Trezor Patches Security Flaw After Ledger Uncovers Vulnerability

Hardware wallet provider Trezor has fixed a security flaw in two of its latest models after researchers from Ledger Donjon, the security division of rival firm Ledger, identified a vulnerability. The issue, which affected the microcontrollers in the Trezor Safe 3 and Safe 5 models, raised concerns about potential attacks that could bypass security measures.

Ledger Donjon, known for its open-source security research, discovered that cryptographic operations could still be performed on the microcontroller of Trezor’s Safe 3 and Safe 5 wallets. This discovery suggested that these devices could be vulnerable to sophisticated hardware attacks, even with existing security features.

Secure Elements are special chips that prevent the PIN codes as well as the cryptographic secrets from unauthorized access. However, Ledger’s researchers showed how Trezor microcontroller’s firmware integrity check could be circumvented. But this security gap left such an attacker with advanced ways to tamper with the device’s software.

Trezor Responds with a Security Update

After reviewing Ledger’s findings, Trezor confirmed that it has addressed the identified vulnerabilities. The company assured users that funds stored on Safe 3 and Safe 5 devices remain secure and that no action is required on their part.

Trezor acknowledged the challenge of fully eliminating all risks in cybersecurity, stating on X that while the issue was patched, firmware updates alone could not fully resolve the vulnerability. The company emphasized that its multi-layered security measures protect users from supply chain attacks and advised customers to only purchase wallets from official sources.

Ledger and Trezor Push for Stronger Crypto Security

After the update, Ledger’s Chief Technology Officer, Charles Guillemet, acknowledged Trezor’s swift response, emphasizing that strengthening security across the crypto industry is beneficial for all users. He remarked, “Enhancing the overall security of the ecosystem is essential as we work toward wider adoption of crypto and digital assets.”

While Ledger identified weaknesses in Trezor’s hardware, the company itself has also faced security breaches in the past. In December 2023, an attack on Ledger’s connector library led to a $484,000 loss in crypto assets, and in 2020, a breach exposed the personal details of 270,000 Ledger customers.

Ongoing Improvements in Crypto Wallet Security

Trezor and Ledger are two of the most popular hardware wallets in the crypto space to this day and both companies are always improving security. This new discovery exposes vulnerability flaws and Trezor is quick to respond to such, as both are working to reinforce protection for those that hold the digital assets.

With new security threats emerging and both firms looking for better ways to secure their hardware and software from attacks, cryptocurrency users have access to the most secure means of storage.