Home Hardware Trezor Rebuts Ledger’s Accusations of Weak Security

Trezor Rebuts Ledger’s Accusations of Weak Security

March 13, 2019 16:31
Share with your friends

At the recently concluded #MITBitcoinExpo, one of the most prominent hardware wallets, Ledger took potshots at its competition, Trezor. The former allegedly took potshots at its competitor by listing attacks such as Supply Chain AttackSide Channel PIN Attack,  Software Crappy Attack, Surprise Concluding Attack and Side Channel Attack Scalar Multiplication.

Charles Guillemet, the Chief Security Officer at Ledger, had made waves at the Expo when he said four of Trezor’s devices were “completely broken.” Ledger later went on to release a report titled “Our Shared Security: Responsibly Disclosing Competitor Vulnerabilities,” which detailed five key vulnerabilities in their competitor’s products.


In the report it said, “A shared commitment to security not only helps to better protect assets for individuals and institutions, but also to foster much needed trust throughout the crypto landscape. We have a responsibility to enhance security throughout the entire blockchain ecosystem whenever possible.”

According to the report, Ledger had purportedly reached out to Trezor and shared the vulnerabilities the Attack Lab had uncovered. In what will come across as sheer high-handedness, Ledger said, “As always, we gave Trezor a responsible disclosure period to work on these vulnerabilities, even granting them two extensions.”

Rebutting the negatives point by point, Trezor explained in great detail, why they were misleading. Trezor said, “Starting off, we would like to highlight the fact that none of these attacks are exploitable remotely. All of the demonstrated attack vectors require physical access to the device, specialized equipment, time, and technical expertise.”

It added, “The primary purpose of a hardware wallet has always been to protect users and funds against malware attacks, computer viruses, and various other remote dangers (like stealing all funds from Ledger via the Stealth Change Address). While reaching perfect physical security is a noble goal, it is, in the end, unreachable.”

Interestingly, after being told by Ledger to not talk about a certain attack, the former went ahead and made it public anyway, which caught Trezor by surprise. At the time of the security discussion, Ledger had said, “This is still under discussion with ST (a chip maker). Could you please avoid mentioning details about the attack?”

While all this back and forth is interesting, in the end, it does seem unnecessary on Ledger’s part to act as a provocateur and try to sabotage its competition.

Liked what you read? Join us on Telegram


Please enter your comment!
Please enter your name here