We see this question constantly: "I found a Ledger Nano X on Amazon (or eBay) for 30% off. Is it safe to buy?"
Our strong recommendation: Always buy directly from the manufacturer's official website.
The Supply Chain Threat When you buy from third-party resellers, Amazon warehouses, or local classifieds, you introduce a middleman who has physical access to the device before you do.
A sophisticated attacker can execute a "Supply Chain Attack." They carefully open the wallet, tamper with the internal hardware (adding a microscopic Bluetooth transmitter or altering the random number generator), seal it in shrink wrap, and sell it as "new."
When you set it up, the device might generate a pre-determined seed phrase that the hacker already knows. As soon as you deposit funds, they drain the wallet remotely.
Manufacturer Safeguards If you must buy from a reseller (like an official authorized dealer to save on shipping to Canada), rely on the device's built-in attestation: 1. When a Ledger or Trezor boots up and connects to the official software, it performs a cryptographic "handshake" to verify the hardware hasn't been modified. 2. Check for physical tamper-evident holographic seals on the packaging.
However, seals can be faked. For absolute peace of mind regarding devices holding significant wealth, the extra $20 in shipping from Europe is the best insurance policy you can buy.