Review and sign transactions from a single secure screen with Ledger Flex™

Discover now

Misc. | 03/18/2021

Ledger Wallets: What kind of attacks can they sustain?

Donjon

In the world of Ledger the first thing you’ll hear about our products is the obsession for security. The philosophy and promise of the Ledger brand are centred around offering its users the most secure and privacy focused products on the market. It’s not just soothsaying to make it look good in the eyes of our audience, our claims are backed up by the people tirelessly working to make Ledger safer and better everyday – the Ledger Donjon security labs, the white hat hackers that are keeping your crypto safe.

The things that go lurking in the crypto-dark

Even though the world of blockchain and cryptocurrency is by definition a security & privacy upgrade to the old protocols of centralized systems, it is not without fault. Since cryptos are high-valued assets that can be easily and anonymously transported across blockchains, many unethical hackers have reoriented their efforts to busting open crypto wallets.

One of the most important things that any crypto-head should get when it comes to security breaches, is to understand the methods that these unethical hackers use.

#1. Fault Attack

A fault attack is a more “physical” form of attack, where a malicious entity will target the circuitry of a device in order to gain access to information or bypass certain processes.

The attacks come in the form of overheating, overclocking, voltage glitching or creating different types of electromagnetic fields in order to bypass security tests, PINs or gather other sensitive information.

2. Side Channel Attack

This type of attack is also a physical form of attack but it’s much more devious. It will target the hardware vulnerabilities that are created by certain components that makeup the device.

Let’s assume that one of the chips that is used inside has been downgraded to a weaker alternative to save on production costs. Without the added layer of hardware security of the premium chip, a hacker can measure the power consumption of the device to determine the kind of information that it is transmitting.

3. Software attacks

These attacks are the most “common” ones since they can occur significantly easier across a wider spectrum of faults that can be exploited by the hackers. To exploit these potential gateways, hackers would look for abnormal behaviors in the systems and tinker around with them to create ways of getting their hands on sensitive information or forcing the system to behave in an erratic way.

All of the above can ultimately lead to your sensitive information being exposed, landing your private keys into the hands of these no-good doers which can ultimately translate into you losing your crypto assets.

The Ledger solution

In the Ledger world, our Donjon security labs constantly carry out security tests to mitigate these threats, upgrading software and hardware protocols to guard Ledger users against these malicious baddies. You can check out more about how Ledger Donjon labs work for the betterment of Ledger products here.

The Secure Element

You might now be wondering what is the secret ingredient in the Ledger security mix?

It’s nothing short of secure, that’s for sure, since its name also spells it. The Secure Element in the Ledger hardware wallets is a secure chip that provides an added layer of security compared to a standard one.

It’s the same technology you would find in credit cards, passports and SIM cards, which protects highly sensitive information from being accessed by malicious parties. Without this secure chip, hackers can easily penetrate devices and access the highly sensitive information which would give them full control over the device and the data within.

So how does this secure chip work with your Ledger hardware wallet?

Besides having a secure chip, the Ledger wallet is the only one in the world that works in tandem with a custom operating system called BOLOS. The unique combination between the secure chip and the BOLOS make the Ledger hardware wallets a state of the art security beacon in the world of crypto wallets.

With the help of the BOLOS operating system, the wallet is capable of isolating applications individually from each other, safeguarding against malicious attacks, be they software, fault or side-channels attacks.

Security certified

It’s not enough for us to say that Ledger products are good and secure. One should always rely on 3rd-party, independent certifications to prove that they can walk the talk, as they say.

We at Ledger firmly believe that it’s our responsibility to make sure that the products we put out are 100% attack-proof. This is the reason why our Secure Element chips have undergone a Common Criteria security evaluation.

This Common Criteria security evaluation is an international standard for banking cards and state requirements. After undergoing the evaluation, Ledger products have been rated at an EAL5+ level. This basically says that by reaching EAL5+, Ledger hardware wallets are at the pinnacle of security – the highest level of security against all penetration tests.

That is why today, the Ledger Nano X and the Ledger Nanos S are the only hardware wallets on the market to come with an independent certification, standing as proof that our core value of “security over everything else” is grounded in tangible proof.

The White Donjon Knights

It’s worth mentioning that most of the efforts that Ledger puts into making sure its devices are state-of-the-art secure, are carried out by our “knights in shining armor” at the Ledger Donjon internal security labs.

Staying on top of security is not easy and it’s certainly not something you can forego for a long-time. That’s why we wanted to make sure that Ledger products are being constantly tested and upgraded in terms of the security. This is what our team of white-hat, ethical hackers at the Donjon labs are doing day by day.

Ranging from fault-attack tests, to side-channel & software attacks, the Donjon team constantly tries out new attack angles to see how Ledger products would fare against any malicious penetration attempts. By doing this on a daily basis, we make sure that your crypto & private keys are always safe from greedy clutches and that your crypto experience with Ledger products is 100% safe and anonymous.

Do you want to get “in-deep” on the Donjon action and see exactly how the team works to safeguard Ledger users against attacks? Check out the Donjon labs blog and see what our white knights have been up to.

There you have it ladies and gents! The full, epic tour of Ledger’s security fortress. From the Secure Elements, to the 3rd-party certifications and the white knights of the Donjon labs, the promise of state-of-the-art security is more than just words spoken. We’re proud to provide our users with the most secure crypto experience there is on the market and a way to safely navigate the crypto space without worry.

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.