A competent entry-level hardware wallet at $69 that covers the basics without cutting corners on core security. The CC EAL6+ certified ST33K1M5 secure element with secure boot provides a solid hardware trust anchor, and 5,500+ token support across 50 networks handles most portfolios. Closed-source firmware with no reproducible builds is a non-trivial trust assumption — users who require full auditability should look elsewhere.
The Nano S Plus uses an STMicroelectronics ST33K1M5 secure element rated CC EAL6+ — the highest certification level among mainstream consumer hardware wallets. For comparison, the Trezor Model T uses no dedicated secure element at all, relying entirely on its STM32 MCU with software-only protections. The Coldcard Mk4 uses an ATECC608A secure element rated at EAL2, making Ledger's silicon certification meaningfully stronger on paper.
Secure boot is implemented: firmware is cryptographically signed by Ledger and verified at every boot cycle. However, the firmware is closed-source and builds are not reproducible, meaning independent researchers cannot verify that the published binary matches any audited source. This is a significant transparency gap. Trezor's firmware, by contrast, is fully open-source with reproducible builds.
Genuine device verification is handled via a cryptographic attestation protocol at first setup — the device proves it holds a Ledger-issued private key burned into the secure element at manufacture. This is a real supply chain protection, not just a hologram sticker.
Known attack surface: in 2023, Ledger's Recover service controversy exposed that the firmware architecture allows seed sharding and exfiltration under certain conditions — vendor claims this requires explicit user consent, but the closed-source nature means this cannot be independently verified. No confirmed remote exploits of the ST33K1M5 are publicly documented as of this writing.
SecurityKey Factor
Seed generation happens fully on-device using the BIP39 standard, producing a 24-word mnemonic. The 24-word length provides 256 bits of entropy, which is stronger than the 128-bit entropy of a 12-word seed. The seed is displayed on the 0.9-inch OLED screen during setup and never transmitted to a connected computer.
Backup options are limited to the standard paper/metal approach — there is no Shamir Secret Sharing (SLIP39) and no multi-card split backup built into the device. Trezor Model T supports SLIP39 natively, allowing seed splitting across multiple shares, which is a meaningful advantage for users who want redundancy without a single point of failure.
BIP39 passphrase (25th word) is supported, enabling hidden wallets. This is correctly implemented as a standard feature and works with any BIP39-compatible recovery tool.
Ledger does offer an optional subscription service called Ledger Recover ($9.99/month) that encrypts and shards the seed across three custodians. This is vendor-managed and requires ID verification — it is not a self-sovereign backup solution and should not be treated as one.
Restoring on a new device is straightforward: any BIP39-compatible wallet (Trezor, Coldcard, Sparrowsoftware wallet) can recover funds from the 24-word seed. Recovery is not locked to Ledger hardware, which is the correct behavior.
Recovery & backups
First-time setup takes approximately 10–15 minutes: install Ledger Live, connect via USB-C, generate seed, write down 24 words, confirm words on-device, set PIN. The process is linear and well-guided by Ledger Live, but writing and verifying 24 words adds friction that 12-word devices like the Foundation Passport avoid.
The display is a 0.9-inch monochrome OLED — larger than the original Nano S (0.5 inches) but still small. Navigation uses two physical buttons plus a simultaneous press to confirm. There is no touchscreen. Reading transaction details requires scrolling through multiple screens, which is functional but slower than the Trezor Model T's 240×240 color touchscreen.
Daily use for sending requires: unlock device, open Ledger Live or compatible wallet, initiate transaction, scroll through and verify address and amount on device, confirm with both buttons. Address verification on the small screen is workable but demands attention — a 0.9-inch display showing a truncated address is not ideal for high-value transactions.
Ledger Live is available on Windows, macOS, Linux, and Android (iOS is not supported). The desktop app is polished and handles coin management, firmware updates, and app installs. It requires account setup with an email address for some features, though basic device use does not mandate an account.
Beginners will find Ledger Live's guided flows accessible. Advanced users who want airgap workflows or PSBT signing will find the USB-only connectivity limiting compared to Coldcard or Passport.
Usability / UX
The Nano S Plus supports 50+ networks and approximately 5,500 tokens, covering all major L1 chains including Bitcoin, Ethereum, Solana, Polygon, BNB Chain, Avalanche, and Cosmos. Each blockchain app must be individually installed via Ledger Live, and storage is limited — you can hold roughly 3–6 apps simultaneously depending on app size, which requires swapping apps in and out for users with diverse portfolios.
Third-party wallet compatibility is strong: MetaMask, MyEtherWallet, Electrum, Sparrow Wallet, and BlueWallet all support Ledger via WebUSB or native HID. This is a practical advantage for users who prefer not to use Ledger Live for transaction management.
WalletConnect integration is available through Ledger Live's browser, enabling DeFi and NFT interactions. However, there is no native QR code or NFC connectivity — all communication is USB-only, which eliminates airgap workflows entirely. Coldcard Mk4 supports PSBT via SD card and QR, and Foundation Passport supports QR-based airgap signing — both are superior for users prioritizing network isolation.
Coin control is supported, which is relevant for Bitcoin privacy workflows in Sparrow or Electrum. Basic multisig is available but requires third-party tools like Sparrow; Ledger Live itself does not manage multisig setups natively.
Ecosystem & integrations
Basic device operation does not require account registration. However, Ledger Live collects telemetry by default — usage analytics are opt-out, not opt-in. The opt-out is accessible in settings but is not surfaced during onboarding. Trezor Suite also collects analytics but makes the opt-out more prominent during first launch.
Ledger Live connects to Ledger's own nodes to fetch balances and broadcast transactions, meaning Ledger's servers see your xpub and IP address by default. There is no built-in Tor routing. Users can partially mitigate this by using Electrum or Sparrow with their own Bitcoin node, but Ledger Live itself offers no native Tor or custom node support for most chains.
For Bitcoin-specific privacy, CoinJoin is not natively supported in Ledger Live. Sparrow Wallet's Whirlpool integration works with Ledger hardware, providing a workaround, but it requires additional setup.
Coldcard Mk4 and Foundation Passport are meaningfully better privacy options: both work without any vendor-connected software, support direct node connections, and Coldcard in particular is designed around the assumption that the host computer is untrusted. The Nano S Plus's dependence on Ledger Live for most users creates a persistent privacy liability that the hardware security alone does not offset.
Privacy
The Nano S Plus retails at $69 USD directly from Ledger. Compared to direct competitors: the Trezor Model One costs $49 (no secure element, EAL0 effectively), the Trezor Model T costs $179 (open-source, touchscreen, SLIP39, but no secure element), and the Coldcard Mk4 costs $147 (EAL2 secure element, fully airgapped, open-source firmware). The Foundation Passport costs $199 (open-source hardware and firmware, QR airgap).
At $69, the Nano S Plus sits in a competitive middle ground. It delivers a CC EAL6+ secure element — which no competitor at this price point matches — and broad ecosystem support via Ledger Live. For a user whose primary concern is secure element certification and mainstream coin support, this is the strongest value at sub-$100.
The value proposition weakens for specific user profiles:
Bitcoin-only users who want airgap signing should spend $147 on a Coldcard Mk4 — the security architecture is better suited to that use case.
Open-source advocates get more transparency from a Trezor Model T at $179 or a Passport at $199, despite the higher price.
Casual users who want the simplest setup might find the $49 Trezor Model One sufficient if they accept the lack of a secure element.
The $69 price is fair for what the hardware delivers. The closed firmware is the main reason to consider paying more elsewhere.
Price & value
The Ledger Nano S Plus is a solid mid-range hardware wallet that delivers enterprise-grade security at an accessible price point, making it a genuinely compelling choice for most everyday crypto users — though it comes with notable trade-offs around software transparency and connectivity.
Buy this wallet if:
You hold a diverse portfolio and need broad coverage: with support for over 5,500 tokens across 50 networks, the Nano S Plus handles multi-chain exposure better than most wallets in its price class.
You prioritize hardware security above all else — the CC EAL6+ certified ST33K1M5 secure element from STMicroelectronics is among the strongest chips available in any consumer hardware wallet at $69.
You are a desktop-first user on Windows, macOS, or Linux who doesn't need wireless connectivity and prefers a compact, battery-free device that's always ready via USB.
Skip this wallet if:
Open-source firmware is non-negotiable for you. The Nano S Plus runs closed-source, non-reproducible software — consider the Coldcard Mk4 ($149) or Foundation Passport ($199) if auditability is a priority.
You need mobile-first or wireless operation. With no Bluetooth, NFC, or QR capability and no iOS support, the Nano S Plus is a poor fit for users who manage assets primarily from a smartphone — the Ledger Nano X ($149) or Keystone 3 Pro ($169) are better alternatives here.
You want Shamir Secret Sharing or advanced backup redundancy — the standard 24-word BIP39 seed is your only recovery option, whereas the Trezor Model T ($219) offers SLIP39 Shamir backup natively.
If choosing between the Nano S Plus and the Ledger Nano X ($149): pay the $80 premium only if you genuinely need Bluetooth and mobile access — otherwise the Nano S Plus offers nearly identical security for less. If choosing between the Nano S Plus and the Trezor Model One ($59): spend the extra $10 for the Nano S Plus; the superior secure element and larger screen justify the marginal cost difference.
At $69, the Ledger Nano S Plus earns its place as a dependable, security-focused entry point into hardware wallet ownership — just go in with clear eyes about its closed ecosystem and wired-only limitations.
✓ Our Verdict
The Ledger Nano S Plus is a solid mid-range hardware wallet that delivers enterprise-grade security at an accessible price point, making it a genuinely compelling choice for most everyday crypto users — though it comes with notable trade-offs around software transparency and connectivity.
Buy this wallet if:
You hold a diverse portfolio and need broad coverage: with support for over 5,500 tokens across 50 networks, the Nano S Plus handles multi-chain exposure better than most wallets in its price class.
You prioritize hardware security above all else — the CC EAL6+ certified ST33K1M5 secure element from STMicroelectronics is among the strongest chips available in any consumer hardware wallet at $69.
You are a desktop-first user on Windows, macOS, or Linux who doesn't need wireless connectivity and prefers a compact, battery-free device that's always ready via USB.
Skip this wallet if:
Open-source firmware is non-negotiable for you. The Nano S Plus runs closed-source, non-reproducible software — consider the Coldcard Mk4 ($149) or Foundation Passport ($199) if auditability is a priority.
You need mobile-first or wireless operation. With no Bluetooth, NFC, or QR capability and no iOS support, the Nano S Plus is a poor fit for users who manage assets primarily from a smartphone — the Ledger Nano X ($149) or Keystone 3 Pro ($169) are better alternatives here.
You want Shamir Secret Sharing or advanced backup redundancy — the standard 24-word BIP39 seed is your only recovery option, whereas the Trezor Model T ($219) offers SLIP39 Shamir backup natively.
If choosing between the Nano S Plus and the Ledger Nano X ($149): pay the $80 premium only if you genuinely need Bluetooth and mobile access — otherwise the Nano S Plus offers nearly identical security for less. If choosing between the Nano S Plus and the Trezor Model One ($59): spend the extra $10 for the Nano S Plus; the superior secure element and larger screen justify the marginal cost difference.
At $69, the Ledger Nano S Plus earns its place as a dependable, security-focused entry point into hardware wallet ownership — just go in with clear eyes about its closed ecosystem and wired-only limitations.
Ready to buyLedger Nano S Plus?
We may earn a commission if you purchase through our links. This doesn't affect our editorial independence.
Impermanent loss happens when asset prices in a liquidity pool diverge from external markets, reducing the value of liquidity providers' holdings compared to simply holding the assets.
EAL Certification (Evaluation Assurance Level) from Common Criteria rates the security of hardware components, like secure chips in crypto hardware wallets. Higher levels, such as EAL5+ or EAL6+, indicate stronger resistance to attacks.
Secure Boot is a security feature that ensures only trusted software runs on a device by verifying its integrity during startup, preventing unauthorized code execution in crypto systems.
Reproducible Builds refer to the process where the same source code consistently produces identical binary outputs, ensuring verifiable and trustworthy software in blockchain and crypto projects.
Firmware Attestation is the process of verifying the authenticity of a device's firmware to ensure it has not been tampered with, commonly used in hardware wallets for security.
BIP39 is a standard for generating mnemonic seed phrases that are used to create deterministic wallets and securely back up cryptocurrency private keys.
A backup in cryptocurrency is a secure copy of a wallet's seed phrase or private keys. It enables recovery of funds if the original wallet is lost or damaged.
Shamir Secret Sharing (SSS) divides a secret, like a crypto wallet seed, into multiple shares. A threshold number of shares reconstructs it, enhancing security as in SLIP-39 backups.
Seed splitting divides a cryptocurrency wallet's seed phrase into multiple shares stored separately. Reconstructing the full seed requires combining all shares for enhanced security.
A passphrase is an additional security layer for cryptocurrency wallets, acting as a 25th word in the BIP39 seed phrase, protecting access to hidden wallets.
Recovery is the process of restoring access to a cryptocurrency wallet using its seed phrase or mnemonic backup if the original wallet is lost or inaccessible.
Vendor Backup is a service by hardware wallet manufacturers that securely stores encrypted seed phrase shards with third parties, enabling recovery without self-custody of the full seed.
Self-custody means users control their own private keys to manage cryptocurrency assets directly, without third-party custodians. It embodies 'not your keys, not your coins.'
Coldcard is an air-gapped hardware wallet for Bitcoin, made by Coinkite, that stores private keys offline and signs transactions without internet exposure.
Ledger Live is a software application that manages cryptocurrency assets and interacts with Ledger hardware wallets for secure transactions and portfolio management.
Address Verification confirms the receiving address shown on a hardware wallet's screen matches the one on the computer or app, preventing malware from altering it.
UTXO (Unspent Transaction Output) is a unit of cryptocurrency from a previous transaction that remains unspent and serves as input for new transactions in blockchains like Bitcoin.
PSBT (Partially Signed Bitcoin Transaction) is a Bitcoin transaction format that allows multiple parties to sign a transaction incrementally before finalizing it.
Bitcoin (BTC) is the first decentralized cryptocurrency, launched in 2009. It uses blockchain technology for secure, peer-to-peer digital transactions without intermediaries.
Ethereum is a decentralized blockchain platform that enables smart contracts and decentralized applications (dApps). Its native cryptocurrency is Ether (ETH).
Solana is a high-performance layer-1 blockchain platform that enables fast, low-cost transactions using Proof of History and Proof of Stake. Its native token is SOL.
Polygon is a layer-2 scaling solution for Ethereum that enables faster, cheaper transactions via its Proof-of-Stake sidechain. Native token: MATIC (also called Polygon PoS).
BNB Chain is a high-performance blockchain network developed by Binance, formerly Binance Smart Chain (BSC). It supports smart contracts, DeFi, and uses BNB as its native token.
Avalanche (AVAX) is a scalable layer-1 blockchain platform that achieves high throughput and sub-second transaction finality using its novel proof-of-stake consensus.
Cosmos is a blockchain ecosystem enabling interoperable chains via the Cosmos SDK and IBC protocol. The Cosmos Hub serves as its central chain with the ATOM token.
HODL is cryptocurrency slang for holding assets long-term despite price volatility, rather than selling. It originated from a 2013 forum post misspelling 'hold' as 'I AM HODLING.'
Electrum is a lightweight Bitcoin wallet that allows users to store, send, and receive Bitcoin securely. It is known for its speed and low resource usage.
BlueWallet is a mobile Bitcoin wallet that allows users to securely store, send, and receive Bitcoin. It offers features like Lightning Network support and multi-sig capabilities.
WebUSB is a browser API that lets web apps communicate directly with USB-connected hardware wallets for secure crypto transactions without plugins or native apps.
WalletConnect is a protocol that enables secure communication between decentralized applications (dApps) and mobile wallets through QR code scanning or deep linking.
DeFi (Decentralized Finance) refers to a set of financial services, such as lending and trading, built on blockchain technology without traditional intermediaries like banks.
An NFT (Non-Fungible Token) is a unique digital asset stored on a blockchain, representing ownership of a specific item, such as artwork, music, or virtual goods.
NFC Connectivity in cryptocurrency enables contactless transactions using near-field communication, allowing users to sign or authorize actions by tapping their device to a reader.
Coin Control is a feature that allows users to manually select which unspent transaction outputs (UTXOs) to use in a transaction, giving more control over privacy and fees.
Multisig (multi-signature) is a security feature that requires multiple private keys to authorize a transaction, enhancing protection against unauthorized access in blockchain networks.
Telemetry in cryptocurrency and blockchain refers to the automatic collection and transmission of anonymous usage data, metrics, and error reports from wallets or nodes to improve software.
XPUB is an extended public key (xpub) in hierarchical deterministic (HD) wallets. It derives child public keys and addresses from a master public key without exposing private keys.
A Full Node is a computer that stores the entire blockchain and verifies all transactions, ensuring network security and consistency in cryptocurrency systems like Bitcoin.
CoinJoin is a privacy technique in cryptocurrency where multiple users combine their transactions, making it harder to trace individual senders and receivers.
Cryptocurrency is a digital or virtual currency secured by cryptography, operating on decentralized blockchain networks to enable secure, peer-to-peer transactions.
Ledger Nano S Plus uses a certified Secure Element chip to store private keys in tamper-resistant hardware. Even if the device's software were compromised, the Secure Element isolates your keys from extraction. The device has been independently security audited.
What if Ledger goes out of business?
Your seed phrase follows the BIP39 standard, meaning you can recover your funds using any compatible wallet — you are not locked into Ledger's ecosystem.
What if I lose my Ledger Nano S Plus?
Your cryptocurrency is stored on the blockchain, not on the device. If you lose your Ledger Nano S Plus, you can recover full access using your seed phrase on any compatible wallet.
How long will Ledger Nano S Plus receive security updates?
Ledger provides long-term firmware support for Ledger Nano S Plus. The last security patch was released Jul 2025.
Is the Ledger Nano S Plus safe?
The Ledger Nano S Plus is considered one of the safer hardware wallets available. It uses a CC EAL6+ certified secure element (ST33K1M5 by STMicroelectronics), which is the same grade used in biometric passports and high-security smart cards. It also features secure boot and a genuine check to detect tampering. The main caveat is that the firmware is not open source, so independent verification of the code is not possible — a trade-off some security-conscious users find important.
Is the Ledger Nano S Plus worth it in 2024?
At $69, the Ledger Nano S Plus offers strong value for most users. You get a CC EAL6+ secure element, support for over 5,500 tokens across 50+ networks, coin control, and offline signing — features typically found on more expensive devices. It lacks Bluetooth, NFC, and a battery, which limits mobile use. If you primarily manage assets from a desktop and want solid security without overpaying, it is a well-rounded choice.
Ledger Nano S Plus vs Ledger Nano X: what is the difference?
The two devices share the same secure element and security architecture, but differ in key ways:
Mobile use:Nano X works with iOS and Android; Nano S Plus only supports Android via USB OTG
If you need mobile flexibility, choose the Nano X. For desktop-only use, the Nano S Plus delivers the same security at half the price.
How many coins does the Ledger Nano S Plus support?
The Ledger Nano S Plus supports over 5,500 tokens across 50+ blockchain networks, including Bitcoin, Ethereum, Solana, Polygon, and many EVM-compatible chains. Assets are managed through the Ledger Live app, which is available on Windows, macOS, Linux, and Android. Some coins require installing a dedicated app on the device, and storage space limits how many apps can be installed simultaneously — though apps can be removed and reinstalled without affecting your funds.
Was Ledger hacked, and should I be concerned about using a Ledger Nano S Plus?
Ledger suffered a customer database breach in 2020, exposing names, email addresses, and physical addresses of hundreds of thousands of customers — leading to phishing and social engineering attacks. Importantly, no private keys or funds were compromised, as those never leave the secure element. In 2023, Ledger also faced controversy over its optional Ledger Recover service. The hardware itself has not been remotely exploited. The primary risks are phishing and supply-chain attacks, not the device's core security architecture.
How do I set up the Ledger Nano S Plus for the first time?
Setup takes about 10–15 minutes:
Connect the device to your computer via USB
Download and install Ledger Live from ledger.com
Follow on-screen prompts to initialize the device and set a PIN
Write down your 24-word BIP39 recovery phrase on the provided card — never digitally
Optionally add a passphrase for an extra layer of security
Install coin apps via Ledger Live and add accounts
Always buy directly from Ledger or an authorized reseller to avoid tampered devices.
Does the Ledger Nano S Plus support a passphrase for extra security?
Yes. The Ledger Nano S Plus supports an optional BIP39 passphrase (sometimes called the 25th word). When enabled, it creates an entirely separate set of wallets derived from your 24-word seed combined with the passphrase. This means even if someone obtains your recovery phrase, they cannot access your funds without the passphrase. It is a powerful feature but requires careful management — losing the passphrase means permanent loss of access to those funds, with no recovery option.
Some links on this page are affiliate links. If you purchase through them, I may earn a commission at no additional cost to you. This helps support the site and allows me to continue creating detailed, independent reviews.
Our testing methodology is evolving. Ratings and assessments will be refined as we improve our scoring framework to reflect the most accurate results.
Ready to get Ledger Nano S Plus?
Long-term support • Secure Element • Security audited
