Raising the bar for security with Ledger Swap

08/16/2021 | Vault

With Ledger Swap you can exchange coins in Ledger Live, easily and securely. Swapping coins is as easy as sending a transaction. It requires no address verification while enhancing the state of the art security.

Ledger swap showcases the power of end-to-end security built right into Ledger Live and your Ledger hardware wallet.

What is swap?

Swap allows users to quickly exchange one crypto asset for another. It doesn’t require you to move your funds to an exchange first and then trade your asset with a supported pair.

Instead, with a swap you send the crypto asset you wish to exchange in one transaction after which you receive back another. This all happens by sending a single swap transaction directly from your wallet.

How do swaps work?

The general principle is quite simple. There are third parties that offer swaps as a service. If a user wants to swap BTC for ETH , the third party offers a rate for that exchange, including a commission. For example, they may offer to swap 0.05 BTC for 0.14 ETH.

To accept the offer, the user has to provide the address where to receive the ETH and send 0.05 BTC to the address provided by the swap provider.

Security analysis

From a user’s perspective, a swap consists of:

  1. Signing an outgoing transaction (send BTC)
  2. Providing a receive address (receive ETH)

Most hardware wallet users know that these two operations are sensitive. They require basic checks to ensure an optimal level of security:

The main issue when swapping BTC against ETH is that the addresses are fetched by the wallet interface (e.g. Ledger Live). So if this wallet is compromised, an attacker could replace one of the addresses by his own.

Attack scenario where an attacker replaces the ETH address
Attack scenario where an attacker replaces the BTC address

As the user’s address is automatically sent to the swap provider by Ledger Live, the user has no means of verifying the address on the hardware wallet. Without countermeasures, the user would have no way of protecting against a malicious address replacement.

This issue is common to all wallets, whether they are hardware or not. How can addresses be exchanged securely and in a user-friendly way?

To solve this problem, we developed the world’s first swap integration with end-to-end security.

Swap with end-to-end security

The overall mechanism is quite simple and described in the following steps.

Swap with your Ledger hardware wallet

1- The swap operation is initiated by Ledger Live, which communicates with the swap provider API to get the exchange rates. “How much ETH for 0.005 BTC?”

2- The swap provider answers with a swap offer: “0.14 ETH for your 0.005 BTC”. The user can then accept the offer and continue to confirm the swap.

3- The Exchange app must now be opened on the device. This is where the secure part of the transaction happens: the Secure Element generates a transaction ID and sends it to the swap provider along with the necessary information for performing the swap request information:

4- The provider answers with a swap offer. It constructs a payload containing the final information for the swap:

The provider sends back this signed payload to Ledger Live which in turn forwards it to the hardware wallet.

5- After receiving the signed payload, the Exchange app running inside the Secure Element verifies the signature of the payload using the provider’s public key and the transaction ID. This public key is certified by Ledger and the public key to verify this certificate is stored in the Exchange app.

6- The Exchange app displays the amounts of the swap transaction so the user can validate them. In the background, the application automatically verifies that the user’s Ethereum and Bitcoin addresses are indeed managed by the device, so the user does not have to verify them manually. The provider’s addresses are trusted thanks to the provider’s cryptographic signature.

7- Finally, the swap operation can now be executed. The Exchange app calls the Bitcoin app to compute the transaction’s signature, which it returns.

8- Once the swap provider has received the BTC, it will send back the ETH, and all the operation details are then displayed in Ledger Live.

And voilà, you just performed a swap securely!


We’ve shown how to implement end-to-end security on a Swap operation in Ledger Live while also improving user experience.