10 Years of Ledger: Secure Self-Custody for All

Since 2014, Ledger has been safeguarding digital value, offering top-tier security to blockchain users with industry-defining hardware wallets. A lot has happened in crypto since then, and growing web3 adoption and advancement have also brought a string of cybersecurity threats.  

As of 2024, Ledger has sold over 7 million hardware wallets – none of which have ever been hacked. This is a testament not only to the high level of security that Ledger devices offer but also to the entire Ledger ecosystem built to secure your digital assets and help you manage them.

Owing to this, Ledger secures 20% of the world’s total crypto value today.

So, what makes Ledger special? What is the Ledger ecosystem all about, and why is Ledger different from any other device protecting your digital assets? Let’s take a deep dive under the hood to understand how Ledger devices are ahead of the curve when securing digital wealth.

Ledger: Safeguarding Humanity’s Access to Digital Wealth 

In 2014, Ledger set out with a simple yet powerful mission: to give individuals the tools they needed to take full control of their digital wealth, free from compromise. 

The Ledger Nano S, launched in 2016, is now the best-selling hardware wallet of all time. Since then, Ledger has released several devices, including the award-winning Ledger Nano X in 2019, Ledger Stax, the world’s first secure touchscreen, and Ledger Flex in 2024, representing Ledger’s new standard for hardware security.

Ledger provides uncompromising security for the digital ecosystem that goes much further than its devices. From establishing The Ledger Donjon (its internal testing lab) and launching Ledger Live (an asset management interface offering a secure gateway to blockchain apps and services) in 2018 to launching Clear Signing in 2022 (and the Clear Signing Initiative in 2024), and launching Ledger Recover (a paid optional service that allows you to recover your wallet access) in 2023.

Through the years, Ledger has upheld self-custody by giving users a more secure crypto experience. 

But before we move on to what makes Ledger devices so successful, let’s understand what self-custody even means and its importance in crypto. 

Not Your Keys, Not Your Coins

Ledger is serious about self-custody. But let’s explore why:

Contrary to popular belief, your crypto wallet doesn’t ‘store’ any crypto. Your crypto assets are stored on the blockchain and your crypto wallet simply allows you to manage those assets through an interface. 

Crypto wallets do this by securely storing your private keys, which grant you control over the funds associated with your blockchain address. 

Self-custody means you and you alone hold and manage your private keys, giving you full control over your digital assets. It eliminates the need for third-party custodians, making you solely responsible for the security of your assets. 

On the other hand, you have custodial wallets, often offered by centralized exchanges. These types of wallets don’t allow you to manage your own private keys. Instead, they work much like any Web2 account: allowing you to manage your account using a username and password on their platform. 

Custodial wallet issuers have the power over all accounts on their platforms. They have the control to freeze your accounts or access and mishandle your funds. Let’s say the CEO goes rogue and decides to steal your funds, or perhaps the whole exchange collapses, as we’ve seen multiple times throughout history; in either of these situations, your funds would be at risk. 

That’s why Ledger believes in self-custody: to put it simply,  if not self-custody, then why crypto?

Not All Wallets Are Built The Same

Non-custodial wallets are crypto wallets that give you ownership over your digital assets—only you can manage your private keys. However, not all non-custodial wallets offer you the same kind of security. 

Software wallets are non-custodial, offering you true ownership of your assets. However, they are vulnerable to online threats. Put simply, using your phone or laptop to store private keys is like leaving a bank vault in the middle of a shopping mall. This is because software wallets store your private keys insecurely and are always connected to the internet. This leaves them vulnerable to malware and spyware aiming to read or extract your private keys or seed phrases.

Hardware wallets are non-custodial wallets that come in many different types, but how would you know if they are truly secure? Some hardware wallets do not even have screens, which means you need to rely on the screens of your laptop, tablet, or mobile device. This places you at considerable risk because these screens are built for performance and not security and can be tampered with by bad actors. 

What about hardware wallets with screens? 

Most hardware wallets drive their screens with an MCU chip, which is not as secure as the Secure Element chip used in all Ledger devices. Hackers can relatively easily and affordably replace the firmware on an MCU chip. If they manage to access the MCU that controls your wallet’s screen, they could bypass the need to access your private keys directly.

This is where Ledger’s security model separates itself from the norm. 

Why Is Ledger So Secure?

Ledger hardware wallets offer secure self-custody, and its security model is the reason Ledger has remained at the forefront of crypto security.

Ledger’s Security Model

The foundation of Ledger’s security model relies on five key elements: the Secure Element chip, the Secure OS, Secure Screens, a PIN code, and rigorous battle-testing from the Ledger Donjon. 

Let’s understand how each of these elements works.

Secure Element

A Secure Element chip is a tamper-proof chip designed to store sensitive information, like private keys. Unlike general-purpose microcontroller units (MCUs) found in many other hardware wallets, the Secure Element chip is built to withstand both physical and remote attacks. 

This is the same technology as your bank card or passport. These EAL5+/EAL6+ certified chips are resistant to common physical hacking maneuvers such as power-glitching or side-channel attacks. 

Ledger was the first hardware wallet to implement a secure chip, which is part of the reason a Ledger device has never been hacked! But Ledger’s security model doesn’t just rely on the Secure Element. 

Secure Ledger OS

Ledger’s secure operating system is another important layer of defense. The Secure Ledger OS keeps different applications isolated from one another and ensures the information on the Secure Element is encrypted. This separation ensures that even if you are using multiple blockchain networks or interacting with various dApps, services, or apps, each one operates in its own secure environment.

Why is this important? In the complex world of web3, where users frequently manage assets across multiple chains (such as Bitcoin, Ethereum, and others), isolating applications prevents any potential vulnerabilities in one app from compromising the security of another.

The Secure OS also ensures that all interactions with the Secure Element (which holds your private keys) are fully encrypted, providing an additional layer of protection. This means seamless multichain support with Ledger. Whether you’re staking tokens, swapping assets, or managing NFTs across different blockchains, you can trust that your private keys and transaction data remain protected, even in the most complex operations. 

Secure Screen

Did you know that the screens of your everyday devices like your phone and computer are a potential point of attack for hackers? Without a secure screen, there is no way to know whether you’re signing a malicious transaction or not. 

Ledger’s Secure Screens are driven directly by the Secure Element chip, meaning you can trust the details they show. Since the screen is tamper-proof, you’re protected from both physical and remote hacking vectors like address poisoning, address switching, and clickjacking malware.

In 2024, Ledger broke new ground in the industry with the world’s first and only secure E-ink touchscreen devices – Ledger Stax and Ledger Flex. These new devices take secure screens and give them a fresh spin for the next generation of crypto. 

PIN Code

Upon setup, every Ledger device prompts users to create a 4-to-8-digit PIN code to unlock the device. 

This PIN code is the first line of defense, protecting your digital assets from anyone who gains physical access to your device. Without your PIN, you cannot unlock the device, sign transactions, or even update its firmware. 

After three incorrect attempts, the device resets, protecting your crypto assets even if the device is lost or stolen, or if you forget your PIN. In the latter case, you simply need to enter your secret recovery phrase to unlock the device and set a new PIN. 

Ledger Donjon

Ledger’s commitment to security doesn’t stop at its hardware and software. 

The Ledger Donjon is its in-house security research lab, staffed by white-hat hackers who continually attempt to exploit Ledger devices to uncover any vulnerabilities. This constant “stress-testing” ensures that Ledger devices evolve in response to new attack vectors. 

With every update, Ledger incorporates the Donjon’s findings, keeping the hardware and software one step ahead against emerging threats in real-time. 

Ledger Stax & Ledger Flex: Crypto Security Made Easy

With the launch of the Ledger Stax and Ledger Flex, Ledger brings in new layers of immersion with first-in-industry E-ink secure touchscreen devices, while maintaining its world-class security model. 

A touchscreen is an everyday interface, and with the larger displays and enhanced user interface providing an easy-to-navigate user experience, Ledger Stax and Ledger Flex simplify transaction verification and give you the confidence to surf crypto stress-free. 

This results in reduced errors and a device that’s familiar to use, especially for those new to self-custody. Ledger Stax and Ledger Flex are devices built to welcome the next wave of crypto adoption, keeping all the best functionality that Ledger has pioneered over the years while offering the best secure ecosystem around it.

Ledger Stax

Designed by Tony Fadell, the Godfather of the iPod, Ledger Stax embodies multiple industry firsts: the first organic TFT screen built at under 100 degrees Celsius, the first secure touchscreen driven by a Secure Element chip, and the first curved E Ink® touchscreen ever mass-produced. 

It is Ledger’s flagship crypto hardware wallet that grants an experience unlike any other. 

At $399,  the Ledger Stax sports a stylish, future-is-now aesthetic that offers a premium crypto experience. It supports Bluetooth, NFC, and USB-C for versatile connectivity and also offers wireless Qi charging. With a battery life lasting several weeks, a customizable lock screen, and a display that remains visible even when on standby, Ledger Stax delivers a whole new experience of personalization and crypto security. 

Ledger Stax allows you to display your favorite image or NFT on your lock screen, and also label the spine for easy identification. This customization goes further for those who own multiple devices. The Ledger Stax has built-in magnets that allow you to stack two or more devices with each other for easy identification, making each Ledger Stax you own uniquely yours!

Unlock the future of crypto security and style – buy a Ledger Stax. Because your digital assets deserve the ultimate premium experience.

Ledger Flex

Ledger Flex is a new standard for hardware wallets. It is designed for everyone, offering easy-to-use, accessible crypto security with its intuitive touchscreen and personalized interface. It features a flat 2.8” E Ink® touchscreen that, like Ledger Stax, allows users to customize their lock screens with images or NFTs. This screen is encased in a sturdy aluminum frame, providing a premium feel while ensuring your device is protected from everyday wear and tear. The combination of the aluminum frame and scratch-resistant glass not only enhances its resilience but also gives the Ledger Flex a modern, polished aesthetic. 

At $249, it’s the perfect entry point for users seeking powerful protection without sacrificing simplicity or convenience. 

With Bluetooth, USB-C, and NFC connectivity, Ledger Flex allows users a seamless crypto experience coupled with next-gen security at an attractive price. Moreover, Ledger Flex also comes with built-in magnets that allow users to attach screen protectors and other accessories to take their hardware customization to the next level. 

Never compromise on seamless security, get Ledger’s new standard of hardware devices at an attractive price  – buy a Ledger Flex today!

Ledger Flex and Ledger Stax take security beyond just your assets. Ledger’s Security Key app on both devices offers passkey capabilities to its next-gen devices. This app secures your accounts by eliminating vulnerabilities and ensuring your digital identity and assets are protected.

Why Ledger’s Secure Touchscreens Matter

In an increasingly digital world, phones and laptop screens cannot be trusted with sensitive or confidential information. The launch of Ledger Stax and Ledger Flex makes these devices the first and only devices in the world that drive their E ink touchscreens with Secure Element chips. 

This sets them a class apart from the competition. 

This larger display delivers a better user experience, safer transaction verification, and an intuitive interface, making it easier to review and sign transactions directly from the screen. With a more than familiar interface like a touchscreen, people can now easily navigate through all of their transactions and web3 activities directly through their Ledger device screens, without relying on insecure screens built for performance and not security.

With E-Ink® technology, users enjoy optimized readability, the ability to display their favorite NFTs even when the device is off, and multi-device connectivity to smartphones or computers. Plus, with a battery that lasts weeks on a single charge, Ledger’s secure touchscreens combine convenience, security, and innovation in one sleek package.

This aesthetic leap is not just a hardware-focused evolution of crypto wallets, it is the safest and most premium crypto experience available in the world today. 

And this overall experience is further enhanced by Ledger Live.

Ledger Live

Ledger Live is the essential companion app that elevates the experience of Ledger’s hardware wallets. It allows users to buy, sell, stake, and swap crypto assets, and so much more, from within the security of their Ledger devices. 

Buy & Sell Crypto

Ledger Live makes it so that even a newcomer to web3 can easily buy and sell crypto directly in the app through integrated buy providers like MoonPay, Coinify, and Transak. You can use your credit card to purchase a whole range of cryptocurrencies, all while keeping everything secure with your Ledger device. 

It also offers aggregator options like ParaSwap and 1inch, which compare multiple decentralized exchanges to provide the best rates for swapping tokens. For buying crypto, Coinify aggregates prices from different providers to ensure competitive deals. 

Staking & Interest

Ledger Live supports staking for various blockchains, allowing you to earn passive income by locking up assets like ETH, DOT, and SOL, among others. You can easily stake through integrated platforms like Lido, which provides liquid staking for Ethereum, or Kiln, where you can stake your assets to earn rewards for supporting blockchain networks.

NFT Management

Through Ledger Live, you have a full overview of your NFT collection, with detailed information such as properties, attributes, and transaction history. Integrated apps allow you to manage your NFTs with enhanced security, and on different blockchains – there is a Live app for every occasion! 

With such an expansive experience comes the highest responsibility to protect the millions of users that interact with the Ledger Live ecosystem. Let’s explore how Ledger Live handles security. 

Security On Ledger Live

You may be wondering – since Ledger Live is hosted on a screen that connects to the internet, what if hackers try to manipulate the information you are reading? How will you know if your transaction is secure?

Ledger Live is the intermediary interface between your hardware wallet and a device that connects to the internet (such as your phone or laptop) and is responsible solely for broadcasting signed transactions to the blockchain. All transactions are signed within the Secure Element chip inside Ledger devices in a completely offline, fortified environment. Only the signed transaction details are broadcast back to the blockchain to complete the transaction. 

If you notice a mismatch between the blockchain address on your internet-connected device and the secure screen on your Ledger device—you know that your internet-connected device is compromised with malware. You can always trust your Ledger device’s secure screen to show you the exact transaction details.

Moreover, Ledger’s clear signing initiative makes its Clear Signing plugin a pre-requisite for dApps, apps, and providers that integrate with Ledger Live. Every app built for Ledger Live implements this plugin and also undergoes an audit. 

This makes it so every transaction on the various apps within the Ledger Live ecosystem is human-readable. It’s important to note that this feature is exclusive to the Ledger Live version of each of your web3 apps, meaning that if you use your Ledger hardware wallet to connect to smart contracts/apps outside of Ledger Live, you would then be blind-signing transactions.

Explore dApps & Web3 Services

Ledger Live gives you access to a growing library of decentralized applications (dApps) and web3 services, from DeFi platforms and NFT marketplaces to messaging apps and blockchain games. These integrations allow users to interact with a variety of web3 ecosystems securely, with Ledger ensuring that your private keys never leave the safety of your device.

Ledger Live makes decentralized communication easy with apps like WalletChat and Inbox by Dispatch. These apps allow users to securely send messages between wallets and offer encrypted, wallet-based communication without relying on centralized messaging platforms.

Ledger Live is a secure gateway that allows you to explore a growing catalog of dApps and web3 services—including DeFi platforms, NFT marketplaces, messaging apps, and even blockchain games. 

Ledger’s commitment to total security does not stop there. It is tackling the blind signing issue at its core to make clear signing adoption a must across the industry. 

Ledger’s Clear Signing Initiative: A New Era of Transaction Security 

Ledger devices protect your private keys and allow you to experience the value in web3 with the peace of mind that your digital assets are always protected against physical or online threats. The only thing Ledger cannot protect you from is user error. However, it can optimize the user experience and interface to mitigate the risks of such instances. First, let’s understand one such mistake, ‘blind signing’.

Blind Signing refers to signing a transaction you don’t understand and cannot interpret in a human-readable format. 

The blockchain space has grown from simple transactions to a complex mix of functions like token approvals, NFT management, DeFi, smart contracts, and much more. Crypto transactions usually pop up on-screen as a string of numbers and letters (a hash) that can’t be interpreted easily. 

Scammers exploit this complexity by misleading users or compromising device screens to have them sign malicious transactions they don’t fully understand, draining their funds in seconds. Relying on everyday screens makes you prone to such attacks. It’s like handing out blank checks with your signature on them.

In July 2024, WazirX experienced a $230 million hack where attackers exploited blind signing vulnerabilities from WazirX’s multisig wallet signers via hardware wallets that didn’t display full transaction details for ERC20 tokens. Blind signing has led to many such significant losses in the crypto community, as users unknowingly authorize transactions that give scammers access to their assets. 

Ledger’s Clear Signing initiative is a collaborative effort designed to bring transparency to crypto transactions across third-party platforms and services. By translating smart contract data into human-readable language, this initiative ensures that users can confidently verify transaction details before signing, whether they’re interacting with Ledger Live or external platforms. This guarantees that “what you see is what you sign”, empowering users to never trust blindly but always verify directly on their device’s secure screen in a clear, understandable format.

Clear Signing on Ledger makes sure that you can see the intent of each transaction, with the information of the transaction itself presented to you in a human-readable format, directly on your secure Ledger device. This makes complex crypto transactions understandable and transparent, giving you the confidence to make informed decisions.

Ledger Sync

In web2, accounts are typically synchronized using an email ID and a password, with companies managing your account information within centralized databases. This is then stored, updated, and used as companies deem fit. You can easily see how this information-sharing is a significant threat to your privacy as your data is shared across various apps and online interactions. 

Ledger Sync revolutionizes this process by eliminating centralized control, ensuring that access to your Ledger Live information remains entirely under your control. Not even Ledger itself can access your private data.

Ledger Sync offers a simple and secure solution to synchronize instances of Ledger Live and back up encrypted information across multiple devices. As the world’s first private encrypted information backup solution, it operates without the need for an email ID or password. 

Instead, Ledger Sync uses the Ledger Key Ring Protocol to generate encryption keys directly from your Ledger device. These keys encrypt your Ledger Live data, allowing it to be securely transmitted over public channels. Only you, the owner of your Ledger device, can decrypt this information.

Once activated, Ledger Sync automatically updates your Ledger Live apps on both desktop and mobile every 10 seconds, eliminating the need for manual updates. Any changes to your accounts are instantly reflected across all your devices, ensuring consistency and saving you time. 

Setting up a new device is easy, as your Ledger Live info can be restored quickly without re-entering account details manually every time. 

Ledger Sync not only enhances convenience but also strengthens your data privacy, making it an essential tool for effortlessly managing your crypto assets across multiple platforms.

Ledger Recover

Today, we have 400 million global crypto users and growing, but only 30 million of whom practice self-custody, and of those, a mere 10 million do so securely. One of the biggest concerns for anyone practicing self-custody is losing their secret recovery phrase. It’s the key to your entire digital portfolio – lose it, and you lose everything. 

Many people don’t fully trust themselves to manage their own private keys securely, which is why they stick to custodial services instead of moving to self-custody. Solving this requires providing easier, safer options to reduce the fear and complexity of managing private keys on their own

For those who worry about managing their recovery phrase on their own, Ledger Recover is an optional, paid subscription service designed for users who want to back up their wallet access securely. It provides a safety net to help ease that fear and encourage more users to confidently embrace self-custody. 

Here’s how it works.

Ledger Recover encrypts your seed phrase into a secure translation called an ‘entropy’. The encrypted entropy is split into fragments and sent to independent Backup Providers through secure channels, never exposing your seed phrase. Each Backup Provider stores only one fragment using tamper-resistant hardware, ensuring your seed phrase stays protected even if a provider is breached.

So, how exactly do you recover your access? 

When you initiate a recovery, you provide your ID and a selfie to Onfido, Ledger’s trusted verification partner, which links your verified identity to encrypted seed phrase fragments without exposing your private information. Unlike traditional KYC which can ask for many more forms of identification, Ledger Recover verifies your identity with just an ID and a selfie.

After verification, two encrypted fragments are securely sent to your Ledger device. The Secure Element chip on your Ledger device then decrypts and reassembles your seed phrase, allowing you to access your account safely, even if your original device is lost.

Ledger Recover gives you peace of mind and the power to regain access to your accounts—wherever you are, with just your identification. With Ledger Recover, your identity becomes the key to your crypto. This service is a quantum leap in crypto innovation that makes self-custody more accessible, reducing the anxiety of losing access to your assets. 

Unlike traditional backup methods, it ensures your private keys remain entirely in your control, meaning your self-custody is never affected. This way, you can regain access to your wallet securely if needed, all while maintaining full ownership of your assets.

As part of Ledger’s vision, this tool aims to onboard a new generation of crypto users by providing an easier, more secure way to embrace self-custody, rather than relying on centralized or insecure solutions.

Open Source vs Closed Source

Ledger uses Secure Element chips to provide an additional layer of hardware-based security, ensuring protection against physical attacks and tampering. These chips, found in every Ledger device, are designed to safeguard private keys and sensitive data by implementing multiple countermeasures against side-channel and fault attacks. Due to the proprietary nature of these chips, parts of the Secure Element’s software remain closed source to protect the intellectual property tied to their functionality.

Despite this, Ledger is committed to transparency. Most of its ecosystem – including Ledger Live, the Wallet API, and several components of the Ledger OS – is open-source, allowing the community to review, verify, and improve its security. While some parts remain closed, Ledger balances transparency and security by ensuring the closed-source components are still subject to rigorous third-party audits, guaranteeing they align with Ledger’s high security standards.

Ledger Security Key

In a world where AI deep fakes and content abundance blur the lines of reality, establishing provenance and trust is essential. Proving your digital identity will become a primary checkpoint to safeguard your digital value in the near future. Crypto is all about scarcity and verification – two pillars that become even more vital as AI rapidly expands. 

How secure is your digital identity when everything around you can be artificially generated and digitally manipulated?

To address this, Ledger devices can now use the newly launched Security Key app to use their devices to directly log in to websites that support passkeys, two-factor authentication (2FA), and multi-factor authentication (MFA). This app is currently supported across Ledger devices from the Ledger Nano S to the Ledger Stax. 

This means your Ledger device is much more than just a hardware wallet that protects your crypto. It is now also a guardian of your digital identity, protecting your digital life beyond crypto.

Ledger’s next-gen devices take this a step further, with an inbuilt NFC chip that serves a dual purpose: enhancing connectivity and unlocking new wireless experiences. 

Combined with the Ledger Security Key app, NFC will allow Ledger devices seamless passkey authentication with your cell phone. The NFC chips do not affect your private keys, because just like Bluetooth and USB connectivity, only public data gets transferred. Moreover, if your Ledger device is locked or switched off, NFC capabilities are automatically powered off. 

Ledger devices ensure that even with all these connectivity enhancements, no action is prompted without your permission, keeping you entirely safe while managing your digital assets.

Ledger: Self-Custody Meets Superior Security

In this new era of digital wealth, true freedom comes from owning your financial future. Ledger unites self-custody with unmatched security, enabling you to control your crypto assets without compromise.

Backed by Ledger’s time-tested security model, your assets are shielded from all kinds of threats—regardless of which device you choose. Ledger’s latest devices, Ledger Stax and Ledger Flex, redefine hardware wallets by blending top-tier security with easy navigation and a seamless interface that’s easy to use, with a design aesthetic fit for the next decade of crypto users. 

Why trust your financial future to centralized entities when you have the option of complete control? Embrace self-custody with the superior security that only Ledger provides.

Because crypto is about freedom, and freedom starts with self-custody.