Ledger Gives Trezor a Security Boost

Trezor, known for its emphasis on security, introduced several improvements in its latest models, drawing scrutiny from cybersecurity analysts.

One major advancement was the inclusion of a Secure Element, a technology designed by Ledger to protect PINs and cryptographic keys. However, despite this integration, the devices remained susceptible to attacks, as certain cryptographic functions continued to rely on an unprotected microcontroller. 

Technical Analysis: The Strengths and Weaknesses

The Trezor Safe 3 and Safe 5 introduce a two-chip architecture, with a certified Optiga Trust M Secure Element working alongside a traditional microcontroller. Compared to earlier models—where security was primarily handled by a single chip—this is a clear improvement.

However, the microcontroller remains a vulnerable component. Unlike the Secure Element, it wasn’t built to withstand sophisticated hardware attacks, leaving room for potential exploitation.

Attackers with even temporary access to a Trezor device could reconfigure its firmware through the microcontroller, potentially altering its behavior. While Trezor’s integrity checks are designed to detect unauthorized changes, they failed to block certain types of modifications.

This loophole doesn’t directly expose private keys, but it does open up multiple attack pathways, making the device susceptible to more sophisticated threats.

Related: Trezor Safe 5 Review

According to security analysts who tested the flaw, Trezor’s developers reacted swiftly, releasing a fix for affected wallets well before the issue was publicly disclosed. Their quick response helped safeguard user funds.

This case underscores the importance of cooperation between leading security teams in protecting the broader crypto ecosystem.

At Ledger Donjon, our mission is to push the boundaries of security for the benefit of the whole crypto ecosystem. We will continue to research and collaborate to protect users under all relevant threat models. The collaboration with Trezor exemplifies this commitment.

— Charles Guillemet, CTO of Ledger.

Cybersecurity Lessons

Cyber threats remain an ever-present risk, even for security-focused companies like Ledger. In December 2023, hackers exploited a vulnerability in one of its software components, resulting in nearly $500,000 in stolen digital assets.

Additionally, the company experienced a customer data breach, with sensitive user information being exposed online. These incidents underscore the need for continuous innovation and industry-wide collaboration to protect users from evolving cyber threats.

Check this out: Introducing Ledger Flex: A “Cold Storage” Star Among Wallets

When it comes to securing digital assets, collaboration—not competition—is the key to staying ahead of threats. That’s why the partnership between Trezor and Ledger sends a powerful message to the crypto community.

By working together to identify and resolve vulnerabilities, these industry leaders not only respond faster to risks but also improve security for all wallet users. As Ledger’s CTO put it:

We appreciate Trezor’s responsiveness to this responsible security disclosure, and that Trezor addressed the vulnerabilities we found, showcasing the importance of continuous improvement and cooperation in the crypto space. We believe that making the ecosystem more secure helps everyone, and is critical as we push towards broader adoption of crypto and digital assets.

Developers are continuously strengthening firmware and hardware security, addressing known vulnerabilities and enhancing resilience. However, security professionals remind us that no wallet is entirely immune to threats.

To mitigate risks, users should follow best practices: purchase only from authorized sellers, install firmware updates promptly, and ensure their device remains physically secure.

Read on: Trezor Wallet: How Secure Is Your Crypto?