Although the date for Daedalus integration with the Ledger Nano S is not yet known, release is imminent, possibly in few months. Be aware of scams involving the Ledger Nano. My suggestion is only buy a Ledger from the manufacturer.
NEVER buy a Ledger from any 3rd party source. The 3rd party (man in the middle attack?) may set up the Ledger and record the seed. Then when you buy it, if the Ledger is not reset, they will steal all your funds. Even if the Ledger is reset, there are clever scammers out there. This article below is only 1 example. Thank you Phong T for the link.
“Reminder: our hardware wallets are always delivered empty without any seed. Never use a pre-seeded device. If you do receive a scratch card with 24 words, please contact us! Wiping the device and upgrading the firmware makes then the Nano S perfectly safe to use.”
Even buying a device directly from the manufacturer, somebody could still intercept and tamper with the package. Therefore, I’d wipe the device and regenerate the seed no matter who I purchased it from. I believe, but would be interested in a definitive answer, that the Ledger Nano hardware is tamper proof, so that the hardware itself cannot be attacked.
I agree nobody should buy a used hardware wallet but see no problem buying a new one via Amazon. They do not come pre-seeded. The seed is generated by the owner. The infamous scam involved a used one purchased on Ebay. The thief generated a seed and included a scratch off card with the device. The purchaser used the same seed provided by the thief and lost his savings.
I prefer Trezor but oh well.
You could order one from the official store, then have it replaced during delivery and receive a compromised device, e.g. the attacker can pre-configure a secret key and thus be able to spend the funds on it using a different device.
In conclusion, it’s not where you buy it from, it’s that you should verify the device before using it, using the guide linked above.
Are you certain of your statements above? Do you have proof? Are you willing to put your life savings (literally or not) on the line with a 3rd party handled device? Because that is what you would be doing or stating others may do safely. The reason I ask is because Ledger (and others) have said ‘Our devices are hack proof’ only to find out later that their devices can be hacked. Example. If a 15 year old can hack a Ledger imagine what the pro bad guys can do. I likely read the same articles you may have read that say a 3rd party Ledger is safe, but I don’t want to find out the hard way.
Granted the Ledger is very difficult to hack, but still it got hacked beyond the imagination of the manufacturer. Every time I use my Ledger Nano I have to place trust and assume that Ledger did their due diligence and I do not want to add another agent in the loop personally. I am OK with trusting Ledger because they provide some guarantees and limited loss recovery if their products fail.
Let me give you another example. Lets say I am walking down the street and I find a used condom laying on the sidewalk. So I pick it up, take it home, and run it through the dishwasher to sanitize it. Then I fill the condom with a liter of milk to make sure it has no leaks. If all goes well then I can then go ahead and re-use said third party condom with no worries. But is it really a good idea to do that?
Plus, your advice is missing a step. If someone were to find a Ledger on the street they would have to:
Run the device reset procedure FIRST. This as an absolute must. Otherwise a third party still has the word seeds.
You’re right, I would also buy a device from the official stores only, to reduce chance of sophisticated attacks, which is what the guide recommends too. Even so, all scamming to date could have been avoided if people simply followed the guide.
The guide mentions that you should initialize the device yourself.
Haha, this sentence makes the analogy pretty funny. Thanks.
Oh and update on this post. I ordered a second Ledger in July and they now send the Ledger by certified mail, in a sealed package, requiring signature to receive. So Ledger learned their lesson; never tempt or tease a hacker on broadcast media.