Ledger — Practical Playbook

A hands-on manual: workflows, threat models, recovery rehearsals, and advanced tips for real-world use.
Audience: intermediate & advanced users
Focus: operational security

What this playbook covers

This document is written for people who already understand basic wallets and private keys and want to operate a Ledger device safely in the real world. We'll cover secure procurement, setup, routine operations (receive/send), emergency recovery, threat models, and layered defenses such as passphrases, multisig, and air-gapped signing. Each section ends with a short checklist you can follow in practice.

Procurement & first steps

Always buy new from the official store or authorized retailers. Supply chain attacks are rare but possible; a tampered device could be preloaded with malware or a backdoor. When the device arrives, inspect packaging for signs of tampering, then power it up and perform a factory initialization — never accept a pre-initialized device.

1. Unbox & inspect

Look for broken seals, unexpected accessories, or scratches.

2. Initialize

Set a PIN and write down the 24-word recovery phrase on paper or metal.

3. Firmware

Install firmware via Ledger Live and verify device attestation prompts.

4. Test

Receive a small test transaction, confirm it on-device, and verify balance in Ledger Live.

  • ✅ Buy new from official channels
  • ✅ Initialize yourself (never accept pre-initialized)
  • ✅ Write recovery phrase offline; no photos

Daily workflows: receive & send

Day-to-day operations are simple but require mindfulness. The device display is your ultimate source of truth — always confirm addresses and amounts on the physical device, not just the host computer.

Receiving

  1. Open Ledger Live or a linked wallet and request a receive address.
  2. Confirm the shown address on your Ledger device screen matches the app's string (first and last few characters are helpful shortcuts).
  3. Send a small test amount before larger transfers.

Sending

  1. Prepare the transaction in Ledger Live or a supported external wallet.
  2. When prompted by the device, carefully review the recipient address, amount, and fee — the device shows these fields explicitly.
  3. Only approve after visual confirmation on the device; remote malware cannot sign without explicit on-device approval.
Confirm details on-device

Threat models & mitigations

Think in layers. The primary adversaries include: remote malware on your computer, phishing websites, physical attackers with device access, and supply-chain tampering. Mitigations include using a dedicated clean machine for signing, enabling a strong PIN, using passphrases for hidden wallets, and considering multisig setups for large holdings.

  • ✅ Use a strong, unique PIN and keep it secret
  • ✅ Keep recovery phrase offline — consider metal backups
  • ✅ When possible, use a dedicated signing environment for high-value operations

Advanced: passphrases, multisig, & air-gapped signing

Advanced users can combine features to significantly raise security. A passphrase provides a stealthy separate wallet space; multisig splits signing authority across devices/people; and air-gapped signing (using QR codes or SD cards) eliminates direct USB connections to potentially compromised hosts.

// Example: simple multisig checklist 1. Generate three distinct hardware wallets 2. Create a 2-of-3 multisig descriptor in a trusted wallet (e.g., Electrum or Sparrow) 3. Safely distribute public keys; keep private keys offline 4. Test recovery and signing with small transactions
  • ✅ Test multisig recovery paths before trusting large sums
  • ✅ Document where each backup lives and who can access it

Recovery rehearsal

The single most valuable exercise: perform an annual recovery rehearsal. Using a spare device and your written recovery phrase, restore the wallet and verify expected addresses/funds. This validates that your backup is complete and legible and ensures you can recover under pressure.

  1. Use an offline spare device; input the recovery phrase exactly as written.
  2. Restore accounts and verify expected addresses (— do not move funds during the rehearsal).
  3. If anything fails, revise how you store the recovery phrase (legibility, redundancy, geographic split).

Operational checklist (TL;DR)

  • Buy new, initialize yourself
  • Write recovery phrase offline; store in two secure locations
  • Use a PIN and enable optional passphrase only if you have a safe backup plan
  • Verify addresses on-device always
  • Perform annual recovery rehearsals
  • Consider multisig for large holdings
This playbook is informational and not financial advice. For official firmware, apps, or support, consult Ledger's official resources. Treat your recovery phrase like the master key to your funds.