating the seed once it has been generated.

These devices are often designed to pass visual inspection: same branding, same weight, same packaging.

Examples:

The Genuine Check is the technical safeguard against counterfeit devices. It uses cryptographic verification to confirm that the device is a genuine Ledger signer and that its Secure Element hasn’t been replaced. 

The Genuine Check closes this gap, but only if you run the Genuine Check using the Ledger Wallet™ app downloaded directly from Ledger’s official website or official mobile app stores. 

Counterfeit devices often come with modified versions of Ledger Wallet™ that will happily report “genuine” even for fake hardware. No visual inspection, no packaging check, no seller reputation can substitute for running the Genuine Check yourself with authentic software. 

Download Ledger Wallet™  from Ledger™  only, run the check immediately upon receipt, and never use a third-party seller’s app or download link.

How do I know the Amazon seller is legitimate?

Check that the seller’s name on the listing matches the official Ledger storefront for your country.

Amazon’s marketplace allows multiple sellers to appear on the same product page, which can make it easy to purchase from an unknown third party accidentally. Always verify the seller’s name before adding to the cart. Use the ‘Sold by’ information on the product page and cross-reference it against the official list.

Where to Buy Ledger Products: Official Channels 

You can find the full list of Ledger Authorized Resellers here

.