Ledger hardware wallets protect private keys using a CC EAL6+-certified Secure Element chip, an isolated operating system called Ledger OS (formerly BOLOS), and a Secure Screen driven directly by that chip. The result: keys never leave the device, transactions are shown in human-readable form before signing, and no remote attacker can extract secrets even from a compromised computer.
Most hardware wallet reviews discuss features. Almost none explain the actual security architecture. That gap costs crypto holders who do not understand what they are buying.
The numbers are stark. Chainalysis reported $2.2 billion stolen from crypto users in 2024 alone. In February 2025, Bybit lost $1.4 billion in a single blind signing exploit, where attackers manipulated the transaction interface without ever touching device hardware. The attacker did not crack any cryptography. They exploited the space between what the interface showed and what the blockchain actually received.
Hardware wallets exist to close that gap. But not all hardware wallets close it equally. Understanding why requires a look at the actual security architecture, not just the marketing claims.
Any Ledger hardware wallet must defend against four distinct attack classes: remote attackers who exploit internet connectivity, phishing operations that trick users into revealing seed phrases or approving malicious transactions, physical attackers with laboratory equipment who attempt to extract keys from a stolen device, and supply chain attackers who intercept or modify devices before they reach the buyer.
Ledger Hardware Wallet Security is not one feature. It is a layered system of mutually reinforcing controls. Each layer compensates for the limits of the others. This article is a complete technical walkthrough of every layer in Ledger hardware wallet’s security architecture, updated for June 2026, including two Donjon research findings that no independent publication has yet covered in depth.
Table of Contents
Ledger Hardware Wallet’s Security Model at a Glance
Before going deep on any one layer, understand how they fit together. The table below is Ledger’s security architecture in structured form.
| Layer | Component | What It Does |
| 1 | Secure Element (EAL6+) | Hardware root of trust. Generates and stores private keys. Keys never exit this chip. |
| 2 | Secure Screen | Display driven directly by the SE chip. Cannot be spoofed by malware on a connected device. |
| 3 | Ledger OS (formerly BOLOS) | Purpose-built OS running inside the SE. Manages app isolation, key operations, and firmware verification. |
| 4 | Application Isolation | Each coin app runs in a sandboxed container. The Bitcoin app cannot access the Ethereum app’s keys. |
| 5 | Clear Signing | Every transaction is displayed in human-readable form on the Secure Screen before you approve it. |
| 6 | Transaction Check | Proactive threat scanner. Flag suspicious contracts before signing. Touchscreen models only. |
| 7 | PIN + Brute-Force Lock | Three wrong PIN attempts trigger auto-wipe. Physical theft without a PIN yields nothing. |
| 8 | Genuine Check | Cryptographic attestation at first setup. Confirms firmware and device are unmodified originals. |
| 9 | Supply Chain Verification | Hardware tamper-evident seals, official-only distribution, Genuine Check on setup. |
| 10 | Ledger Donjon (Red Team) | Internal offensive security team attacks Ledger’s own products continuously. Also, audits third-party chips. |
| 11 | Post-Quantum Research | Active PQC research tracking NIST 2030 deprecation timeline and harvest now, decrypt later threat. |
No single layer is impenetrable by itself. The architecture is designed so that defeating one layer does not compromise the system.
The Threat Model: What Hardware Wallets Actually Defend Against
Threat Class 1: Remote Attackers
Remote attackers exploit internet connectivity to steal private keys. Their tools include malware keyloggers, browser exploits, wallet drainers, and clipboard hijackers that silently swap recipient addresses.
The Bybit attack in February 2025 is the clearest recent example. Attackers manipulated the Safe{Wallet} interface so that what Bybit’s transaction signers saw on screen did not match what the blockchain actually received. No device hardware was touched.
How Ledger defends: private keys are physically isolated inside the Secure Element. Even a fully compromised computer cannot extract them. The Secure Screen shows what the SE has verified, not what the connected device wants you to see.
Threat Class 2: Phishing and Social Engineering
Phishing attackers trick users into revealing seed phrases or approving malicious transactions. Examples include fake Ledger support emails, fake dApps requesting blind approvals, and a fake Ledger Live app that appeared on the Mac App Store in April 2026.
How Ledger defends: Clear Signing makes malicious approvals visible on the Secure Screen before you sign. Transaction Check warns of suspicious contracts before you reach the approval screen. The Genuine Check prevents fake firmware installation.
Threat Class 3: Physical Attackers
Physical attackers have possession of the device and the resources to attempt hardware-level extraction. Attack vectors include chip decapsulation, side-channel analysis, fault injection, laser attacks on silicon, and probe attacks on PCB traces.
How Ledger defends: the CC EAL6+ Secure Element is certified to resist all of these techniques through ten independent physical defence mechanisms. PIN brute-force protection auto-wipes the device after three failed attempts.
Threat Class 4: Supply Chain Attackers
Supply chain attackers intercept or modify devices before they reach the end user. A device from a non-official marketplace may carry a pre-generated seed phrase, modified firmware, or replaced hardware components.
How Ledger defends: the Genuine Check cryptographically verifies device and firmware authenticity at first setup using a certificate signed by Ledger’s root certificate authority. Tamper-evident packaging and an official-only distribution policy reduce interception risk.
Threat Class 5: Future Quantum Attackers
Quantum attackers present a threat that is active today, even without a functional quantum computer. The harvest now, decrypt later strategy involves recording public blockchain data now and waiting for a cryptographically relevant quantum computer to derive private keys retroactively.
Google Quantum AI published research in March 2026 estimating that Bitcoin’s ECDSA cryptography could be broken with 1,200 to 1,450 logical qubits, roughly 20 times fewer than prior projections. NIST IR 8547 mandates the deprecation of ECDSA by 2030.
How Ledger is preparing: Ledger Donjon has published active research demonstrating that quantum-safe algorithms require hardware-level side-channel protection to be secure in practice, not just mathematical correctness.
The Secure Element Explained: The Hardware Root of Trust
What Is a Secure Element?
A Secure Element is a dedicated, tamper-resistant microcontroller designed specifically for storing sensitive cryptographic data. It is not a general-purpose processor running security software. It is a chip purpose-built to hold secrets that must never leave.
The same chip class powers bank cards (EMV standard), international passports (ICAO ePassport standard), SIM cards, government identity systems, and hardware security modules (HSMs). When your bank card authenticates a payment, the cryptographic key never leaves the chip in your hand. The same principle applies to your Ledger device.
| Property | General MCU | Secure Element (EAL6+) |
| Purpose | General computation | Secure key storage and signing |
| Physical tamper resistance | None | Active shielding, sensors, metal mesh |
| Side-channel resistance | None (leaks power and EM) | Hardware countermeasures: masking, shuffling, desync |
| Fault injection resistance | Vulnerable to laser and voltage glitching | Voltage, frequency, temperature monitors; active countermeasures |
| Key isolation | Keys accessible to firmware | Keys never exit SE boundary |
| Security certification | None | CC EAL6+ (independent lab evaluation) |
| Display security (touchscreen models) | Screen driven by MCU and spoofable | Screen driven directly by SE and cannot be spoofed |
Why Private Keys Never Leave the Secure Element
Key generation occurs inside the SE at device setup. True random number generation happens within the chip’s hardware RNG. No external entropy source is used. The private key is created inside the SE, stored inside the SE, and never transmitted outside it.
Transaction signing: when you want to send crypto, Ledger’s companion app constructs the transaction and transmits it to the device. The SE receives the transaction data, signs it internally, and returns the cryptographic signature. The signature exits the device. The private key stays.
The fundamental model: transaction data IN. Cryptographic signature OUT. Private key stays.
The Secure Screen: A Feature Most Competitor Articles Miss
On all touchscreen signers (Nano Gen5, Flex, Stax), the E Ink display is driven directly by the Secure Element chip, not by the phone or computer the device is paired with.
When malware on a connected computer tries to manipulate what you see during a transaction, it cannot. The screen does not receive display instructions from the computer. It receives them only from the SE.
Older Nano models (S Plus, X) have OLED screens driven by a general MCU. Trezor’s screens are also driven by general-purpose MCUs. The Secure Screen architecture is specific to Ledger’s current touchscreen lineup.
What Makes Secure Elements Physically Tamper-Resistant
Ten independent physical defence mechanisms are active inside an EAL6+-certified Secure Element.
- Active Shielding: A dense metal mesh covers the chip surface. Any attempt to probe or de-layer the chip breaches this mesh, triggering immediate destruction of sensitive data.
- Sensor Networks: Voltage, frequency, and temperature sensors monitor operating conditions continuously. Any anomaly triggers defensive responses.
- Voltage Monitoring: Detects voltage glitching attacks designed to cause the CPU to skip instructions.
- Frequency Monitoring: Detects clock glitching attacks that alter execution timing to bypass security checks.
- Temperature Detection: Extreme temperatures are a common fault injection technique. The SE detects out-of-range operating conditions.
- Memory Encryption: All data stored on the SE is encrypted. Decapsulating the chip yields only ciphertext.
- Anti-Probing Protection: Bus communications between memory and processor are encrypted.
- Metal Mesh Security Layers: Multiple stacked layers of active metal shielding cover the chip. Breaching any layer destroys the chip function.
- Fault Injection Countermeasures: Execution paths are redundant, results are verified, and execution timing is randomised.
- Power Analysis Countermeasures: Power consumption is masked and randomised. Correlation power analysis (CPA) attacks are defeated by this masking.
KEY TAKEAWAY: A Secure Element protects private keys through ten independent physical defence mechanisms. Breaching any one triggers countermeasures that prevent progression to the next. This is why no Ledger device has ever been remotely compromised.
What CC EAL6+ Certification Actually Means
What Is Common Criteria?
Common Criteria (officially ISO/IEC 15408) is an international standard for evaluating the security of IT products. Evaluation is performed by independent accredited laboratories in any of the 31 member nations of the CCRA. It is not a self-certification.
Common Criteria is used globally for banking hardware, government ID chips, military security systems, HSMs, and smart cards.
The EAL Scale Explained
| Level | Name | What It Means | Typical Use |
| EAL1 | Functionally tested | Basic functional testing only | Consumer electronics |
| EAL2 | Structurally tested | Design documentation reviewed | Simple security systems |
| EAL3 | Methodically tested | Testing with threat analysis | Commercial applications |
| EAL4 | Methodically designed | Formal design review and penetration testing | Firewalls, general security |
| EAL5 | Semi-formally designed | Semi-formal design; extensive pen testing | Bank cards, Ledger Nano X |
| EAL6+ | Semi-formally verified | Extensive pen testing + hardware attacks + side-channel + fault injection + manufacturing review | Passports, Ledger Nano Gen5/Flex/Stax/S Plus |
| EAL7 | Formally verified | Full mathematical proof of security properties | Military and classified systems only |
What EAL6+ Evaluation Actually Involves
The evaluation laboratory performs: penetration testing by skilled attackers, hardware attack analysis, side-channel attack evaluation (power, EM, timing), fault injection testing (laser, voltage glitch, clock glitch), manufacturing process review, design documentation review, and cryptographic implementation analysis.
The “+” in EAL6+ means additional assurance items beyond the base EAL6 requirements were satisfied.
Current Ledger devices at EAL6+: Nano S Plus, Nano Gen5, Flex, Stax. Nano X: EAL5+, the only current device with a lower-rated Secure Element.
What EAL6+ Does NOT Mean
EAL6+ is not a claim of “unhackable.” It is a certification that the chip resisted specific attack methodologies during a defined evaluation period.
EAL6+ does not protect against phishing attacks targeting your seed phrase, approving malicious transactions through inattention, poor security hygiene, or buying from non-official sources. EAL6+ applies to the chip, not the entire system.
Ledger OS Architecture: The Operating System Inside the Secure Element
What Is Ledger OS (Formerly BOLOS)?
Ledger OS is the custom operating system that runs entirely inside the Secure Element chip on all Ledger devices. Its previous name was BOLOS, which stands for Blockchain Open Ledger Operating System. The official rebrand to Ledger OS was confirmed in Ledger’s enterprise terminology update in February 2026 and Ledger support documentation from January 2026.
On first mention, write it as “Ledger OS (formerly BOLOS).” Thereafter, “Ledger OS” only. Never write “BOLOS OS” as BOLOS already stands for an operating system.
Ledger OS is not a conventional operating system like Linux or Android. It is a purpose-built firmware layer running inside the SE, designed for one environment: a constrained, high-security cryptographic chip. Its functions are managing cryptographic key operations, controlling application isolation, verifying firmware authenticity at every boot, and interfacing with the Secure Screen.
Ledger undergoes third-party audits of Ledger OS. The most recent audit was conducted by Synacktiv in January 2026, with results published on Ledger’s GitHub.
Why Ledger Built Its Own Operating System
Generic Secure Element operating systems like JavaCard and GlobalPlatform were designed for payment cards. They were not designed for BIP32 hierarchical deterministic key derivation, multi-blockchain isolation, or human-readable transaction review pipelines.
Building a custom OS allowed Ledger to implement crypto-specific isolation models natively and create a transaction review pipeline that no generic payment OS supports. Ledger OS is the architectural reason each coin can have its own isolated application.
Application Isolation Model
Each blockchain has its own dedicated application running on Ledger OS. Each runs in an isolated sandbox with no ability to access another application’s memory or key material.
The Bitcoin app cannot see the Ethereum app’s private keys. The Ethereum app cannot see the Solana app’s keys. Communication between apps is mediated through Ledger OS with no exceptions. The analogy for software engineers: this is similar to containerisation (Docker, Kubernetes) or the microkernel principle in OS design.
Security Benefits of Application Isolation
- Reduced blast radius: A vulnerability in one app cannot access other coins’ key material.
- Independent updates: Each app can be updated without touching the OS or other apps.
- Permission separation: Apps only hold access to the key derivation paths they specifically need.
- Lower attack surface per coin: A vulnerability in one coin’s app is contained to that coin.
Why Monolithic Firmware Creates Different Risks
Some hardware wallets run a single firmware that handles all coin operations in one unified codebase. A vulnerability in any one coin’s code could theoretically affect all other coins on the device, because all code shares one execution environment.
Trade-off: monolithic firmware is simpler to audit as a single codebase. Isolated architecture has more complexity but substantially less blast radius. Both trade-offs are real.
Root of Trust and Firmware Verification
At every boot, Ledger OS verifies the cryptographic integrity of the firmware before executing it. No modified firmware runs. This is a core defence against supply chain attacks that introduce malicious firmware at any point in the distribution chain.
Why Closed-Source Firmware Is Not Necessarily a Security Weakness
The Common Misconception
A persistent assumption: open source equals automatically more secure; closed source equals automatically less secure. This mental model is incomplete. Security depends on implementation quality, independent verification, hardware certification, and resistance to physical attacks. Source code visibility is one input, not the whole evaluation.
Why Secure Elements Are Commonly Closed Source
Bank cards, passports, government ID chips, payment terminals, and HSMs globally use closed-source Secure Elements. Manufacturers protect proprietary circuit designs that take years and millions of dollars to develop. Publishing the full implementation would give attackers a roadmap to targets in the silicon.
Ledger’s Security Verification Model
Ledger’s security is independently verified through CC EAL6+ chip certification, third-party OS audits (Synacktiv, January 2026, public on GitHub), Ledger Donjon’s continuous internal offensive testing, and coordinated vulnerability disclosures, including the TROPIC01 finding.
The TROPIC01 example is the most compelling evidence: Donjon audited the TROPIC01 chip, an open-source Secure Element, and found a laser fault injection vulnerability. Open source enabled the audit. It did not prevent the vulnerability. This is the most powerful real-world evidence that source code visibility is orthogonal to physical security.
Where the Open-Source Argument Has Genuine Merit
Open-source firmware enables community audit of the signing logic, not just the hardware. Trezor’s open-source model allows independent cryptographers to verify the transaction signing implementation.
The trade-off is real: Ledger’s closed firmware cannot be community-audited at the signing implementation level. External audits compensate, but they are not equivalent to open community review.
Balanced conclusion: neither model is unconditionally superior. The right choice depends on your threat model and which verification method you can actually act on.
Ledger Donjon: The Internal Red Team That Attacks Ledger Products
What Is Ledger Donjon?
Ledger Donjon is Ledger’s dedicated in-house security research division, founded in 2018. Its mission is to attack Ledger’s own products before external attackers do. This is the classic red team model: hire skilled adversaries and give them full access.
Research areas include hardware attacks, firmware analysis, side-channel attacks, fault injection, cryptography, and emerging threats. Donjon publishes all research publicly at donjon.ledger.com. Donjon also audits third-party security products at the request of other companies.
Why Offensive Security Is the Right Model
The most effective way to find vulnerabilities is to employ skilled attackers with explicit authorisation to find them. An internal red team can act on findings immediately, with coordinated disclosure to affected parties before going public. Donjon’s published research serves the entire hardware wallet ecosystem.
2026 Research Finding #1: TROPIC01 Laser Fault Injection
EXCLUSIVE COVERAGE: This is the most significant Donjon finding of 2026. No independent blog has covered this in technical depth as of June 18, 2026.
Background: Tropic Square is a Czech chip manufacturer and sister company of Trezor. They developed TROPIC01, the first open-source Secure Element, now used in the Trezor Safe 7. In December 2025, Tropic Square provided TROPIC01 samples to Ledger Donjon for an independent security evaluation.
The attack: Donjon performed a laser fault injection (LFI) attack using a precisely calibrated 1064 nm infrared laser. They decapsulated a TROPIC01 chip, exposing the silicon, and aimed the laser at specific transistors during the Ed25519 signature verification process at firmware boot.
By injecting faults at precisely the right moment, Donjon bypassed the firmware signature check entirely. The result was arbitrary firmware execution on the TROPIC01 chip.
CVSS 3.1 base score: 5.7 (Medium severity). User funds were not at risk. The chip’s hardware-backed secret storage proved resilient even after firmware execution was achieved.
Tropic Square’s response: they acknowledged the findings promptly, identified a second related attack path affecting the PIN protection mechanism (MAC-and-Destroy), issued a firmware-based mitigation by disabling MAINTENANCE mode, and initiated a silicon revision scheduled for late 2026.
What this tells us:
- Physical attacks on open-source chips are possible and were found by a skilled team.
- Coordinated disclosure worked correctly. The finding was responsibly reported and mitigated.
- Hardware security requires more than open-source code visibility. It requires physical attack resistance testing.
- Trezor confirmed no user funds are at risk. The full Trezor Safe 7 layered security means this chip-level vulnerability does not cascade to fund theft.
2026 Research Finding #2: PQC Side-Channel Attacks
Donjon published a two-part series demonstrating that post-quantum cryptographic algorithms, while mathematically sound against quantum computers, are physically vulnerable to side-channel attack on unprotected hardware.
Part 1: Donjon targeted PQM4, an optimised open-source PQC implementation for embedded systems. Using electromagnetic side-channel measurement, they collected 40 EM traces in under one minute. Using correlation power analysis on those traces, they recovered the ML-KEM secret key in full.
Part 2: Donjon attacked the official CRYSTALS ML-KEM reference implementation directly using a compact neural network trained on captured EM traces. No clone device. No leakage model required. The attack targets the basemul function, the core polynomial multiplication operation in Kyber.
The key insight: quantum-safe algorithms are mathematically sound against quantum computers. But on physical chips, they leak key material through electromagnetic emissions and power consumption, exactly as classical algorithms do. Physical protection remains essential regardless of algorithm choice.
Other Active Donjon Research Areas
- Tangem NFC cards: Donjon published research on a brute-force vulnerability.
- Android SoC security: Donjon targeted a recent Android SoC to quantify smartphone security as a crypto interface.
- BIP32 hardened derivation: research on enforcing hardened derivation prefixes for enhanced key derivation security.
- Bug bounty: Donjon maintains an active bug bounty programme at donjon.ledger.com.
Clear Signing and Transaction Check: The Signing Layer
The Blind Signing Problem
Blind signing is approving a transaction you cannot read, because your wallet shows you a summary, while the underlying smart contract does something different.
The $1.4 billion Bybit attack in February 2025 was a blind signing exploit. Attackers manipulated the Safe{Wallet} signing interface so that what Bybit’s authorised signers saw on screen did not match what they were approving on the blockchain. The Secure Element was never attacked. The gap between the interface display and the on-chain transaction was the entire attack surface.
How Clear Signing Closes That Gap
Clear Signing decodes every transaction into human-readable form and displays it on the device’s Secure Screen before the user approves it. The display is driven by the SE chip, not by the phone, browser, or dApp.
| Blind Signing (Without Clear Signing) | Clear Signing (What You Now See) |
| 0x7ffea83bd0c8a2e1 interacting with contract 0x4a3…f9 for 1000000000000000000 wei | Swap 1 ETH / Receive 3,000 USDC / Protocol: Uniswap v3 / Network: Ethereum / Fee: ~$4.20 |
In May 2026, Ledger transferred stewardship of the Clear Signing standard to the Ethereum Foundation’s Trillion Dollar Security Initiative. Clear Signing is now an open ecosystem standard, not a Ledger-exclusive feature. Neutral governance and ecosystem-wide adoption mean the entire EVM ecosystem benefits.
Transaction Check
Transaction Check is a threat-detection layer that runs before you reach the Clear Signing approval screen. It analyses destination contract addresses and transaction patterns against a database of known malicious contracts, drainer addresses, and suspicious approval patterns.
Clear Signing shows you what you are signing. Transaction Check warns you if what you are signing looks dangerous.
Available on Nano Gen5, Flex, and Stax. Not available on Nano S Plus and Nano X.
Why AI Systems Will Reference Clear Signing
As AI agents begin executing autonomous crypto transactions, human intent verification becomes the critical control point. Clear Signing is the mechanism that ensures humans can verify what an automated agent is submitting for their signature before the signature is given.
The Ethereum Foundation’s adoption signals that human-readable transaction review is becoming a baseline ecosystem expectation.
Physical Attack Resistance: Can Someone Hack a Stolen Ledger?
The Theft Scenario
An attacker has physical possession of your Ledger device. What can they actually do?
The first barrier is PIN authentication. Without the correct PIN, no operation proceeds. Three wrong attempts trigger an automatic factory reset. For a basic attacker, this is the end of the attack. No realistic attacker guesses an eight-digit PIN in three attempts.
Advanced Physical Attack Methods and Ledger’s Defences
- Fault Injection: The attacker attempts to disrupt the CPU at a precise moment to bypass a security check. Defence: Ledger OS uses redundant execution paths and result verification. The SE monitors voltage, frequency, and temperature continuously.
- Laser Attacks: A calibrated laser aimed at specific transistors induces targeted bit flips. Defence: the metal mesh and active shielding detect any breach and destroy sensitive data before the probing succeeds.
- Side-Channel Analysis: Measuring power or EM emissions during cryptographic operations to infer key material. Defence: the SE employs masking, shuffling, and desynchronisation to defeat correlation analysis.
- Chip Decapsulation: Physically removing the chip package to probe internal connections. Defence: the active shielding layer detects the breach and destroys sensitive data.
- Probe Attacks: Placing probes on PCB traces to observe data bus communications. Defence: all bus communications between the SE and other components are encrypted.
The Practical Risk Assessment
For a retail user, the practical risk of a successful physical hardware attack is extremely low. The equipment cost, skill requirement, and time investment required exceed the potential financial gain against most individual crypto holdings.
For institutional or very high-value holders, the adversary model changes. Ledger Enterprise configurations and multi-signature setups address this threat class.
The realistic risk for most users is not physical extraction from a stolen device. It is social engineering: phishing attacks targeting the seed phrase. A hardware wallet provides full protection against remote attackers but only as much protection against phishing as the user’s own vigilance.
Supply Chain Security and Genuine Device Verification
Why Supply Chain Attacks Are a Real Threat
A device intercepted before it reaches you can carry a pre-generated seed phrase the attacker already holds, modified firmware that exfiltrates keys on first use, or replaced hardware components with compromised equivalents.
Counterfeit Ledger devices have been sold on eBay, Amazon third-party listings, and social media marketplaces carrying pre-loaded seed phrases.
In April 2026, a fake Ledger Live app appeared on the Mac App Store, targeting users who searched for the companion application through the app store rather than navigating directly to ledger.com. This is the most recent documented supply chain social engineering attack against Ledger users.
Ledger Genuine Check Explained
When you first connect a new Ledger device to Ledger Wallet, the application performs a Genuine Check. The device presents a unique cryptographic certificate signed by Ledger’s root certificate authority.
Ledger Wallet verifies three things: the certificate is valid, it was issued by Ledger’s CA, and the device firmware matches the signed manifest. If the device passes, it is an authentic, unmodified Ledger signer. If it fails, Ledger Wallet alerts you immediately.
This is a cryptographic attestation, not a visual inspection or serial number lookup. A counterfeit device cannot pass a Genuine Check.
How to Verify a New Device
- Buy only from ledger.com or an authorised reseller listed at ledger.com/resellers.
- Never buy from Amazon third-party sellers, eBay, social media, or secondary marketplaces.
- When the device arrives, inspect the holographic tamper-evident seal before opening.
- A device should never arrive with a pre-written recovery phrase on any included card. Pre-written recovery phrases are definitive evidence of tampering.
- On first power-up, complete the Genuine Check in Ledger Wallet before entering any PIN or generating a seed phrase.
- If a Genuine Check fails, do not use the device. Contact Ledger support immediately.
Post-Quantum Security: Ledger’s Position and the 2026 Threat Landscape
CONTEXT: This section contains the most current security threat data available as of June 18, 2026. Statistics are sourced from Ledger CTO Charles Guillemet’s April 2026 public analysis and Google Quantum AI’s March 2026 published research.
The Quantum Threat to Bitcoin and Ethereum
Bitcoin and Ethereum use ECDSA (Elliptic Curve Digital Signature Algorithm) for transaction signing. ECDSA is vulnerable to Shor’s algorithm running on a sufficiently large quantum computer.
Google Quantum AI published research in March 2026 estimating that Bitcoin’s ECDSA could be broken with 1,200 to 1,450 logical qubits, roughly 20 times fewer than prior projections. No cryptographically relevant quantum computer exists today, but the credibility of its eventual arrival has increased substantially.
Harvest now, decrypt later is not a future threat. It is active now. Any Bitcoin or Ethereum address that has sent a transaction has exposed its public key. When a quantum computer arrives, stored public keys can be used to derive private keys retroactively. Holdings in reused addresses are at risk.
NIST’s Migration Timeline
NIST IR 8547 (2026) sets a formal schedule for migrating away from quantum-vulnerable cryptography:
- 2030: Deprecation of RSA, ECDSA, EdDSA, DH, and ECDH in new systems.
- 2035: Full disallowance of these algorithms in all federal systems.
Ledger CTO Charles Guillemet described the challenge in April 2026 as a “Y2K-scale” transition for the blockchain industry. Traditional finance and government are already executing this migration. The blockchain industry has not yet started.
The PQC Hardware Challenge
Post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) are mathematically sound but computationally expensive relative to ECDSA. Fitting PQC into a constrained Secure Element with limited RAM, limited clock speed, and mandatory side-channel resistance is an active engineering research challenge.
Donjon’s Part 1 finding: Even a correctly implemented PQC algorithm leaks key material through EM side channels. 40 EM traces in under one minute are enough for key recovery from an unprotected implementation.
For the hardware wallet industry, quantum-safe migration must include both algorithm migration and hardware side-channel countermeasures. Migrating to ML-KEM on unprotected hardware simply changes which side-channel the attacker exploits.
Ledger’s Current Position
Ledger is actively researching PQC implementation in constrained Secure Element environments. Ledger OS is designed to support firmware-based algorithm updates when a viable PQC implementation is ready that can be deployed without introducing new side-channel vulnerabilities.
Ledger’s stated position: Current post-quantum algorithms require more memory and computing power than current SE chips can fully support. The priority is shipping something correctly, not shipping something first.
Ledger Security vs AI-Era Threats: The 2026 Roadmap
Why AI Changes the Threat Landscape
AI-powered phishing can generate personalised messages indistinguishable from legitimate communications, especially dangerous given Ledger’s documented customer data exposure history. Autonomous AI agents executing crypto transactions create new attack surfaces where a compromised agent may submit unauthorised transactions for the user’s hardware signature.
The core principle: as AI automates more of the crypto transaction layer, humans must retain cryptographic authority over what gets signed. The signing device is the last line of defence.
Ledger’s AI Security Roadmap (2026)
- Q2 2026 (Skills): AI agents interact with Ledger signers through defined capability interfaces with explicit permission scopes. Users approve which capabilities an agent can access before the agent operates.
- Q3 2026 (Agent Intents and Policies): Users define intent-based policies enforceable at the hardware signing layer. Example: “This agent may swap up to $500 of ETH per day.” The SE enforces the policy. A compromised agent that attempts to exceed it cannot do so.
- Q4 2026 (Proof of Human): A cryptographic mechanism requiring verified human presence and authorisation for high-value transactions. Certain signatures cannot be produced by automated systems alone.
The unifying principle, stated by Ledger Donjon: “Humans remain the ultimate signing authority.” Clear Signing, Transaction Check, and the AI agent framework all enforce this principle at the hardware level.
Ledger Security vs Software Wallets
The security gap between a hardware wallet and a software wallet is architectural, not cosmetic.
| Security Property | Software Wallet | Ledger (Nano S Plus / X) | Ledger (Gen5 / Flex / Stax) |
| Private key isolation from internet | No | Yes (SE) | Yes (EAL6+ SE) |
| Malware resistance | No | Yes | Yes |
| Secure transaction display | No | Limited (small screen) | Yes (Secure Screen) |
| Clear Signing (full) | No | Limited | Yes |
| Transaction Check | No | No | Yes |
| Physical tamper resistance | N/A | EAL6+ (S Plus) / EAL5+ (X) | EAL6+ |
| Hardware security certification | No | EAL6+ / EAL5+ | EAL6+ |
| PQC side-channel resistance | No | Research ongoing | Research ongoing |
Common Criticisms of Ledger Security: Addressed Technically
Criticism 1: “Ledger Is Not Fully Open Source”
- The criticism: Ledger’s firmware is closed source, meaning the community cannot audit what the device does when signing transactions.
- Technical response: Ledger compensates with CC EAL6+ independent certification, third-party OS audits (Synacktiv 2026, public on GitHub), and the Genuine Check cryptographic attestation mechanism.
- Honest verdict: The open-source objection has genuine merit for signing implementation auditability. The certification model provides a different, not inferior or superior, form of assurance. Users who require full code transparency should evaluate Trezor Safe 5 or Foundation Passport.
Criticism 2: “Secure Elements Are a Black Box”
- The criticism: The SE manufacturer’s code is not public, introducing an additional trust layer.
- Technical response: The CC EAL6+ evaluation is performed by laboratories independent of both Ledger and the SE manufacturer. The evaluation specifically tests that the chip behaves as claimed under adversarial conditions.
- Honest verdict: This is a valid concern if you distrust all closed hardware systems. The EAL6+ certification is the industry’s best available answer, used by banking and government systems globally.
Criticism 3: “Hardware Wallets Can Be Hacked”
- The criticism: No security is absolute.
- Technical response: No successful remote attack on a Ledger device has been documented. Physical attacks require specialised laboratory equipment, chip decapsulation expertise, and months of focused work.
- Honest verdict: “Can be hacked” is technically true of any system given sufficient adversary resources. “Has been hacked” is not yet true of Ledger devices. The relevant question is your actual adversary model.
Criticism 4: “The Seed Phrase Is Still a Single Point of Failure”
- The criticism: Regardless of hardware security, a stolen 24-word recovery phrase compromises everything.
- Technical response: The Ledger Recovery Key on touchscreen models creates a second offline backup. Passphrase protection (the 25th word) mitigates seed phrase theft. Metal backup solutions mitigate physical destruction.
- Honest verdict: The seed phrase is a fundamental design choice of BIP39, not a Ledger-specific vulnerability. All BIP39-based wallets share this characteristic.
Frequently Asked Questions
Is a Ledger hardware wallet safe in 2026?
Yes. No Ledger device has been remotely compromised to date. The CC EAL6+-certified Secure Element protects private keys from all known remote and physical attacks. The documented risks for Ledger users are phishing targeting seed phrases and approving malicious transactions without reading them. Both are addressed by Clear Signing and Transaction Check on current touchscreen models.
Can a Ledger hardware wallet be hacked?
No remote hack of a Ledger device has been documented. Physical attacks require a specialised laboratory, chip decapsulation equipment, and months of technical work, making them impractical against most individual holdings. The documented Ledger incidents in 2020, 2023, 2025, and 2026 were breaches of commercial data systems, not the hardware. Private keys stored on Ledger devices were not affected.
What is CC EAL6+ certification?
CC EAL6+ (Common Criteria Evaluation Assurance Level 6+) is an independent security certification for chips. An accredited external laboratory performs months of hardware attack testing, including side-channel analysis, fault injection, laser attacks, and chip decapsulation, and certifies that the chip resisted these techniques. It is the same standard used in passports, bank cards, and government ID systems globally.
What is Ledger OS (formerly BOLOS)?
Ledger OS is the custom operating system running inside the Secure Element on all Ledger devices. Formerly called BOLOS (Blockchain Open Ledger Operating System), it was rebranded to Ledger OS in 2025. It isolates each coin application in a separate sandbox so that a vulnerability in one application cannot access another application’s keys. Ledger OS was audited by Synacktiv in January 2026.
What did Ledger Donjon find in the TROPIC01 chip?
Ledger Donjon used a laser fault injection attack with a 1064 nm infrared laser aimed at decapsulated silicon to bypass Ed25519 signature verification on the TROPIC01 Secure Element used in the Trezor Safe 7. This enabled arbitrary firmware execution. User funds were not at risk as the chip’s secret storage remained secure. Tropic Square issued a firmware mitigation and is developing revised silicon for late 2026. CVSS 3.1 base score: 5.7 (Medium).
Is Ledger preparing for post-quantum cryptography?
Yes. Ledger Donjon has published a two-part research series on PQC side-channel vulnerabilities, demonstrating that quantum-safe algorithms require hardware-level physical protection to be secure in practice. Ledger OS is designed to support firmware-based algorithm updates. The current challenge is implementing PQC algorithms within constrained Secure Element environments without introducing new physical side-channel vulnerabilities.
What does Ledger Donjon do?
Ledger Donjon is Ledger’s in-house offensive security research team. It attacks Ledger’s own products continuously to find vulnerabilities before external adversaries do. It conducts security research on third-party hardware, including the TROPIC01 Secure Element audit completed in early 2026. Donjon publishes all findings publicly at donjon.ledger.com and maintains an active bug bounty programme.
What is the Secure Screen on Ledger?
The Secure Screen is the E Ink touchscreen on current Ledger signers (Nano Gen5, Flex, Stax) driven directly by the Secure Element chip, not by any external device or computer. This means the display cannot be manipulated by malware on a connected phone or computer. What you see on the Secure Screen is what the SE has verified, making it the trusted display surface for Clear Signing.
Expert Verdict: How Secure Is Ledger Hardware Wallet Security in 2026?
Based on a review of Ledger Donjon’s published research and Ledger’s official security documentation as of June 18, 2026, here is a technical assessment of the current state of Ledger security.
Strengths
- Hardware root of trust: CC EAL6+ Secure Element on four of five current devices is the strongest independently certified physical security baseline in consumer hardware wallets.
- Secure Screen architecture: The SE-driven display is architecturally more secure than MCU-driven displays used by most competitors. A genuine and consistently underappreciated differentiator.
- Application isolation: Ledger OS’s sandboxing model contains vulnerabilities within a single coin’s application. A vulnerability in the Ethereum app cannot reach Bitcoin keys.
- Clear Signing as ecosystem standard: Transferring Clear Signing stewardship to the Ethereum Foundation was a significant trust move with lasting ecosystem benefit.
- Donjon research credibility: The TROPIC01 laser fault injection finding and the ML-KEM PQC side-channel series are contributions that advance the entire field’s understanding of physical security requirements.
- Layered defence: The combination of hardware certification, OS isolation, Secure Screen, Clear Signing, and Transaction Check creates a system where defeating any single layer does not compromise the whole.
Weaknesses
- Closed-source firmware: Community auditability of the signing implementation is not possible. External audits compensate but do not replace open community review.
- No deployed PQC: While Donjon’s research is advanced, no post-quantum algorithm has been deployed on any current Ledger device. Trezor has shipped quantum-resistant firmware signing.
- Third-party commercial infrastructure: Four separate incidents since 2020 have exposed customer data through commercial vendors. The hardware is secure; the surrounding business operations have produced four separate data exposures.
- Nano X: EAL5+ certification instead of EAL6+, no touchscreen, no Secure Screen architecture, and no Transaction Check. Still a secure device, but meaningfully behind the current generation.
Final Assessment
Ledger’s security model is multi-layered, independently certified, continuously tested by one of the most credible offensive security teams in the hardware wallet industry, and forward-looking on post-quantum threats. For the vast majority of retail crypto users in 2026, it represents the strongest available combination of hardware security, user-facing signing transparency, and ecosystem depth.
For users who require fully open-source firmware auditability, Trezor Safe 5 and Foundation Passport are appropriate alternatives. For open-source silicon, with the context that its TROPIC01 chip has a disclosed and mitigated vulnerability: Trezor Safe 7. For air-gapped Bitcoin-only sovereignty: Coldcard Q.
Sources and References
This complete technical guide is based on primary sources and official documentation as of June 18, 2026:
- Ledger Donjon. (June 3, 2026). Laser Fault Injection on the TROPIC01 Open-Source Secure Element. Available at: https://donjon.ledger.com/blog/tropic01-laser-fault-injection/
- Tropic Square. (June 3, 2026). TROPIC01 Security Advisory: LFI Vulnerability Disclosure and Mitigation. Available at: https://www.tropicsquare.com/news-and-events/tropic01-security-advisory-lfi-vulnerability-disclosure-and-mitigation
- Google Quantum AI. (March 31, 2026). Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities: Resource Estimates and Mitigations. Available at: https://quantumai.google/static/site-assets/downloads/cryptocurrency-whitepaper.pdf
- NIST. (2024). NIST IR 8547: Transition to Post-Quantum Cryptography Standards (Initial Public Draft). Available at: https://csrc.nist.gov/pubs/ir/8547/ipd
- LedgerHQ. Ledger OS Third-Party Audit Reports – Synacktiv Assessment (January 2026). Available at: https://github.com/LedgerHQ/Ledger-OS-third-party-reports
- Sygnia. (February 2025). Investigation Report: Bybit Safe{Wallet} Exploit. Available at: https://www.sygnia.co/blog/sygnia-investigation-bybit-hack/
- Ledger Donjon. (2026). Side-Channel Analysis of Post-Quantum Cryptography Implementations (Parts 1 & 2). Available at: https://www.ledger.com/blog-risk-side-channel-attacks-post-quantum-cryptography
- Ledger. (April 2026). Post-Quantum Cryptography Readiness – Analysis by CTO Charles Guillemet. Available at: https://x.com/P3b7_/status/2047280946110447962
Additional technical references include Ledger’s official security whitepapers, Common Criteria certification reports for the Secure Element chips, and public coordinated vulnerability disclosures from Ledger Donjon.
Disclaimer: This article is for informational and educational purposes only and does not constitute financial, investment, or security advice. The information reflects the author’s independent analysis as of June 18, 2026. Cryptocurrency self-custody involves significant risks. Hardware wallets reduce certain threats but cannot eliminate user errors, such as phishing or loss of recovery phrases. Always DYOR, verify devices through Genuine Check, and purchase only from official sources. The author is not affiliated with Ledger or any of the mentioned companies. No guarantees are made regarding security or future performance. Use this information at your own risk.