Tips on Hardware wallet usage with Cardano

Hi there, I recently picked up a Ledger nano X and just had some questions about its usage.

  1. I am currently using Daedalus as my main Cardano wallet. What works the best with the Ledger Nano X? I saw Yoroi and Adalite were compatible. What is the best option? Pros and cons?

  2. In the case I lose or get my ledger damaged does the recovery phrase for the ledger work on any software wallet? I.e. I enter my ledger seed phrase and I can recover my ADA from Yoroi or Daedalus.

  3. If the last question is true what exactly is the point of the hardware wallet? Is it basically just to generate the keys offline and keep them stored completely offline? Or does it work more like a 2FA for Cardano wallet meaning I need to have both my Cardano 24 phrase AND the Leger generated phase? Would I have to buy a new ledger to recover my funds if it broke or got lost?

  4. I also just Metamask and other blockchains, does Ledger give you a master recovery phrase that can be used on any blockchain? Meaning if I lose my ledger can I recover all my separate wallets (i.e. Cardano, Metamask, etc) from the ledgers recovery phrase on software wallets?

Overall I am just curious about best practices. I am wanting to take the extra security to secure my ADA and other crypto I just want to understand the risks of using a hardware wallet. Last thing I would want is to lose the Ledger and be locked out of all my funds until I purchase a new one.

Thank you all. I love being apart of this community!

1 Like
  1. I am currently using Daedalus as my main Cardano wallet. What works the best with the Ledger Nano X? I saw Yoroi and Adalite were compatible. What is the best option? Pros and cons?

Daedalus, yoroi, adalite… or all compatible to access the funds via ledger
Now it’s up to you which app will use (for example daedalus is a full node and it will consume a lot of resources, yoroi or adalite.io will be faster.

  1. In the case I lose or get my ledger damaged does the recovery phrase for the ledger work on any software wallet? I.e. I enter my ledger seed phrase and I can recover my ADA from Yoroi or Daedalus.

!!! Do not enter the seed words for ledger in other app !!!

Nope, u will need to save the seed words in a safe place and in case u will lose the ledger or it will crash then u will need another ledger device which will be restored using the seed words from the old one…

Actually for first time when u will want to move the ADA to ledger u can test it:

  • send 10 ADA and then try to restore the ledger using the seed words
    If after restore u will see the 10 ADA it means it is fine and u can move all funds
  1. If the last question is true what exactly is the point of the hardware wallet? Is it basically just to generate the keys offline and keep them stored completely offline? Or does it work more like a 2FA for Cardano wallet meaning I need to have both my Cardano 24 phrase AND the Leger generated phase? Would I have to buy a new ledger to recover my funds if it broke or got lost?

The point is that… the private keys will be stored on ledger… + each transaction needs to be acknoledge with ledger (more secure)

  1. I also just Metamask and other blockchains, does Ledger give you a master recovery phrase that can be used on any blockchain? Meaning if I lose my ledger can I recover all my separate wallets (i.e. Cardano, Metamask, etc) from the ledgers recovery phrase on software wallets?

Yes, the restore of ledger should restore also all wallets which were created under that seed words

Overall I am just curious about best practices. I am wanting to take the extra security to secure my ADA and other crypto I just want to understand the risks of using a hardware wallet. Last thing I would want is to lose the Ledger and be locked out of all my funds until I purchase a new one.

Yes, if u will lose the ledger u will need another ledger device and restore with the seed words from lost one

2 Likes

I really appreciate your response!! Just a couple follow up questions.

  1. I use Daedalus mainly since it’s a full node. But if I was to use a ledger device would Yoroi be just as safe given im using a hardware wallet as well? I prefer lite wallets like metamask/yoroi since its less resources. So if I went down the Yoroi route + Ledger would that give me as much security as possible?

  2. So just to clarify I would need to save TWO private keys? One for my ledger device and the other for Yoroi. If somehow someone gained access to my Yoroi seed, they couldn’t send my ADA anywhere without the Ledger device as well? So it does kinda work like a 2FA?

  3. If that’s the case do you recommended buying a second unopened Hardware wallet? Would a Ledger nano S work as a backup to my Ledger nano X. I would keep the backup device at my parents or friends house but leave it in packaging only for recovery if needed. I just worry about a situation where I lost my ledger device or it was damaged. In that case if I only had one ledger I would have to wait for a new one to ship before I can recover any funds correct? but I can mitigate this by having a back up device ready to recover in the worst case situation?

Thank you again Alex, It was very nice of you to take the time to talk me through my concerns.

  1. I use Daedalus mainly since it’s a full node. But if I was to use a ledger device would Yoroi be just as safe given im using a hardware wallet as well? I prefer lite wallets like metamask/yoroi since its less resources. So if I went down the Yoroi route + Ledger would that give me as much security as possible?

Of course is secure, on all cases (daedalus, yoroi or adalite.io) you will need to confirm the transactions with ledger… .without the ledger confirmations ADA can’t be send out from the wallet

  1. So just to clarify I would need to save TWO private keys? One for my ledger device and the other for Yoroi. If somehow someone gained access to my Yoroi seed, they couldn’t send my ADA anywhere without the Ledger device as well? So it does kinda work like a 2FA?

Nope, you will need the seed words for yoroi because now the ADA will be on ledger wallet not on yoroi simple wallet

  1. If that’s the case do you recommended buying a second unopened Hardware wallet? Would a Ledger nano S work as a backup to my Ledger nano X. I would keep the backup device at my parents or friends house but leave it in packaging only for recovery if needed. I just worry about a situation where I lost my ledger device or it was damaged. In that case if I only had one ledger I would have to wait for a new one to ship before I can recover any funds correct? but I can mitigate this by having a back up device ready to recover in the worst case situation?

Exactly, buy 2 devices, just in case … I hope it will not be the case to lose it but who knows :slight_smile:
I think ledger S will be fine to bkp ledger X if you have only Cardano (ledger S supports Up to 6* apps installed vs ledger X Up to 100* apps installed)

any way keep in mind that ADA are stored on blockchain and daedalus, yoroi, adalite, ledger… is just the way to access them

Thanks @Alexd1985 for great answers. I just want to add that if you’re curious about best practices, you may find Charles Hoskinson’s video useful:

TL;DR: Hardware wallets are secure in the same way a powered off and unplugged computer is secure!

The Explanation:

The private key that is on the ledger/trezor/etc uses seed words unique to the cryptographic algorithm and generated dictionary of these devices. So while there is only ONE private key, which is still a hash generated by seed words, it can’t be restored in wallet software by design.

NEVER enter these on a keyboard, take a picture with phone, or anything like that!

When you use hardware wallet apps to communicate with software wallets what you are really doing is exporting the public key and negotiating transaction signing and confirmation. Thus one hardware wallet can work with many blockchains by negotiating with each protocol, thus the different apps to handle that for each protocol differently.

Think of it like a magic black box. For Cardano the transaction is created by Daedalus with appropriate amounts, to and from addresses, calculated minAda, etc. It then sends that transaction to the HW wallet app which prompts you to confirm. You have to enter the correct pin and push the physical button to sign. However it’s like signing with invisible ink because the secret key never leaves the magic box. The HW app then sends ONLY the “approved” transaction back to Daedalus who submits it to the node and processes it on the blockchain.

However if you reject the transaction or if your HW wallet is not even connected or powered on then it is impossible to process any transaction that sends cryptocurrency or requires a signature. Especially important to understand is you don’t need to sign transactions with your private key to receive ADA. So you can send from an exchange to your wallet, get a payment, a gift from a friend, or use any generated receive addresses for your synched public key at will. Simply keep your hardware wallet in a secure location. The only time you should plug in and use the hardware wallet is when YOU want to spend some ADA, such as paying the processing fee for picking a new stake pool to delegate to.

Pros:

  • Private key is never stored on any other device (cold storage)
  • Private key is not compatible with other wallets
  • There is no “spending password” you must use the physical device
  • Brute force attack is much more difficult as restoring requires manual usage of physical device

Cons:

  • Device is easily lost or broken
  • Device may become incompatible or unsupported (long term ~5+ years)
  • Scams still exist. Only buy from manufacturer, always verify HW and SW, etc
  • They are expensive. It probably isn’t worth the hundreds $$$ you will need to use these devices unless you have significant holdings.

It may cost thousands of $$$$ if you go “all-in” like Mr. Hoskinson in the video above. He showcases lots of cool gizmos and tips for securing technology though. At least Linux is free, thanks Mr. Torvalds :wink: