Security Isn’t Static: Why The Ledger Donjon Never Stops Testing
Blog postsBefore You Dive In:
- Security in the digital asset space is not a static goal but a constant race against evolving physical and mathematical attack vectors.
- The transition into the eras of Quantum Computing and Agentic AI requires new defensive frameworks to ensure that humans remain the ultimate signing authority.
- The Ledger Donjon serves as the front line of this defense, conducting continuous, high-intensity penetration testing to ensure the security model stays ahead of the industry’s most sophisticated threats.
Ledger operates under a simple, sobering truth: security is never a static goal, but a continuous effort to stay ahead of the latest breakthroughs in physics and computation. The Ledger Donjon Origin Story documented the founding of this dedicated attack lab of white hat hackers; today, that vision is realized through a proactive, relentless assault on Ledger’s own defenses.
The philosophy is straightforward: if Ledger does not break its products, someone else will. This mentality is what keeps assets safe in an environment where one vulnerability could have ruinous effects. To maintain this edge, the Donjon focuses on the front lines where digital code meets physical reality.
The Front Lines: Defending the Physical Realm
Security is often thought of as purely digital code. For the Ledger Donjon, however, the battleground is frequently physical. To protect a secret, the environment in which it lives must be protected. This means defending against attacks that don’t just target the “what” of a transaction, but the “how” of the hardware itself.
Side-Channel Attacks
Even the most perfectly designed cryptographic algorithm can leak information if the hardware and software in question aren’t properly implemented. Targeting hardware is precisely what side-channel attacks attempt to do.
Essentially, as a chip processes sensitive data, it emits signals, such as changes in power consumption or electromagnetic emanations. By analyzing these physical footprints, an attacker can reconstruct a private key without ever breaking the encryption.
While the physical signals always exist, the Donjon utilizes state-of-the-art laboratory equipment and attack methods to verify that no side-channel attacks on the cryptographic implementations are possible.
Case Study: Breaking Trezor One with Side-Channel Attacks | October 2018
This Donjon security evaluation focused on profiled side-channel attacks (SCA) targeting the PIN verification function on a Trezor One hardware wallet. Researchers first measured power consumption leakage during the comparison of digits within the firmware. They then used machine learning to characterize and retrieve the user’s PIN within minutes.
The impact of this vulnerability was significant, as it meant an attacker with physical possession of a stolen device could bypass standard security limits. While the Trezor One is designed to wipe data after 16 failed entries, this side-channel method successfully reconstructed the full PIN in an average of 5.5 to 10 attempts. Furthermore, the research identified vulnerabilities in elliptic curve point multiplication that could lead to full private key recovery.
After responsible disclosure by the Donjon, Trezor mitigated these findings through a firmware update released in March 2019.
The Quest for True Randomness (Entropy)
In the world of self-custody, security is only as good as randomness. If the process used to generate a 24-word recovery phrase, known as entropy, is predictable or even just good enough, a sophisticated attacker can recreate those keys.
Entropy flaws are a silent killer in the crypto industry, so Ledger does not simply trust that a chip is producing random numbers. The Donjon meticulously verifies the mathematical foundations of every key generated within the Ledger ecosystem. These numbers are subjected to rigorous statistical testing to ensure they are truly unique and unpredictable.
Case Study: Trust Wallet Browser Extension Entropy Flaw | November 2022
The Ledger Donjon discovered a critical vulnerability in the Trust Wallet browser extension’s seed generation process. The flaw involved using a “Mersenne Twister” random number generator within the browser’s WebAssembly (Wasm) backend. While efficient for general tasks, this specific generator is predictable and lacks the cryptographic strength required to secure financial assets.
In this case, the generator was seeded with only 32 bits of entropy. This limited the total number of possible mnemonics to approximately 4 billion, a space small enough to be brute-forced in a matter of hours using consumer-grade GPUs.
The impact was severe, as an attacker could compute the private keys for every wallet created with the extension without any user interaction. At the time of discovery, approximately $30 million in assets across multiple blockchains (including Ethereum and Binance Smart Chain) were at risk.
Following responsible disclosure in November 2022, Trust Wallet patched the extension to prevent new flawed seeds and later issued a public post-mortem in April 2023, offering reimbursements for impacted users.
PIN Bypass and Hardware Forensics
Security must hold even when an attacker has physical possession of a signer and unlimited time. This is where the grit of hardware forensics comes in. The Donjon team employs techniques like voltage glitching and laser injections to test hardware resilience.
The goal is to identify and close any path an attacker might use to bypass a PIN check or force the chip to output secrets during a state of malfunction. By successfully defending against these fault attacks in the lab, Ledger ensures that the PIN remains an impenetrable gatekeeper in the real world.
Case Study: Tangem Card Brute-Force Vulnerability | June 2025
The Donjon discovered a flaw in Tangem cards, allowing an online brute-force attack. By abruptly cutting power during command processing (a process known as “tearing”), researchers were able to bypass the card’s security delay mechanism, which normally increases wait times after failed attempts. This allowed the team to distinguish between correct and incorrect passwords using electromagnetic emission analysis without triggering any lockout.
This exploit results in a significant acceleration of password cracking: the attack enables 2.5 attempts per second, reducing the time to crack a 4-digit PIN from five days to just one hour. Because the cards are not upgradable, existing hardware cannot be patched. Users are advised to adopt strong, 8-character alphanumeric passwords to mitigate the risk. Tangem acknowledged the report but ultimately disputed the classification of the flaw as a high-risk vulnerability.
What does post-quantum computing actually mean in daily life? Kicking off a series on PQC in hardware signers. @DonjonLedger explores what matters in practice: implementing PQ signatures inside Secure Elements under real embedded constraints and threat models. 🧵 pic.twitter.com/9uGtbXUzf5
— Charles Guillemet (@P3b7_) February 27, 2026
Future-Proofing I: The Quantum Horizon
The threats of today are significant, but the Donjon is already looking toward the horizon of Quantum computing. While a cryptographically relevant quantum computer does not exist yet, the industry faces a “harvest now, decrypt later” scenario. Under this threat, malicious actors record encrypted traffic today and wait for the day a quantum computer can break the underlying math.
To stay ahead of this timeline, Ledger is actively researching Post-Quantum Cryptography (PQC). The challenge is immense, as complex new PQC signature standards must fit into the highly constrained, secure environment of a Secure Element chip. By developing these defenses now, Ledger ensures that the digital signatures used today will remain valid and secure in a post-quantum world.
— Charles Guillemet (@P3b7_) February 9, 2026
Future-Proofing II: Security in the Age of Agentic AI
As the era of Agentic AI arrives, where AI agents can think, search, and propose financial transactions, the security model must evolve. The danger is clear: if a user gives an AI agent their private keys, they have surrendered their sovereignty.
To preserve this sovereignty in an automated future, Ledger champions the “Agents Propose, Humans Sign” model. In this framework, the AI agent can do the heavy lifting, such as finding yield, navigating a swap, or managing a payment, but it never has independent access to your private keys. Instead, your Ledger signer remains the secure gatekeeper of intent.
Donjon review and testing verify that the signer’s hardware enforcement cannot be tricked, thus ensuring that the human remains the ultimate authority, verifying every transaction before any value moves.
The Ledger Ecosystem: Secure Digital Ownership
Security is not a feature added to products; it is the foundation upon which the entire ecosystem is built, ensuring that the digital future remains exclusively in the hands of the user. This is why the Donjon’s work is the foundation of the entire Ledger ecosystem. By proactively identifying potential flaws in Ledger products, provider components, and even competitor hardware, the Donjon secures the concept of digital ownership itself.
Ready to see the hackers in action? Watch the YouTube series, Enter the Donjon, to go behind the scenes. See the lasers, the glitches, and the elite research that keep your digital assets safe from the threats of today and tomorrow.