Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

Find us on...

your favorite streaming app

Spotify Youtube Soundcloud Iheart Apple Podcast Deezer Audius Google Podcast

EP - 84

The Crypto Security Journey - Assessing Evolving Digital Threats

with

Charles Guillemet & Mo El-Sayed
CTO & Head of Brand Development @ Ledger

Nov 07, 2024

On this episode of The Ledger Podcast, Ledger’s Chief Technology Officer, Charles Guillemet, joins for a masterclass in digital asset security. Charles pulls back the curtain on Ledger’s core security philosophy, from the offensive mindset of the Donjon security lab to the critical innovations needed to protect users in an increasingly complex Web3 world. It’s a must-listen for anyone who wants to truly understand the constantly evolving landscape of threats in crypto and how Ledger is building the technology to meet them.

“You cannot trust what’s on your desktop… maybe you have malware on your computer that makes you think that you’re about to swap while you are signing away your wallet. This is why our architecture doesn’t compromise with security because what is displayed on the screen comes directly from the secure element.”

Key Highlights:

The Ledger Donjon Philosophy

The conversation begins with the origin story of Ledger’s renowned security lab, the Ledger Donjon. Charles explains that to build truly secure products, you need an adversarial mindset. The Donjon team operates with a “white box” approach, meaning they have full access to a device’s code and architecture, and their mission is to find vulnerabilities before malicious attackers can. Charles also notes the dramatic evolution of threats, from early phishing attacks requesting 24-word recovery phrases to today’s highly sophisticated “crypto drainers” that trick users into signing malicious transactions, which can empty their entire account with a single signature.

“If you want to build secure products, you need to try to break them. This is the most efficient way to see if your design is as secure as you think.”

From Blind Risk to Clear Intent: The Critical Mission of Clear Signing

A core theme of the discussion is the danger of blind signing, a common but risky practice where users approve a transaction without fully understanding the underlying action. This lack of transparency creates a massive vulnerability for crypto users. “Are you claiming an airdrop, or are you giving a malicious contract permission to drain your wallet? As a user, I need to be able to distinguish those two things, which are very different,” Charles insists. To solve this, Ledger introduced Clear Signing—an open standard that allows wallets to decode and display transaction details in a human-readable format. This ensures that a user’s intent matches the on-chain action, transforming a moment of blind risk into one of informed consent.

More Than a Screen: How Ledger Stax & Ledger Flex Tackle Modern Threats

The evolution of threats necessitates an evolution in hardware. Charles explains how the large, secure touchscreens on the new generation of devices, Ledger Stax and Ledger Flex, are not just for aesthetics. Unlike a computer or phone screen, which can be manipulated by malware, Ledger’s secure screens are directly connected to the Secure Element, meaning that you can always trust what you see on them.

Your Data, Your Rules: Introducing the Keyring Protocol 

The discussion broadens from securing value to securing data and identity. Charles argues that the current internet model, where users trade their data for “free” services, is broken. To address this, Ledger developed the Ledger Keyring Protocol, a new technological building block that gives users sovereign control over their data. The first major application is Ledger Sync. This feature allows users to synchronize their Ledger Live accounts and settings across multiple devices (e.g., desktop and mobile) through end-to-end encryption. The data is synchronized without Ledger ever having access to it, fulfilling the promise of a user-centric, self-sovereign digital experience.

“We need to wake up,” he says, “privacy is a fundamental right.”

Watch the episode here:

Reading List

Learn more about these topics mentioned in the episode, or explore our library of articles on Ledger Academy:

 

Stay in touch

Announcements can be found in our blog. Press contact:
media@ledger.com

Subscribe to our
newsletter

New coins supported, blog updates and exclusive offers directly in your inbox


Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter. Learn more about how we manage your data and your rights.