Donjon | 03/06/2026
The Ledger Donjon Origin Story
Discover the Ledger Donjon origin story, our elite white-hat hacking team that rigorously stress-tests hardware to keep your crypto secure.
Before You Dive In:
- Building secure hardware requires an attack-oriented mindset that proactively seeks out vulnerabilities before they can be discovered by malicious actors.
- The Ledger Donjon team utilizes specialized physical and digital techniques to stress-test hardware and software from Ledger, its providers, and other manufacturers to ensure industry-wide security.
- This world-class team keeps detailed records and constantly makes our security stronger, which is how we’ve sold over 8 million signers without a single hack.
Ledger believes that security is not a static destination but a continuous, evolving journey. While our signers are built on the most robust components available, history has shown that even the strongest systems can be breached if they aren’t constantly stress-tested against evolving attack vectors.
This realization led to the birth of the Ledger Donjon—a team of world-class security experts with extensive backgrounds in the smartcard and security industries.
Their mission is simple yet vital: analyze every part of the Ledger ecosystem—and the broader industry—to identify and fix vulnerabilities, making the entire crypto ecosystem safer for everyone.
The Origin Story
The story of the Ledger Donjon begins not in a high-tech fortress, but in a small, quiet room in Paris. When Ledger CTO Charles Guillemet (then-Chief Security Officer) founded the lab in 2017, the setup was humble: a few PCs, some specialized cables, and a clear vision.
At the time, the “wild west” of the crypto scene was booming, but security was often an afterthought: a static checkbox rather than a living process.
As Charles often says, “If you want to build secure products, you need to try to break them.” So he set about building a team that would act as the “final boss” for Ledger’s own engineers. This team would ultimately go on to help Ledger set the ultimate standard in security by thinking like the adversary.
Every morning, a team of elite hackers walks into Ledger HQ.
— Ledger (@Ledger) February 26, 2026
Their job: strengthen the security of every device we ship: and raise the standard for the entire ecosystem.
This is the Ledger Donjon 🧵 pic.twitter.com/JuLHZMrpAb
In building the Donjon team, Charles assembled a multi-disciplinary powerhouse where expertise overlaps and evolves. This elite unit operates as a collective force, blending deep mathematical cryptography with the hands-on grit of hardware forensics.
Within the lab, boundaries between roles are fluid: experts in reverse engineering collaborate with side-channel specialists to decode microscopic electrical signals, while those attacking the physical silicon with lasers work in tandem with software researchers to uncover hidden logic bugs designers never intended to exist.
This synergy, between the ability to dismantle a system’s software while simultaneously glitching its physical hardware, creates a level of scrutiny that no single expert could achieve alone. Working tirelessly in the shadows of the blockchain ecosystem, this team ensures that every transaction confirmation on your Ledger signer is backed by a battle-hardened framework that transforms brand reputation into verified technical certainty.
What does the Donjon Do?
The team’s work explores major attack vectors, including:
1. Software Attacks
Software attacks research unexpected behaviors in a system’s interfaces. By playing with code via reverse engineering, fuzzing, and static analysis, the Donjon identifies logic bugs that could force a program to behave in a way its designers never intended.
2. Side-Channel Attacks
A side-channel attack doesn’t target the algorithm itself, but the physical implementation of it. When a Ledger signer processes a secret key, it leaks measurable information—power consumption, heat, or electromagnetic emanations. The Donjon uses sophisticated sensors to “listen” to these leakages and ensure that no sensitive data can be reconstructed from physical signals.
3. Fault Attacks
Fault attacks involve perturbing a circuit during its execution of functionalities. By using high-powered lasers, voltage glitches, or temperature spikes, the team can “confuse” a chip into bypassing a security test or outputting an incorrect result. This allows us to harden our signers against even the most well-funded physical attackers.
Why Ledger Built the Donjon
Most consumer electronics companies rely solely on the security certifications provided by their component vendors. At Ledger, that approach is simply insufficient. While Ledger uses state-of-the-art secure hardware from external vendors, these components are often designed for banking or passports and not for the unique, high-stakes requirements of the crypto ecosystem.
The Donjon was created to challenge the assumptions of Ledger’s own engineers. By bringing together experts in cryptography, hardware security, and software engineering, Ledger has created a feedback loop where the hackers in the Donjon work directly with firmware and hardware developers. When a vulnerability is found in a lab setting, it is addressed with countermeasures before it ever ships to a user.
Open Security: Strengthening the Entire Industry
Ledger doesn’t believe in security through obscurity, so the Donjon operates under a philosophy of Open Security. Many of these attack tools and methodologies are available on GitHub so that the wider blockchain community can benefit from the Donjon’s extensive research.
Furthermore, the Donjon manages Ledger’s Bug Bounty program. By incentivizing the global community of security researchers to report vulnerabilities, it ensures that thousands of eyes are constantly watching over the Ledger ecosystem, reinforcing our internal efforts.
Secure Your Future with a Hardened Edge
In almost a decade of business and with over eight million signers sold, a Ledger signer has never been hacked. This record is the direct result of the Ledger Donjon’s tireless work to stay one step ahead of the hackers.
When you engage with the Ledger ecosystem – free from compromise – you benefit from the protection of an elite unit of white-hat hackers who spend every day fortifying the security of the products you use.
Ready to see the Donjon team in action? Watch our YouTube series, Enter the Donjon, to go behind the scenes and discover how Ledger is securing the future of digital assets through uncompromising security and innovation.