Company | 10/23/2025
Security that Scales from Individuals to Institutions
Ledger's proven security model, protecting over 8 million devices with zero hacks, is being extended with Ledger Multisig
Before You Dive In
- Modern threats like malware (e.g., Thorchain) and blind signing (e.g., SwissBorg) are draining billions from software wallets and exchanges.
- Ledger’s multi-layered architecture is the only proven defense, keeping keys offline in a Secure Element and using Transaction Check and Clear Signing to prevent these exact attacks.
- This security model is proven by over 8 million devices sold with zero hacks, and relentlessly tested by our in-house team of white-hat hackers, the Ledger Donjon.
- We’re extending that security to startups, DAOs, and scale-ups with Ledger Multisig
When it comes to your crypto, there are only two options: Either use Ledger or get rekt.
The ways to get rekt are endless. Just last month, more than $100 million was stolen from individuals and institutions. For example, Thorchain’s co-founder lost $1.35 million in an instant after malware extracted his recovery phrase from his computer. He was using a software wallet. That’s how most people lose everything today, using software wallets or storing backups on connected devices.
Modern malware spreads through infected websites or downloads. Once inside, it scans your computer for secret recovery phrases and wallet backups.
That wouldn’t have happened with a Ledger signer.
Ledger’s Security Model
A Ledger signer keeps your recovery phrase completely offline, inside a Secure Element chip where no one can reach it. You sign every transaction with your own keys, protected by Ledger OS and verified on a Secure Screen.
And the attacks keep getting smarter.
Three weeks ago, a large-scale supply-chain attack compromised popular JavaScript libraries. The payload was designed to target your crypto, waiting for you to connect to a dApp and silently swap your transaction for a malicious one.
Ledger has the only secure device and software in the world that can prevent these attacks. Why?
Firstly, with Transaction Check, the transaction is analyzed before you approve it, and the result is shown directly on your signer’s Secure Screen. It will flag any anomaly, scams, and potential risks. Then Clear Signing shows the details in plain language, so you always know exactly what you are agreeing to.
It turns confusion into clarity and protects you from the invisible risks of the Internet today.
Even when you do everything right, one fear remains, losing access. Your Secret Recovery Phrase is the foundation of digital ownership, yet those 24 words can be intimidating. That’s why, every new Ledger signer now includes the Ledger Recovery Key, a secure, encrypted spare key that gives you peace of mind if your device is lost or replaced, without ever surrendering control.
Today, most people store their crypto on insecure devices, leaving hundreds of millions exposed to key loggers and drainers. Last year, $2.2 billion was stolen. This year we’ve already passed that number. A Ledger signer is the only architecture that stops these attacks, proven by a decade of zero hacks with over eight million devices sold.
Security That Scales from Individuals to Institutions
The risk isn’t just to individuals, but also to institutions. Last month, SwissBorg lost $41 million by blindly approving a transaction they thought was routine. Three years ago at Ledger Op3n, I predicted that the higher the rewards, the smarter the attacks. The Bybit hack, $1.4 billion dollars lost from a single blind signature, proved it. The code worked perfectly; the blind lack of clarity didn’t.
With Clear Signing, or Ledger Enterprise, it would never have happened.
I regularly meet with founders and CFOs securing company treasuries with a single key and no secure governance. These are preventable mistakes.
Ledger: Security without Compromise
Security isn’t just about hardware or software, it’s also about people.
Behind every Secure Element, every line of our Ledger OS, every Secure Screen, there is a team that never stops thinking about how it could go wrong, and how to stop it before it does.
That’s the Ledger Donjon — our in-house lab of security researchers breaking everything we build, so no one else can. They’ve made Ledger the global benchmark for digital security, protecting individuals, teams, and institutions.
Preventing these mistakes is our mission. It’s why we extended our trust architecture from individuals to institutions with Ledger Enterprise—applying the same core principles to deliver governance, auditability, and control at scale for the world’s largest players. And now, as we announced at Ledger Op3n, we’re extending that security to startups, DAOs, and scale-ups with Ledger Multisig, the simplest, most secure way for teams to make collective decisions on-chain.
Whether for an individual, a team, or an institution, our promise remains the same: a seamless user experience, with zero compromise on security. That is the foundation of trust. Find out more about Ledger Multisig.