Hardware wallet Ledger helps competitor Trezor resolve security vulnerability
Hardware wallet provider Trezor has patched up a security flaw in two of its latest models after competitor firm Ledger’s open-source research arm discovered a vulnerability in their microcontrollers. Ledger Donjon ackno...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Hardware wallet provider Trezor has patched up a security flaw in two of its latest models after competitor firm Ledger’s open-source research arm discovered a vulnerability in their microcontrollers.
Ledger Donjon acknowledged Trezor has made several security advancements of late but found cryptographic operations could still be performed on the microcontroller of Trezor’s Safe 3 and 5 models, which could make them “vulnerable to more advanced attacks.”
Fortunately, Trezor has since addressed the vulnerabilities found, Ledger’s chief technology officer Charles Guillemet said in a March 12 X post.
“We believe that making the ecosystem more secure helps everyone, and is critical as we push towards broader adoption of crypto and digital assets,” Guillemet added.
Source: Charles Guillemet
Trezor had already implemented “Secure Elements” — chips designed to protect the user's PIN code and cryptographic secrets — as some of Trezor’s devices could be tampered with by modifying the software running on it, potentially allowing threat actors to steal user funds.
The Secure Elements feature “effectively thwarts any inexpensive hardware attack, in particular voltage glitching,” Ledger said in a March 12 post.
“[This] gives users confidence that their funds are safe even if their device gets misplaced or stolen.”However, Ledger found another potential attack vector stemmed from the microcontroller, the other main part of Trezor’s two-chip design for its Safe 3 and 5 models.
Trezor implemented a firmware integrity check to detect modified software, but Ledger was able to demonstrate that an attacker could still bypass this security check.
This issue has since been resolved by Trezor — though neither Ledger nor Trezor have explained how. Cointelegraph reached out to Trezor but didn’t receive an immediate response.
Trezor’s microcontroller in the Trezor Safe 3 model. Source: Ledger
Trezor confirmed on X that user funds remain safe and that no action is required.
Related: ‘Dark Skippy’ method can steal Bitcoin hardware wallet keys
However, when asked whether Trezor was able to patch this issue via firmware, the hardware wallet provider responded: “Unfortunately not.”
“In cybersecurity, the golden rule is simple: nothing is fully unbreakable. That’s why we have already implemented a multi-layer defense against supply chain attacks and always advise our users to purchase from official sources.”Ledger isn’t immune to security vulnerabilities either.
In December 2023, a hacker committed a security breach into Ledger’s connector library and stole $484,000 worth of crypto assets.
Another threat actor who breached Ledger’s systems published the mailing addresses of around 270,000 Ledger customers in June 2020.
Magazine: Crypto fans are obsessed with longevity and biohacking: Here’s why
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on CointelegraphRelated market context
Across Protocol confirms Solana bridge attack, says user funds are safe
Across Protocol confirmed an attack on its Solana bridge deployment, disabling deposits while assuring users their funds remain sa...
SEC Crypto Framework Could Finally Put DeFi Safe Harbors On The Table
The SEC’s proposed Regulation Crypto framework is moving into focus because it touches one of the hardest questions in digital-ass...
BitPay Secures EU-Wide MiCA License, Unlocking Regulated Crypto Payments Across 27 Nations
Key Takeaways: BitPay has received a MiCA license from the Dutch AFM. The decision will allow regulated crypto services throughout...
BTCC Exchange Q2 2026 Growth Report: TradFi Volumes Triple, 12M Users Reached as Exchange Marks 15 Years
George Town, Cayman Islands, July 17th, 2026, Chainwire BTCC, the world’s longest-serving cryptocurrency exchange, today released...
Tether’s USDT Is Adding Over 30 Million Wallets Every Quarter, CEO Paolo Ardoino Says
Tether CEO Paolo Ardoino says USDT’s user base is growing by more than 30 million wallets per quarter, extending the stablecoin’s...
Dutch crypto exchange collapses exposing customer balances’ true value amid multi-million-euro hole
Dutch crypto exchange Knaken's operating company and its affiliated payments foundation entered court-controlled bankruptcy on Jul...