Reading Time: 2 minutes
- Hardware wallet maker Ledger has helped fix a security vulnerability on Trezor
- The security flaw opened Trezor’s Safe 3 wallet model to “more advanced attacks”
- Ledger hailed Trezor for frequently updating its security
Hardware wallet maker Ledger has helped its competitor, Trezor, to fix a security vulnerability on its Safe 3 wallet model. Ledger discovered that the vulnerability allowed threat actors to conduct “advanced attacks” because the wallet supported cryptographic operations on its microcontroller. Ledger noted that helping Trezor is part of its mission to make the wallet ecosystem secure for everyone and is part of driving the “broader adoption of crypto and digital assets,” something that puts the rivalry aside to improve the security of crypto wallets consequently reducing the amount of funds lost to hacks.
Trezor “Vulnerable to Voltage Glitching”
According to Ledger’s security research team Ledger Donjon, the microcontroller used in Safe 3 is “vulnerable to voltage glitching, enabling read and write access to its flash contents.”
At @Ledger, you might know that we have the @DonjonLedger, our dedicated team constantly conducting open security research.
We recently worked with Trezor, revealing that their Trezor Safe 3 was susceptible to physical supply chain attacks. Here’s a thread on our findings:🧵 pic.twitter.com/CORDOQWRYg
— Charles Guillemet (@P3b7_) March 12, 2025
Ledger Donjon said that the weakness can be exploited to attack the wallet. It also discovered some loopholes in how Trezor supports communication between the microcontroller and other security controllers.
The researchers said it’s “very hard” for attackers to use the second vulnerability to attack the wallet because “the attack is implemented purely in software.” Ledger’s CTO Charles Guillemet revealed that Trezor responded to the disclosure and “addressed the vulnerability.”
We appreciate Trezor’s responsiveness to this responsible security disclosure, and that Trezor addressed
