How to Verify Your Hardware Wallet Is Genuine Before You Set It Up

If your hardware wallet arrived with a PIN already set or a recovery sheet already filled in, do not use it. A tampered or counterfeit device can let an attacker drain every coin you send to it.

Verifying that a Ledger, Trezor, or Tangem device is genuine takes a few minutes during setup. This guide covers exactly what to check on each brand and what to do if something looks wrong.

Short answer

A genuine hardware wallet asks you to set your own PIN, shows a fresh welcome screen, ships with a blank recovery or backup sheet, and passes a built-in authenticity check during setup. Buy only from the manufacturer's official store or an authorized retailer.

Why device authenticity matters

A hardware wallet's job is to keep your private keys offline. If the device itself is compromised - pre-loaded with an attacker's seed, modified firmware, or a fake Secure Element - then the security model breaks before you deposit a single satoshi.

The most common real-world scenario is not a sophisticated hack. It is a buyer who purchases from an unofficial seller, receives a device that looks factory-sealed, and sets up a wallet on a device that an attacker already controls.

Ledger: what to check

Ledger devices (Nano S Plus, Nano X, Flex, Stax) go through several verifiable stages during unboxing and setup.

Physical checks

• Blank recovery sheet. Every Ledger ships with blank Recovery Sheets. Ledger never provides a pre-filled 24-word phrase. If words are already written on the sheet, stop and contact Ledger Support.
• Welcome screen. On first power-on, the device must display a welcome message specific to the model (for example, "Welcome to Ledger Nano X - Press right to continue" or "Welcome to Ledger Stax, your digital signer"). If the device asks for a PIN immediately, it has already been set up by someone else.
• No anti-tamper seal on most models. Ledger generally does not use holographic seals on its packaging. The Secure Element chip provides the real tamper protection, not a sticker. The Ledger Flex may include anti-tamper tape strips, but absence of a seal on other models is normal.

Software checks

• Ledger Genuine Check. During initial setup, the Ledger companion app runs a cryptographic handshake with the device. The Secure Element in a genuine Ledger holds a unique secret key set during manufacturing. The app challenges the device to prove it possesses this key. If the check fails, do not use the device.
• Manual re-check. You can re-run the genuine check at any time through the companion app's settings or by connecting to the "My Ledger" section.

Where to buy

Ledger sells through its official website (ledger.com) and official Amazon storefronts in specific countries including the US, UK, Germany, France, Spain, Italy, Japan, Australia, and others. Ledger also lists authorized retailers on its support pages.

Trezor: what to check

Trezor devices (Safe 3, Safe 5, Safe 7) use holographic seals, blank backup cards, and Secure Element verification.

Physical checks

• Holographic seal. The USB-C port on Trezor Safe 3 is covered by a holographic seal. An original design features the Trezor logo; an updated design (from April 2024 onward) includes the UK CA mark. The seal must be intact and firmly attached. Peeling it should leave a "VOID" residue on the device - this is expected.
• Blank backup cards. The wallet backup cards inside the box must be completely blank. Trezor Safe 3 ships with either 12-word (2023 version) or 20-word (2024 version) backup cards, depending on manufacturing date. If any card has words pre-printed or pre-written, stop and contact Trezor Support.
• No pre-installed firmware. Every Trezor leaves the factory without firmware. You install the latest version through Trezor Suite during setup. If the device appears to already have firmware installed, it may have been used or modified.
• Manufacturing seams are normal. Slightly rough edges or visible seams on the plastic casing are injection molding artifacts, not signs of tampering.

Software checks

• Secure Element authentication. Trezor Safe 3/5/7 include a Secure Element chip (OPTIGA Trust M). When you first connect the device, both the main MCU and the Secure Element participate in a hardware-level authenticity check that confirms the device is genuine and unmodified.
• Firmware signature verification. Every time the device connects, the bootloader checks the firmware signature. Trezor Suite will only operate with firmware officially signed by SatoshiLabs.

Where to buy

Trezor sells through its official website (trezor.io). The site also offers an expert onboarding session for users who want a guided setup.

Tangem: what to check

Tangem takes a different approach. There is no screen or USB port - the wallet is a card (or ring) that communicates with your phone via NFC. Verification focuses on the card's hardware security and the setup flow.

Physical checks

• Tamper-resistant design. Tangem cards are made from monolithic materials that are resistant to physical tampering. The cards are rated IP69K for durability against dust, water, electromagnetic pulses, X-rays, and extreme temperatures.
• No pre-seeded setup. When you tap a new Tangem card to your phone, the app should prompt you to create a new wallet. If the card appears to already be configured or asks for an existing access code on first use, it may be a used or tampered unit.

Software and hardware checks

• EAL6+ Secure Element. Tangem uses a Samsung Semiconductor chip certified to EAL6+ - the same security level used in passports and high-security payment systems. Private keys are generated inside the chip via a True Random Number Generator and never leave the card.
• Immutable firmware. Tangem's firmware is installed at the factory and cannot be updated. This prevents post-manufacturing firmware tampering but also means you should always buy the latest hardware version.
• Access code setup. During onboarding, you set your own access code (minimum 4 characters). After six failed attempts, delays increase progressively up to 45 seconds. A genuine card has no pre-set access code.
• Multi-card redundancy. Tangem sells sets of 2 or 3 cards. Each card holds an identical copy of the private key. If one card is lost or damaged, the remaining cards still work.

Where to buy

Tangem sells through its official website (tangem.com). Buying from third-party marketplaces carries the same tampering risk as any hardware wallet.

General rules regardless of brand

1. Buy from the official store or an authorized retailer. The most common way people end up with a compromised device is purchasing from an unknown third-party seller on a marketplace platform.
2. Never use a device that ships with a PIN or seed phrase. No manufacturer ships a wallet with a pre-set PIN or a pre-filled recovery sheet. This is the single most important check.
3. Run the built-in genuine check during setup. All three brands have a software or hardware verification step. Do not skip it.
4. Keep firmware updated after setup. For Ledger and Trezor, firmware updates patch security vulnerabilities. Tangem's firmware is fixed at the factory, so the hardware version you buy matters.
5. If something feels wrong, stop and contact support. It is better to delay setup by a day than to send crypto to a compromised device.

What to do if you suspect your device is compromised

• Do not send any crypto to the device.
• Contact the manufacturer's support team directly through their official website. Do not use phone numbers or email addresses found in the box - those could be part of the scam.
• Document what you found (photos of the recovery sheet, packaging, error messages).
• Request a replacement or refund through the official channel where you purchased the device.

Related guides

• Address Poisoning Scams: How to Avoid Sending Crypto to the Wrong Wallet - protect yourself from lookalike address attacks after setup.
• Seed Phrase Mistakes That Cost People Money - common backup errors and how to avoid them.
• Paper vs Metal Seed Phrase Backup - choose the right backup medium for your recovery phrase.
• Best Hardware Wallet for Beginners - compare Tangem, Ledger, and Trezor for a first wallet.
• Hardware Wallet Firmware Updates: What to Check Before You Click Update - when to update and when to pause.
• Should You Keep Crypto on an Exchange or Move It to a Wallet? - decide when self-custody makes sense.