An Inside Look Into the Surprisingly Friendly Rivalry Between Ledger and Trezor

Published at: June 2, 2020

Trezor and Ledger, two of the most prominent hardware wallet manufacturers, have long been locked in a rivalry.

As part of Cointelegraph’s interview with Charles Guillemet, the CTO of Ledger, he revealed that the relationship is more complex than it may seem at first. Despite the rhetoric, cooperation and respect can be found as well.

A collaborative rivalry

Guillemet said that he doesn’t know who started the rivalry, as it goes back to the “very beginning of the Ledger and Trezor companies.”

“I think things got more serious when I created the Donjon, which is our internal security team,” he conceded. The Donjon was one of the first innovations introduced by Guillemet when he joined Ledger, due to his belief that the only way to design a secure system is to “try to break it, again and again.”

While the Donjon focused on Ledger wallets, they also began looking at competitors’ products. “At the beginning that was mostly by curiosity. We just wanted to understand how they work,” he said.

That study resulted in the team finding vulnerabilities in “each single wallet that we looked at.” Guillemet noted:

“When you find a vulnerability, the right thing to do is to report it to the vendor. And that’s what we did.”

The vendors then fixed the vulnerabilities, even giving bounties to Ledger some of the time. Regarding Trezor, he mentioned a “battle of PR” between the companies, adding:

“At the end, one thing which is completely true, is that the wallet security of Trezor improved a lot thanks to us.”

While Guillemet did not remember the exact number of vulnerabilities reported to Trezor, he said they were about “six or seven.” All of them were patched except one, which was unfixable due to the fundamental design of Trezor’s chips.

Due to this, the Ledger team did not disclose its details, though they were independently reported a year later by Kraken’s security team.

Open source vs. security

The reason why the bug is unfixable is that Trezor uses a so-called MCU chip in its wallet, which is used in common household appliances and was not meant for secure data storage, Guillemet explained. When asked why, he said that this was a conscious design choice:

“They are of strong belief in open source philosophy, and when you use the Secure Element, you have to sign an NDA with the chip manufacturer, which prevents you from giving any information on what's going on inside the chip.”

The Secure Element used by Ledger contains many countermeasures, which an open source firmware would likely reveal. According to Guillemet, secure elements are unacceptable to Trezor as they want to maintain their software completely open.

Guillemet said that open source software is “a very good thing” and noted that he personally contributed to some projects. “But when you design a security device, I think security is the most important thing.”

While he conceded that open source software could be a security benefit due to the additional scrutiny, this is not enough:

“As it prevents you from using a dedicated Secure Element, at the end you end up with a less secure device.”

Guillemet shared that he has a “good relationship personally with people at Trezor,” referring to them as “very interesting guys” — even if the two teams’ philosophies are different.

Tags
Related Posts
Trezor Responds to Ledger Report on Vulnerabilities in Its Hardware Wallets
Prague-based crypto wallet manufacturer Trezor has responded to а report about hardware vulnerabilities from its competitor Ledger on Tuesday, March 12. Trezor claims that none of the weaknesses revealed by Ledger in a detailed report on March 10, are critical for hardware wallets. As per Trezor, none of them can be exploited remotely, as the attacks described require “physical access to the device, specialized equipment, time, and technical expertise.” Trezor further cites the results of a recent security survey performed in partnership with major cryptocurrency exchange Binance. According to the survey, only around 6 percent of respondents believe that physical …
Blockchain / March 12, 2019
Ledger Discloses Five Reported Vulnerabilities in Two Models of Trezor Hardware Wallets
Major hardware wallets manufacturer Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices, according to a report published on Monday, March. 11. As of press time, Trezor was not immediately available to comment on Ledger’s findings. The study states that the vulnerabilities were found by Attack Lab, the company’s department that hacks into both its own and competitors’ devices to improve security. Ledger claims that it has repeatedly addressed Trezor about weaknesses in their Trezor One and Trezor T wallets, and has decided to make them public after the responsible disclosure period ended. The first issue is related to …
Blockchain / March 11, 2019
What happens if you lose or break your hardware crypto wallet?
Hardware cryptocurrency wallets are known for granting users full control of their crypto and providing more security, but such wallets are prone to risks such as theft, destruction or loss. Does that mean that all your Bitcoin (BTC) is lost forever if your hardware wallet is lost, burned or stolen? Not at all. There are a number of options to restore cryptocurrency for someone who has lost access to their hardware wallet. The only requirement to recover crypto assets, in that case, would be maintaining access to the private keys. A private key is a cryptographic string of letters and …
Blockchain / June 14, 2022
Desktop Crypto Asset Manager Ledger Live Launches Mobile App Version
French cryptocurrency hardware wallet manufacturer Ledger has released a dedicated mobile app for some of its products, the company confirmed in a blog post Jan. 28. Dubbed Ledger Live, the app previously available for desktop is now available for Android and iOS mobile devices, the company reports. According to the blog post, the app allows users of Ledger Nano X wallets to use their wallet without the need for a cable via their mobile device and a Bluetooth connection. The first incarnation of the app primarily serves Nano X holders, while those with older Nano S or Ledger Blue can …
Blockchain / Jan. 29, 2019
NFT, DeFi and crypto hacks abound — Here’s how to double up on wallet security
The explosiveness and high dollar value of nonfungible tokens (NFTs) seem to either distract investors from upping their operational security to avoid exploits, or hackers are simply following the money and using very complex strategies to exploit collectors’ wallets. At least, this was the case for me way back when after I fell for a classic message sent to me over Discord that caused me to slowly but all too quickly lose my most valuable assets. Most of the scams on Discord occur in a very similar fashion where a hacker takes a roster of members on the server and …
Blockchain / June 22, 2022