Setup and recovery phrase
Initialize the device yourself — never use a pre-seeded wallet or a phrase someone sent you. Write the recovery phrase on paper or metal; do not store it in cloud notes, email, or photos.
Consider a passphrase (BIP39 extension) if your wallet supports it and you understand you must back up both phrase and passphrase.
- Buy from official or authorized sellers
- Generate the seed on-device during first setup
- Never type your seed into a website or app
- Store backups in separate physical locations
Day-to-day signing
Always confirm recipient address and amount on the hardware screen, not only in the browser. Malware can show a fake address on your computer while the device shows the real one — if they differ, cancel.
Be skeptical of urgent messages (“validate your wallet,” “claim an airdrop”). Legitimate support will never ask for your seed.
Firmware and software
Install companion apps from official sources. Update firmware when the manufacturer releases security patches, but verify release notes on their official site first.
Disable Bluetooth or wireless features if you do not use them — fewer radios can mean a smaller attack surface on some models.
Physical security
Treat the device like a high-value object. Use a PIN. If the device supports duress or passphrase features, learn how they work before you need them.
If you lose the device but still have the recovery phrase, move funds to a new wallet promptly — anyone who finds the hardware may attempt attacks over time.
When something feels wrong
Stop, disconnect, and verify through a second channel (official docs, manufacturer support site typed manually). Do not rush large transfers after installing new software or clicking unfamiliar links.