- Verify packaging and buy from a trusted source (see /where-to-buy-safely).
- Plug in and follow the on‑screen prompts to set a PIN.
- Write down the 24‑word recovery phrase on paper or a metal plate—never store it digitally.
- Install companion desktop or mobile app and add the device (firmware checks happen during this step).
- Install coin apps you need and test a small incoming transaction.
Step‑by‑step setup guides are available here: /first-time-setup and device-specific setup at /nano-x-setup.
Security architecture and signing model
Both devices use a secure element (SE) to store private keys so keys never leave the chip. Transaction signing happens inside the hardware wallet: the host sends a transaction, the device displays details for you to confirm, and then the device signs (private keys stay isolated). This protects keys from most host compromises.
Are they air‑gapped? Not fully by default. True air‑gapped signing usually requires QR/offline methods or specialized tools. If a fully air‑gapped workflow matters, plan for extra layers (offline PSBTs, separate signing machines). See the security architecture primer: /security-architecture.
Connectivity, battery and daily usage
Nano X: Bluetooth + USB, rechargeable battery. Better for regular mobile use or someone who wants to sign transactions from a phone without carrying cables.
Nano S Plus: USB‑only (no Bluetooth), USB‑powered. Simpler attack surface and straightforward desktop workflow.
And yes, Bluetooth adds convenience. But it also increases the attack surface (pairing and host device security matter). For a deep look at connectivity trade‑offs, see /connectivity-bluetooth-usb and a note on battery charging here: /battery-charging.
Seed phrase, passphrase, and backup options
- Recovery phrase: Both devices use a 24‑word BIP‑39 recovery phrase by default. Write it down and protect it.
- Passphrase (often called the 25th word): Supported on these devices as an optional extra security layer. But be careful: if you forget the passphrase you cannot recover funds (this happens more often than people admit).
But remember, passphrase misuse can make recovery impossible. Consider metal backup plates for physical durability and read our full seed management guide: /seed-phrase-management and /passphrase-25th-word.
Note on Shamir backup (SLIP-39): these wallets do not implement SLIP-39 natively, so if you want Shamir-style distributed recovery you'll need third‑party approaches or multisig.
Multisig and advanced workflows
Multisig improves self‑custody by splitting signing authority across devices or people. Both devices can participate in multisig setups when used with compatible wallet software. Which wallet software supports multisig (for Bitcoin or other chains) matters more than the device itself.
Want a guide? See /multisig-setup and /multisig-setup-compatibility. In my experience, multisig is the right choice for higher balances, family custody, or inheritance planning (see /inheritance-planning).
Supported cryptocurrencies & integrations
Both models support the major chains (Bitcoin, Ethereum and many EVM tokens, Solana, Cardano, etc.). Exact token and app compatibility can vary and changes over time as new blockchains appear. Check the device coin list before committing: /supported-coins and /supported-cryptocurrencies.
Integration with desktop and browser wallets is a big part of daily convenience (MetaMask, Phantom, and others). See wallet integration notes: /wallet-integration and chain-specific guides like /ethereum-and-tokens or /solana-phantom.
Firmware, supply chain & update verification
Firmware updates fix bugs and add support for new coins. Install them through the official companion app and verify update prompts on the device screen. Always confirm firmware signatures; a signed update is the main defense against tampered firmware.
Supply‑chain verification matters: buy new devices from official channels, verify seals and serials, and consult the authenticity checklist: /firmware-updates-verification and /authenticity-supply-chain.
Feature-by-feature comparison table
| Feature |
Nano X |
Nano S Plus |
| Connectivity |
Bluetooth + USB (mobile-friendly) |
USB-only (host-powered) |
| Battery |
Rechargeable internal battery |
No battery; USB-powered |
| Screen |
Larger screen for verification |
Improved screen over earlier S models, smaller than X |
| App storage |
Higher concurrent app capacity (more apps open at once) |
Expanded memory vs original S; fewer concurrent apps than X |
| Secure element |
Yes (secure element) |
Yes (secure element) |
| Recovery phrase |
24-word BIP-39 (default) |
24-word BIP-39 (default) |
| Passphrase |
Supported (25th word) |
Supported (25th word) |
| Multisig |
Compatible with multisig wallets |
Compatible with multisig wallets |
| Mobile use |
Best for regular mobile signing |
Works with mobile via USB OTG; less convenient |
(Feature rows are high‑level; check device pages and the supported coins list for exact app and compatibility details.)
Who each device is for (and who should look elsewhere)
Who the Nano X suits:
- Frequent mobile users who want to sign transactions from a phone without cables.
- People who value the larger screen for address verification.
- Those who accept a wireless pairing trade‑off for convenience.
Who should look elsewhere instead of Nano X:
- People who prefer a strictly wired workflow to minimize wireless attack surface.
- Users who only transact on desktop and do not need mobile pairing.
Who the Nano S Plus suits:
- Desktop‑centric users who want an affordable USB‑only option with larger memory than older models.
- People who want fewer wireless vectors (no Bluetooth).
Who should look elsewhere instead of Nano S Plus:
- People who require frequent mobile signing without cables.
- Users who want the maximum concurrent app capacity for many blockchains active at once.
For more on which device fits specific needs, see /who-is-it-for.
Common mistakes & how to buy safely
- Buying from unofficial sellers (risk of tampering). Read /where-to-buy-safely.
- Photographing or storing your recovery phrase on a phone or cloud backup.
- Clicking transaction links in phishing emails; always confirm addresses on the device screen.
And always check packaging and serial numbers when unboxing. If something feels off, stop and contact official support channels.
FAQ
Q: Can I recover my crypto if the device breaks?
A: Yes—if you have your 24‑word recovery phrase (and passphrase if used). Use the restore flow on a replacement device or compatible wallet. See /restore-recovery and /recover-if-broken.
Q: What happens if the company goes bankrupt?
A: Your crypto is non-custodial; private keys are yours. That means recovery via the recovery phrase still works even if a company shuts down. Store your recovery phrase securely and consider multisig if you want extra redundancy. See /company-bankrupt.
Q: Is Bluetooth safe for a hardware wallet?
A: Bluetooth is convenient, but it adds an attack surface. The device still signs transactions internally, so an attacker must overcome several layers (pairing, device screen confirmation, secure element). If you prioritize minimizing vectors, a USB‑only device removes the wireless link. More details: /connectivity-bluetooth-usb.
Conclusion & next steps
Which to pick depends on how you sign transactions. Do you want mobile freedom with a rechargeable device? Or do you prefer a USB‑only setup with fewer wireless vectors? I believe assessing daily workflow, backup practices, and whether multisig is needed will point you to the right choice.
If you're deciding now, review the detailed setup and firmware update guides linked above and buy only from verified sellers: /how-to-update-firmware-steps and /where-to-buy-safely. For deeper comparisons with other hardware wallets, see /compare-other-hardware.
What I've found: the best device is the one you will use correctly. Small mistakes (exposed recovery phrases, skipped firmware checks) matter more than model differences.
Ready to compare features side‑by‑side? Check the full comparison table and device reviews: /comparison-table and /nano-x-review.
