Jameson Lopp is a software engineer at BitGo, creator of statoshi.info and founder of bitcoinsig.com.
In this guest review, he puts the recently released Ledger Blue hardware cryptocurrency wallet through its paces to see if its high price is matched by its utility.
Name: Ledger Blue
What it is: A handheld cryptocurrency hardware wallet device architected around a secure element, featuring a touchscreen and USB/NFC/BLE connectivity for PC and smartphone compatibility. It runs multiple apps such as bitcoin, ethereum, FIDO U2F, SSH, and GPG, and can be used with a number of digital currencies including bitcoin, dash, Zcash, litecoin and dogecoin.
Who’s behind it: Ledger, a French startup that builds personal security devices for end users, hardware security modules for servers, and hardware oracles for the IoT.
Cost: €229 + shipping
Date launched: December 2016
Summary: The Ledger Blue is the next step in the evolution of cryptocurrency hardware wallets. It combines high-end security with ease of use. The biggest downside for early adopters is that the full capabilities of the device are not yet available.
Where to buy: Directly from Ledger
At €229, the Ledger Blue is the most expensive bitcoin hardware security device on the market. The last time I paid this much for a hardware wallet ($200 for a Case Wallet), I was mostly disappointed. Let’s dig into the details to see if the Blue’s utility matches its price.
The Blue comes with an impressive array of cryptographic and security features that you can read about in their announcement article and on the product page itself. Since most of them are honestly outside the range of my expertise to test, I won’t be performing a hardware teardown or deep technical dive because it wouldn’t be particularly informative.
I’m confident in the security functionality offered by Ledger and will instead focus on user experience for this review.
When I received my Blue, it arrived well packaged with tamper-evident tape along all edges.
Upon opening the shrink-wrapped box, you’ll find a note that mentions that the device doesn’t actually need tamper-evident seals.
Turning on the device for the first time and configuring it was a breeze.
I generated my backup seed phrase, wrote it down, confirmed that I had it written down, and the Blue was ready to use!
Inside the box, a note directs you to Ledger’s site for configuration instructions. Ledger has also released a series of tutorial videos that make it very straightforward to learn how to set up and use the device.
While I personally did not find the need to make use of these resources, I’m sure plenty of users will appreciate them.
I decided to use my Blue to test BitGo’s Ledger integration that we were developing and have just released. You can read more about how to use the Ledger Blue or Ledger Nano S with BitGo in this guide.
The Blue works well with BitGo’s web client, though there is one outstanding issue that Ledger needs to fix with their bitcoin app in order to better support P2SH transactions.
At the moment, the transaction details are not displayed on the device, which only displays ‘P2SH’. Ledger said it expects to release a new app to fix this in the next few weeks.
The Ledger Blue is a lightweight device, the size of a small smartphone. At a mere 90g, it’s only half the heft of my Nexus 6.
With the Blue, there is almost no risk to the user in case of device theft or loss. An attacker will find the device rendered unusable after three failed login attempts, while a lost device can simply be replaced and a new one reinitialized from the 24-word seed phrase.
The large touchscreen that supports a QWERTY keyboard for input is superior to the Ledger Nano S’s two buttons, which can be a pain to click many times while navigating around the device.
Incidentally, if you’re setting up a Ledger hardware device that doesn’t have a screen, such as the HW.1 or Nano, you should go through the hassle of setting up a secure computer to generate the seed – this is unnecessary with the Nano S and Ledger Blue.
Along a similar vein, Ledger devices without screens could potentially be vulnerable to man-in-the-middle attacks if used with a compromised computer and thus require an additional layer of security that requires the user to either pair the device with a smartphone or enter a code from a separate security card – an added inconvenience.
Ledger says the Blue has a “strong and durable casing, anti-scratch glass”, though I was slightly worried about screen scratches. Upon receiving my Ledger Blue, I threw it in my laptop satchel with lots of other loose electronics and took a weeklong trip from America to Europe. Thus far, the Blue’s screen hasn’t taken any visible damage.
I tested the device’s battery life by turning the auto-sleep settings to the maximum period and leaving the device powered on at the default 75% screen brightness, waking it every time the screen turned off. The device lasted for over three hours continuously, which ought to allow you to make quite a few transactions between charges.
When writing down the 24-word seed phrase while initializing the device, it’s a slight annoyance (and potential cause of user error) that the entries on the provided card alternate left and right while on screen they are listed top to bottom.
Also, the default screen timeout is 30 seconds and you find yourself having to turn it back on every time you want to display the next page of recovery words. I was surprised when the confirmation at the end only checks two random words – I would feel more comfortable if it checked that I correctly wrote down all 24.
Another minor annoyance is that when pressing the power button to turn on the device, the screen flickers, which was slightly disconcerting at first because I thought something was wrong. In order to actually turn on the Blue, you must hold down the power button for three seconds – ignore the initial screen flash.
You can see on this YouTube video that Kenneth Bosak experienced the same flicker with his early batch Blue. Ledger tells me that this issue has since been fixed. My replacement did not have the flicker at first, though several weeks later I noticed that it also started experiencing the flicker upon pressing the power button.
Ledger has several nice wallets that are Chrome apps, though anyone who intends to use these should be aware that Google is discontinuing Chrome App support in 2018. Ledger says it’s already working on a replacement platform – details of which are still not announced.
It also wasn’t clear to me how to set the ‘plausible deniability’ alternate PIN that was touted in this blog post. Upon reaching out to Ledger, I was told that the Blue currently only supports the passphrase option using the same setup method as the Nano S which uses Python scripts. Unfortunately there is a bug in setting the alternate PIN, so right now it can be used only with a dynamic passphrase. They hope to fix this with a firmware update in Q1 2017.
In my opinion, this is one of the few areas where Ledger could improve the usability of the device, by enabling users to activate this feature either on the device or via a management app.
I also wanted to test the Ledger Blue against a Mycelium wallet on my phone, but I wasn’t aware that I’d need an OTG adapter to do so. I was hoping I’d be able to add it wirelessly because the Blue has bluetooth support, but it appears that Mycelium hasn’t added it yet.
The Blue also has the capability to support NFC, but the current version of firmware doesn’t support it. After contacting Ledger about this feature, they responded that they are planning to release the NFC firmware update around the end of Q2 2017.
Since I ended up with some downtime while waiting to receive a replacement Blue (see below for why I needed one), I bought this OTG adapter from Amazon and later successfully tested that the Blue works with Mycelium in this configuration.
On a related note, a quirk I noticed (that only developers will care about) is that when using the Ledger Blue on testnet, it still displays mainnet addresses on the device for confirmation.
Ledger told me the address format bug is expected – they need to build a bitcoin app compiled for testnet on the device to support it. The testnet bitcoin app is not yet offered in the Ledger app manager.
I then decided to also test GreenAddress’ GreenBits mobile wallet to see how it fared. One thing I noticed off the bat was that there’s no point opening GreenBits without the Blue connected – it would just load my default wallet.
Instead, upon connecting the Blue and entering my PIN, my Android phone would prompt me to “Login” with the Blue, at which point GreenBits would open my Ledger-based wallet.
The wallet worked fine for sending, though since GreenAddress is a 2-of-2 multisignature wallet, the P2SH display issue also presented itself as it did with BitGo’s wallet.
I later realized that since there is no way to open a GreenBits Ledger wallet without the device present, this means that it’s not possible to receive transactions to your wallet without the Blue plugged in and unlocked, which is suboptimal since a wallet shouldn’t have to be unlocked in order to receive funds.
After showcasing the Blue to some of the members at my local bitcoin meetup group, they asked me if I thought it was robust against everyday wear and tear. My Blue had already been subjected to rattling around inside my laptop bag for several weeks, so we decided to perform a simple drop test.
I dropped it (face up) from a height of less than six inches onto a nearby table. Upon picking up the device and trying to turn it on, I noticed that the power button was missing and when I shook the Blue there was a rattle that was clearly the power button. My Blue was now perfectly secure – even I was unable to access its contents!
I sent an email to Ledger support and they promptly responded, noting that it was a known build-quality issue and they were replacing the first batch of units. One week later, I had my replacement in hand, along with an assurance that the assembly process for the button had been modified so it doesn’t get dislodged. I’ve performed the same drop test upon the replacement several times and it’s undamaged.
Upon powering up my replacement unit, I immediately noticed that it emits an extremely high pitch whine reminiscent of some older TVs and CRT monitors. I found this to be odd given that the first Blue didn’t make any sounds. After contacting Ledger, they explained that this comes from an inductance that vibrates at a frequency audible by human ears and it’s a known issue that will be fixed with a firmware update.
As you can see, the Blue has a number of minor software and hardware issues that need to be worked out. I expect that they’ll all be rectified in time to be applied to the next batch produced.
The closest competitors for this level of hardware security and usability are TREZOR, KeepKey, and Ledger’s own Nano S. They all seem to have good reviews and you probably can’t go wrong by using any of them.
While I ran into some quality issues, this is somewhat to be expected with a first run of completely new hardware. I see no reason for users to be concerned about hardware issues because I received excellent support and Ledger’s CEO, Eric Larchevêque, told me via email:
“Ledger is highly committed to deliver the best customer support possible, and we assume 100% of our mistakes. Our policy is to refund or exchange any device with even the slightest issue.”
The Ledger Blue is by far the most user-friendly Ledger product I’ve used. In comparison to the HW.1, Nano, and Nano S, the Blue is more versatile and easy to use.
If you’re a technical user or early adopter of new technology then it should be fine for you to buy a Blue today. If you’re less technical and want a more battle-tested and full-featured product, you may want to wait a few months for the hardware and software kinks to be ironed out.
Review images via the author