Ledger Hardware Wallet
The Helium blockchain has support for Ledger hardware wallets. When installed on a Nano S, the Helium ledger app allows you to view your Helium address, check your balance, and submit transactions while using the companion app.
This guide will walk through using Helium on a Ledger Nano S.
Installing the Helium ledger application
- Go to Ledger Live > Settings > Experimental Features > Enable Developer mode.
- Once enabled, go to Manager and search "Helium".
- Note: If you can't find "Helium", you may need to update your Ledger Live software version and/or the Nano S software
- Click Install.
The Helium App has been signed by Ledger and is trusted. It is now installed on your ledger device!
Start the Helium app by selecting it on the Ledger screen. The "Waiting for commands..." prompt should be on the screen.
To interact with the app on Ledger, you will need to use the CLI. Head to Releases in the Github repo and download the most recent release for your operating system.
We'll use macOS for the remainder of this example -
- Download the release for macOS
helium-ledger-app-x.x.x-x86_64-apple-darwin.zipand unzip the file
- Navigate to where you downloaded the release on your computer in terminal
- Make sure your ledger is connected to your computer, then type
./helium-ledger-app balanceto see your new Ledger address and balance. Note: you may use add
--qroption to the command to display your address in the form of QR code.
- On your Helium mobile app, tap
Send HNTand paste your ledger address. Enter any amount to send. This example will send 1.01 HNT.
- You should see a pending transaction in the mobile app.
- Go back to
./helium-ledger-app balance. The balance will update once the transaction has cleared.
- On the CLI, type
./helium-ledger-app pay <address> hnt <amount>to pay in HNT. Press
- On the Ledger, follow the prompts and confirm the transaction.
- The CLI should show a confirmation of the transaction.
Can't download the zip file because it is untrusted.
- In the downloads bar of your browser, click the caret and select
Running commands in terminal does not work. MacOS users may need to update their security permissions.
- Go to System Preferences > Security & Privacy
- Allow App downloaded from App Store and Identified Developers
- You may need to click the lock icon and give the CLI permissions
- Run the command in CLI again
Failed opening hid device
If you see this error
error: hid error: Failed opening hid device, close
Ledger Live software and run a command again in the CLI.
Unable to access memory outside buffer bounds
If on Ledger Live you see this error, unplug the ledger from your computer and plug it in again.
The attack surface for using the Helium wallet app on a Ledger Nano S comprises the Helium app itself, the system firmware running on the Nano S, the computer that the Nano S is connected to, and posession/control of the device. For our purposes, the app only needs to ensure its own correctness and protect the user from the computer that the Nano S is connected to. Other attack surfaces are beyond our control; we assume that the user physically controls the device, is not running malicious/buggy software on the device, and follows proper security protocols. The goal of the Helium app is to achieve perfect security given these assumptions.
The main attack vector that we are concerned with, then, is a computer running
malicious sofware. This software may imitate programs like
in such a way that the user cannot tell the difference, but secretly act
maliciously. Specifically, the computer can do the following:
Lie to the user about which actions it is performing.
Example: the user runs
./helium-ledger-app balanceto display their public key to so that they may receive payment; yet a hard-coded address is displayed
Lie to the user about who the recipient is.
Example: the user runs
./helium-ledger-app pay IntendedAddress amount, yet the program again uses a hard-coded address
To combat these attacks, the app makes use of the embedded display on the Nano S. Data sent to/from the Nano S is displayed on the screen so the user can verify that the computer is not lying about what it sent or received. In the interest of user-friendliness, we would like to display as little information as much as possible, but each omission brings with it the risk of introducing a vulnerability. Therefore, the app displays all data by default, and omits data only after subjecting the omission to extreme scrutiny.