Ledger Finds Vulnerability in Trezor Wallets
Date: 2025-03-13 Author: Oliver Abernathy Categories: BUSINESS
Ledger's research team found a problem in the microcontroller in Trezor hardware wallets that performed cryptographic operations. According to Ledger CFO Charles Guillaumet, this component made the devices "vulnerable to sophisticated attacks."
Trezor has already implemented Secure Elements, chips that provide protection for the PIN code and cryptographic data. Ledger noted that this technology effectively prevents hardware attacks, including voltage manipulation.
"[This feature] ensures the safety of users' funds even if their device is lost or stolen," Ledger researchers said.
However, they found another potential attack vector related to the microcontroller in the dual-chip architecture of Safe 3 and Safe 5. Ledger engineers were able to bypass the built-in firmware integrity check, but Trezor subsequently fixed the vulnerability. The company's representatives assured that user assets were not at risk and no action was required from customers.
At the same time, when asked about the possibility of fixing the problem through a firmware update, Trezor stated that this option is not possible.
"In the field of cybersecurity, there is an immutable rule: complete invulnerability is unattainable," the company noted.
Trezor emphasized that it has implemented multi-layered protection against supply chain attacks and strongly recommends purchasing devices only from authorized distributors.
Earlier, in January 2024, the company reported the compromise of 66,000 customer data due to a leak at a third-party support provider. In December of that year, attackers posing as Ledger support sent fake hack notifications to users in an attempt to obtain their seed phrases.
