EP - 74
How the Ledger Donjon keeps the space safe
with
Charles Guillemet
CTO at Ledger
May 12, 2023
On this episode of On The Ledger, Ledger CXO Ian Rogers and CTO Charles Guillemet provide a deep dive into a critical vulnerability in the Trust Wallet browser extension, discovered and disclosed by Ledger’s own security research team, the Ledger Donjon. They unpack the technical details of the exploit, the intricate process of responsible disclosure that protected users, and the fundamental security principles that differentiate hardware and software wallets. This discussion serves as a crucial lesson in why robust security practices and truly random key generation are non-negotiable in Web3.
“I think this is the most critical vulnerability you could imagine.” – Charles Guillemet
Key Highlights:
The Discovery: A Needle in a Digital Haystack?
The Ledger Donjon’s mission is to strengthen the entire Web3 ecosystem, which involves auditing both Ledger’s products and other popular software in the space. The discovery of the Trust Wallet flaw wasn’t a lucky accident, but the result of a methodical security audit.
Because the extension’s code was open-source on GitHub, the Ledger Donjon team was able to analyze its cryptographic implementation. As Charles explains, experienced researchers follow a standard playbook:
“This is always the same pattern: you know where to look, you know what to look for and then it is quite straightforward…” – Charles Guillemet
The Critical Flaw: From 256 Bits of Security to Just 32
The security of a crypto wallet rests on the uniqueness and unpredictability of its 256-bit seed phrase. The number of possible 256-bit seeds is astronomical—larger than the number of atoms in the universe—making it impossible to guess. The Ledger Donjon team discovered a flaw in the Trust Wallet extension’s code that reduced the security from 256 bits to just 32 bits of entropy. This shrunk the pool of possible keys from a near-infinite number to a mere four billion.
While that sounds large, Charles notes that a computer would only need a few minutes to an hour to generate all four billion possible keys. An attacker could then monitor the blockchain for any addresses created from this limited set and drain the funds from every single user who had generated a wallet with the vulnerable extension.
The Race Against Time: Responsible Disclosure in Action
Upon discovering the flaw, the Ledger Donjon team followed the industry-standard process of “responsible disclosure.” They privately contacted Trust Wallet, beginning an embargo period (typically 90 days) to allow the vendor to fix the issue and warn its users before the vulnerability was made public. This involved a major challenge: how to alert non-custodial wallet users without tipping off attackers? Trust Wallet updated the extension to display a warning and helped users migrate funds. This collaborative effort, as Charles states, “most likely avoided the biggest hack in the history of the crypto ecosystem.”
The Ledger Difference: True Randomness in Hardware
This incident highlights the inherent risks of software-based key generation and underscores the security of Ledger’s hardware. Ledger devices don’t rely on a computer’s software to create randomness. Instead, every Ledger device contains a Secure Element chip with a True Random Number Generator (TRNG).
This specialized hardware component uses physical, real-world phenomena—the “physical jitter” from multiple free-running oscillators—to produce unpredictable, high-quality entropy. This process is certified to the highest standards (AIS-31) and includes regular self-tests to ensure that randomness is never compromised. It’s this verifiable, hardware-based randomness that ensures a user’s private keys can never be guessed, calculated, or predicted, providing a foundation of security that software alone cannot match.
Watch the episode here:
Reading List
Learn more about these topics mentioned in the episode, or explore our library of articles on Ledger Academy.