Crypto: Ledger Comes To The Rescue Of Trezor!

Is the competition in the crypto industry pushing Ledger to attack Trezor, or is it a timely warning for all users? Behind this revelation lies a major issue: the security of wallets. Ledger has demonstrated that Trezor’s Safe 3 and Safe 5 models had a critical flaw. A simple workaround of the firmware potentially allowed access to users’ funds. How was this breach discovered and corrected?

Ledger sheds light on a troubling flaw at Trezor

Ledger Donjon, the cybersecurity research branch of Ledger, discovered a critical vulnerability in Trezor’s wallets Safe 3 and Safe 5. While studying the security of these models, researchers found that cryptographic operations were performed on a microcontroller vulnerable to advanced attacks.

The problem? A hacker could theoretically modify the firmware and bypass the integrity check, making unauthorized access to users’ digital assets possible.

“We believe that strengthening the crypto ecosystem benefits everyone “, stated Charles Guillemet, CTO of Ledger.

A discovery raising questions about the robustness of competing wallets.

Trezor responded promptly by applying a patch, demonstrating its commitment to security. But this incident highlights a troubling reality: security flaws are not just anomalies, but ongoing threats.

If a breach has been patched today, how many more remain to be discovered in the world of crypto wallets?

Crypto wallet: the race for security continues

Hardware wallets are supposed to be the ultimate vault for digital assets, but this incident shows that none are infallible. Trezor introduced Secure Elements, chips designed to protect private keys against physical attacks.

However, Ledger revealed that this protection could be bypassed via the microcontroller, rendering the flaw exploitable.

Facing the threat, Trezor recalled that its firmware has an integrity check to prevent any malicious modifications. But Ledger demonstrated that this protection could be bypassed by a determined attacker. A simple physical access could compromise a crypto wallet, a worrying situation for altcoin and bitcoin investors.

Some notable figures:

• $484,000 in crypto stolen during a previous breach at Ledger in 2023;
• 270,000 email addresses of Ledger users compromised in 2020;
• 297 solo miners validated a Bitcoin block against all odds;
• 100% of wallets remain theoretically vulnerable to certain advanced physical attacks.

If traders and holders of digital assets thought that their wallet was impregnable, this incident reminds them that caution is necessary.

Cybersecurity: an ongoing challenge for crypto wallets

In the world of digital assets, cybersecurity is a never-ending battle. Trezor and Ledger strive to improve the protection of their wallets, but hackers continue to refine their techniques. Every innovation brings its share of vulnerabilities, turning security into a game of cat and mouse.

Printed circuit boards of two Trezor Safe 3s, one running authentic software and the other with modified firmware. – Source: Ledger

The latest flaw highlights an underestimated risk: physical attacks via the supply chain. In theory, a malicious actor could compromise a crypto wallet even before it’s purchased by a user, thus opening a sneaky breach in the protection of digital assets.

Ledger emphasizes the importance of Secure Elements and firmware integrity checks to prevent unauthorized access. Yet, even with these measures, threats are constantly evolving. As Trezor stated:

In cybersecurity, the golden rule is simple: nothing is infallible.

A statement that resonates as attack methods become increasingly sophisticated.

Some concerning elements:

• 90% of attacks on hardware wallets exploit physical or human flaws;
• Phishing remains the leading cause of crypto-asset theft, even with secure wallets;
• Each year, hackers develop new methods to bypass existing protections.

How far will manufacturers have to go to secure crypto wallets? Should we expect new flaws or innovations capable of eradicating these risks? One thing is certain, the crypto industry must redouble its vigilance, as attackers, themselves, never sleep.

This flaw reminds us that the security of wallets does not solely rely on technology, but also on the vigilance of users. Ledger itself has been a victim of phishing campaigns and data leaks in the past. Nothing is ever completely secure in the crypto universe, and staying alert remains the best protection.