Intro: "Already activated, saves hassle," "gift from a friend, never opened," "comes with an account, more convenient" — these are common claims when selling second-hand or unknown-source Ledger devices. Behind them lurk real risks of tampering, implant, or key exposure. Here's a run-down of the misleading claims and acceptance principles.
Background
A second-hand device may have had its secure-element swapped, malicious firmware flashed, or a recording device planted in packaging. It may also have had a recovery phrase generated already, with the seller retaining a copy. Once used, asset safety depends on a stranger's "goodwill."
Some sellers provide a "demo account" or "preinstalled apps" to skip initialisation — really skipping the necessary key-generation step.
Common misleading claims
1) "Already activated, more convenient": claims the device is initialised — meaning the recovery phrase may already have been recorded.
2) "Out of stock at official, only this batch": uses scarcity to push closing. Authenticity and warranty are sidelined; seals may be re-applied.
3) "Let me help import your account": offers "demo" or remote assistance to import — capturing keys in the process.
4) "Opened but unused": you can't verify whether it was powered on or seeded. A broken seal is itself a tampering risk.
5) "Accessories included, better deal": accessories can be tampered cables or implant devices, increasing side-channel risk.
Common Q&A
Q: Does resetting clear all risk?
A: No. If hardware is tampered or malicious firmware remains, reset won't clear it.
Q: Is an intact seal proof of authenticity?
A: Seals can be forged or re-applied. Must combine with channel and serial-number verification.
Q: Is a seller's video of "not used" reliable?
A: Video can be edited — can't prove no seed was generated.
Q: Is a big discount worth the risk?
A: Potential asset loss far exceeds the price gap — prioritise security.
Principles
1) Buy only from official or authorised channels. Confirm intact seal and verifiable serial number. Decline "activated / comes with account" devices.
2) Initialise in a trusted environment yourself. Keep the recovery phrase on paper only, offline. Decline any remote assistance or preloaded account.
3) If you suspect a device's origin or the seal looks off, stop using it, contact official support for verification, and retain purchase and unboxing evidence.
Safety reminder: We will never ask for your recovery phrase, PIN, verification codes, or private keys. Anyone requesting them is attempting fraud — do not share and do not proceed.
