How to transfer your MetaMask to a Ledger Hardware Wallet
Have tokens you can’t move… Want to secure them with a hardware wallet?
You maybe asking yourself… ‘Doesn’t this defeat the whole purpose of using a hardware wallet?’ Well, yes it kind of does. But, there are some specific reasons and instances where doing so makes a lot of sense.
Do a quick search of the internet for “how to import MetaMask wallet to a hardware wallet” and you’ll quickly find dozens of answers, from ‘you can’t do it’, to the all too popular ‘why would you do that?’
There are two primary reasons a person would want to do this… You have items on your wallet that you can not move. Maybe you’ve staked some tokens with a two year lockup period. Or, maybe you have created some StrongBlock nodes that are associated with the wallet address and you need to collect earnings or pay fees using that wallet. Either way, you very well have a good reason to do it.
Once you have moved your seed to a hardware device, please remember that the seed was once stored “HOT” and any assets you place in any of the associated addresses are not to be considered as safe as if you placed them into a “COLD” wallet that has never had the seed exposed to the internet.
It is recommended that you use this hardware device only for the unmovable assets, and use a new seed created with another hardware device for your other assets.
Trezor vs Ledger
‘But I already have a Trezor, I’ll use that to do it!’ Then visit the “How to transfer your MetaMask to a Trezor Hardware Wallet” guide…
Personally, after owning both, I prefer the Trezor T model. It offers a color touchscreen that makes interacting with your wallet much easier than the PITA of the two button models. Also, the Trezor Suite software works much more smoothly than the Ledger Live software, and I found the Ledger didn’t always interact properly with MetaMask…
What is a seed exactly? And a wallet? And how will this protect me?
It is very common for people to misunderstand how wallets/seeds/assets operate, or even where their assets are kept. Let’s explain…
Crypto/blockchain assets, such as tokens and NFT’s, are created/minted and are then included in a block of data in their respective blockchain ledger and associated to a particular address. Once this block is created it never ‘moves.’
What actually changes is the address currently assigned to the asset, or the ‘ownership’ of the assets. In order to reassign ‘ownership’ of an asset, a PRIVATE KEY for the current address is needed. So, if you want to move an asset from wallet “A” to wallet “B, then the PRIVATE KEY belonging to address “A” needs to sign a transaction giving ownership over to address “B”. During this process the assets never moves. The only thing that changes during this is that PRIVATE KEY “A” no longer controls the asset because it is now has reassigned the asset to address “B”, with PRIVATE KEY “B” now in control.
So, what is a seed? Well, a seed is a human recognizable password in essence. This ‘password’ contains a virtually unlimited number of PRIVATE KEYS and PUBLIC KEYS(addresses). This confuses some people as when they setup MetaMask for the first time they only see one address. This is simply MetaMask only showing you one of many thousands of potential addresses. Clicking “Create Account” in MetaMask then reveals one more of these addresses. Within the 12/15/24 word seed are thousands of these KEYS. This is why it is so important to protect your seed. If a scammer gets a hold of these words, they literally have full control of EVERY address contained in the seed.
How does this process protect me? First off, only use these guides if you have assets that can NOT be transferred to a safe hardware account. Staked assets and non-transferable nodes are two examples of this. Second, it protects you going forward but does NOT protect you if the seed words were somehow compromised while they were stored on the PC. Or if anyone gets the seed words going forward. So, only write them on PAPER and store safely.
So, since assets aren’t ‘moved’. And only the keys are held on the device, this also means that your assets will all still be accessible, staked where they might be staked, and across all the different networks you may use(AVAX,POLY,BSC,etc.). About the only thing you need to be sure of is that you will be able to interact with those sites using either the MetaMask interface, Wallet Connect or the Trezor Suite.
Got It? Ok, moving on then…
Let’s do this…
But before we get started…. Keeping your ‘secret phrase’, ‘seed phrase’, or 12–24 codewords actually SECRET is paramount!!! If a scammer gets your “secret seed phrase” there is nothing, not even a hardware wallet, that can save your ass(ets)!!
I can’t stress enough how important it is that you NEVER….EVER….EVER share these with anyone. Scammers will go to all lengths to make you either feel comfortable with sharing it, or often they will make you feel rushed, that if you don’t fix something ‘right now’ you’ll lose everything…. And you very well may lose everything, if you share it… So, just don’t do it…. I don’t care of they say they are from Ledger, Trezor, or MetaMask…. They are NOT
And for goodness sake… Don’t keep it online, have a photo of it, put it in a DropBox, draft email or cloud folder somewhere. No matter how secure you think it is. Write your secret phrase down on the sheet that comes along with your hardware wallet, then put it into a safe or somewhere extremely safe. Then make a second copy, and keep that in a safe deposit box at the bank. Yes, just do it….
Following the below process you will be moving an existing wallet on to your hardware wallet. This process will also remove the existing wallet on your hardware wallet if you have already used it. Keep this in mind and either move those assets to the wallet with your nodes or use a different hardware wallet.
NEW! Ledger Setup Video. Watch it HERE.
(Note: Trezor has updated some pages since this was written/filmed. So the process is essentially the same, but it may looks a little different. Updated guides/vids to come early 2022.)
- Order Ledger
- Install Ledger Live software from the official ledger.com site (make sure its legit) For this guide we’ll be using the Ledger Live Window App.
3. Proceed with setting up your Trezor. Agree to the terms. Select your Ledger device. We will be using a Ledger NanoX for this guide.
4. Since we will be moving an existing ‘secret seed phrase’ to the Ledger select the ‘Restore your recovery phrase on a new device’ option.
4. Ledger will now guide you through the process of setting a security PIN code for your Ledger hardware wallet, and then importing your existing ‘secret seed phrase’ onto your Ledger device…
Hopefully you have your existing MetaMask secret ‘seed’ phrase written down, otherwise you will need to ‘reveal’ your secret seed phrase in MetaMask. Keep in mind that revealing it in MetaMask is potentially exposing it, so I recommend doing so offline and performing an anti-virus scan prior.
5. Once you have completed those steps, you are now ready to setup your Ledger Live account. Click ‘Add Account’ to get started…
6. Select ETH from the pulldown menu options, and then continue.
7. Ledger will then begin pulling in your existing accounts
8. Ledger should be able to find all of the account addresses you have previously used automatically. If not, you may need to use an app like https://disperse.app/ to place a small amount of ETH in each wallet so that it recognizes which ones to pull in.
9. Now you should see each of your ETH wallets within the ‘Accounts’ tab on Ledger Live.
9. Now we are ready to prepare your ‘new’ MetaMask browser app to integrate with your Ledger.
Preparing a Fresh MetaMask
Once you’ve gotten your new hardware wallet set up, and your existing ‘seed’ secret phrase imported, you’re now ready to remove the ‘seed’ secret phrase /private keys from your PC and MetaMask. If you neglect to remove the existing ‘seed’ from MetaMask you will be NO safer than before…
- The first step is to remove your old, existing MetaMask extension. Obviously, first make sure you have your ‘secret phrase’ written down somewhere safe. (Since you already moved this ‘seed’ to your Ledger this should already be done) Go ahead and remove the extension from your browser.
- Close your browser, and reboot your computer. If you neglect to do this when MetaMask is reinstalled your previous seed may be reinstalled.
- Visit MetaMask’s official website and download the MetaMask extension, being careful to ensure you are downloading from the official site!!
- Create a new MetaMask wallet. Do NOT use your existing ‘secret phrase’ (seed) that has your assets on it. You need this to be a different seed than your previous seed phrase!
- Once your new MetaMask is created, with the new ‘dummy’ seed phrase, you need to enable it to work with Ledger Live.
- On MetaMask click the ‘circle’ in the right corner, then select ‘Settings’ and ‘Advanced Settings’. Turn on ‘Use Ledger Live’, and while you are there also make sure to enable ‘Customize transaction nonce’.
7. Next, click the bright colored ‘circle’ again on MetaMask, then choose ‘Connect Hardware Wallet’
7. Select ‘Ledger’ wallet
8. Before you are able to select which ‘accounts’ to use, you need to enable MetaMask to use the proper BIP44 protocol. Once you have done that, select all addresses you wish to use. Five accounts show per page, click next and select accounts until you are finished.
9. Your wallet address should now populate your MetaMask interface. “Account 1” will be the the wallet associated with the ‘dummy’ seed phrase that is stored on your PC with MetaMask. I rename mine ‘DUMMY’. The additional ‘Ledger’ accounts now indicate that their private keys are held safely by the ‘HARDWARE’ icon.
10. Enable ‘Blind Signing’ (Contract Data) in the ETH app on the Ledger
- Connect and unlock your Ledger device.
- Open the Ethereum application.
- Press the right button to navigate to Settings. Then press both buttons to validate.
- In the Blind Signing settings, press both buttons to allow contract data in transactions.
- The device should now display Allowed.
Please note that ‘Blind Signing’ (contract data) will automatically reset to ‘NOT ALLOWED’ every time the Ethereum app or firmware is updated or reinstalled.
Now, when you interact with protocols through MetaMask with your hardware wallets, you will need to confirm any transactions using the controls on your hardware wallet.