Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

Penetration Testing

Apr 8, 2026 | Updated Apr 8, 2026
Penetration testing is a proactive security exercise where experts simulate a cyberattack to identify and fix vulnerabilities.

What Is Penetration Testing?

While standard security scans use automated tools to look for known bugs, penetration testing (or pen testing) involves human judgment and creativity. In this scenario, a tester thinks like a malicious actor, attempting to chain together multiple small weaknesses to gain unauthorized access or extract sensitive data.

In the digital asset space, penetration testing is important for ensuring the resilience of exchange platforms, smart contracts, and wallet infrastructures are resilient. As blockchain transactions cannot be reversed, finding a vulnerability through a penetration test before an attacker does can help prevent serious losses.

The goal of a pen test is not just to find a hole in the fence, but to see how far an intruder can get once they are inside. This helps organizations understand their true risk profile and effectively adjust their security.

How Does Penetration Testing Work?

A professional penetration test follows several distinct phases:

  • Planning and Reconnaissance: The tester gathers as much information as possible about the target. This includes identifying the IP addresses, software versions, and employee details that could be exploited.
  • Scanning: Testers use tools to understand how the target responds to various intrusion attempts. This helps them identify open ports and services that may be susceptible to attack.
  • Gaining Access: The tester uses web application attacks, social engineering, or network exploits to bypass defenses and prove that a vulnerability is actually exploitable.
  • Post-exploitation testing: The tester attempts to see if they can remain in the system long enough to achieve a specific goal.
  • Analysis and Reporting: The final step is a comprehensive report that details the vulnerabilities found, the data accessed, and the specific steps required to remediate the risks.

The Donjon: Ecosystem-Wide Penetration Testing

The Ledger Donjon utilizes penetration testing as an offensive research method. As Ledger’s internal team of white-hat hackers, the Donjon performs deep-dive pen tests not just on internal projects, but on hardware and software from across the entire crypto ecosystem.

Their work involves looking for logic flaws and integration errors in third-party providers and industry-standard protocols. By proactively attacking these systems in a controlled environment, the Donjon identifies critical weaknesses before malicious actors can exploit them.

Read the Ledger Donjon’s research on ecosystem vulnerabilities

Machine-to-Machine (M2M) Economy

The Machine-to-Machine (M2M) Economy is a marketplace where AI agents autonomously trade value, services, and data using cryptocurrencies.

Full definition

OP_Vault

OP_Vault is a proposed security mechanism for Bitcoin that would allow users to create extra protection for their Bitcoin.

Full definition

Bitcoin Inscriptions

Bitcoin inscription is the process of embedding arbitrary data or content onto a Satoshi, the smallest denomination of Bitcoin.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.