Trezor vs Ledger
If you are a one of the many cryptocurrency investors out there, you would have definitely heard of hardware wallets which allow you to store your cryptocurrencies safely and physically preventing hackers from stealing your private key and crypto coins. This review will pit two of the best crypto hardware wallets out there against each other which are the Ledger wallets and the Trezor wallets. We will be looking at the features, supported coins and ease of use of the both of the wallets to determine which one is better.
The main difference between Trezor vs Ledger is that Trezor is open source, a Ledger wallet runs their own proprietary firmware using open source apps.
Before we dive deep into the Trezor vs Ledger review, it is important to know how Hardware Wallets actually work?
How do Hardware Wallets Work?
Most cryptocurrency wallets split into two main types which are hot wallets such as Exodus and Jaxx which are wallets that are easier to perform transactions on since they are connected to the blockchain over the Internet. However, this fact also makes it easier for hackers online to access hot wallets so they are more prone to attacks and theft.
Cold wallets on the other hand are wallets that are not connected to the internet and can only be physically accessed and are isolated from the blockchain and any other internet network. As such, cold wallets are actually safer to be secured over the long term. They are however more complicated to set up and slightly harder to perform transactions on compared to hot wallets.
Hardware wallets are more of a choice between hot and cold wallets which provide a lot of ease of use advantages which include the simplicity of performing transactions comparable to a hot wallet while also maintaining security features of a cold wallet. Hardware wallets randomly generate and store the private key inside a system called a microcontroller which prevents the exposure of their private keys to an external component.
A hardware wallet completes a transaction by initiating a signed message to either your PC or smartphone depending on how the transaction was initiated and it does not need to be connected to the Internet in doing so.
Another further advantage of this is that private keys are never being openly shown to the user. As such, the only way for a person to access the hardware wallets would be to enter a 4-8 digit pin depending on the hardware wallets’ brand. A safety feature is put in place in which if a PIN is not entered correctly for a specified number of times that varies between brands and types, the wallet will reset itself, locking its access to users and erasing all of the data of crypto assets in it. This security feature protects the wallet from brute force PIN hacking in case it falls into the wrong hands.
In order to prevent accidentally erasing information on hardware wallets, a recovery seed phrase usually comes with the hardware wallets which is a 12-24 word sequence. The recovery seed allows a user to restore the wallet back to its previous state. This word sequence however is only presented once and users are expected to either note it down and keep it for safety or either memorize the seed.
Both Trezor and Ledger utilise these basic principles and looking at their physical qualities when comparing Trezor vs Ledger but there are not much differences as both hardware wallets are powered through a USB port and also provides trusted display and physical buttons on the hardware wallets for either confirming or rejecting the signing of transactions.
As such, this Trezor vs Ledger review will go through some of the significant differences in both terms of hardware and also implementation.
Hardware Implementation of Trezor and Ledger
The first products released by both Trezor and Ledger were the Trezor One, Trezor model T and the Ledger Nano S.
Both the Trezor One and Trezor Model T are designed on a single-chip base and utilise standard ARM Cortex M 32-bit general purpose microcontroller in order to create, generate and store private keys as opposed to future models such as the Ledger Nano S. The Trezor One utilises the STM32F205 while the Trezor Model T utilises the STM32F427, which are different from the chips used in the Ledger Nano S.
The Ledger Nano S models, utilise a double-chip base architecture. The first chip configured for the Ledger Nano S is the general purpose 32 bit micro-controller which is the sort of the same type of chip as the one found on the Trezor Model T while the second chip architecture is a Secure Element (ST31H320) bank grade Secure Element. The first chip focuses more on generating private keys while the second chip focuses more on storing the private keys.
One advantage of having the Secure Element (SE) on the Trezor vs Ledger comparison is that they score an EAL6+ common criteria (CC) certification while if we include the dual-chip base architecture in the Ledger Nano S, it will be a lower EAL5+ certification. In this case, we are not able to compare the certificate level of the Ledger Nano S vs Trezor devices as Trezor devices do not possess Security Enclave.
As a general rule of thumb when comparing Trezor vs Ledger , the ST31 SE in the Ledger Nano S is designed to be more resistant to hacks or attacks that are hardware-based if compared to general purpose MCUs, such as the traditional STM32 micro controllers that are not used by the Ledger Nano S. Studies and researchers by experts and security specialists have been able to determine that STM32 series MCU employs security schemes which are more vulnerable to attacks.
Trezor vs Ledger – Hardware Security and Non-proprietarySoftware
There has been a long standing discussion of the pros and cons of utilising either secure hardware or non-proprietary software. Comparing Trezor vs Ledger, the Trezor hardware wallet utilises the non-proprietary software ideology and they do not implement any closed components such as the Security enclave and also utilising non-proprietary firmware and applications to design a Trezor wallet.
On the other hand, Ledger believes that a Secure element secret hardware components offers generally better overall security compared to a Trezor wallet with non-proprietary general purpose MCU software. In order to preserve the integrity of the Secure Enclave, Ledger restricts access to some parts of the hardware and software of the hardware wallet. What this does is that Ledgers manages to protect the hardware wallet’s secrets from extraction or theft while still preventing all key features and operations from being compromised.
Trezor vs Ledger – Advantages and Disadvantages
Trezor’s use of non-proprietary software means that their apps are publicly available and allows for thorough and rigorous reviews from peers throughout the developer community. This forges cooperation to the potential discovery of any loopholes or bugs during implementation and process is faster to make any patches and fixes.
The downside to this is that it would expose Trezor’s key designs and aspects during the implementation, which includes any details or designs that should be kept secret. This information may fall into the wrong hands and thus will make way for any exploitation of loopholes in the system.
Ledger’s approach makes it very hard for anyone to carry out hardware-based attacks on the Secure Element since design of the under-the-hood SE as well as components of the Ledger Firmware were not made available to public users.
On the other hand, such secret components hidden from the general community would slow down any process of detecting a possible loophole within the general community and provide possible and suitable fixes.
Experts in the cryptocurrency hardware wallet field have criticised this strategy of providing security through hiding information as its users are required to blindly trust the company to correctly implement the hardware and software without having any knowledge or information of the firmware.
The company which manufacturer the Secret Enclave (STMicroelectronics) have endorsed such a philosophy, and as such, Ledger did show its willingness to support and utilise non-proprietary elements on their products. A good example would be that all applications being run on Ledger devices are actually non-proprietary and according to the Chief Executive of Technology of Ledger, most of their future firmware will be non-proprietary as well.
However, the fact cannot be ignored that Ledger has had a history of not always providing clear and concise details when new vulnerabilities are actually discovered on their firmware. In response to this, Ledger has stated that this is done in order to minimize potential vulnerabilities of the firmware and prevent any future potential hackers from exploiting them.
Trezor vs Ledger – Dealing with Different Attacks
A Trezor wallet or a Ledger wallet both need to implement features into their hardware wallets to prevent attacks from a wide variety of sources which are mainly divided into two types.
Remote Attacks which is when the attacker is trying to steal information from your wallet and/or cryptocurrency assets by compromising the entire system.
Direct/Physical attacks are when an attacker somehow manages to gain physical access to the hardware wallet and attempts to tamper or rig either the hardware or software of the device.
When comparing Trezor vs Ledger, both hardware wallets have protection in place in order to protect against these types of attacks. Trezor and Ledger do this by having private keys securely stored within the hardware wallet and not exposing the keys to a PC or smartphone when they are connected to the hardware wallet.
As such, the only way for a user to perform a transaction, they will be required to verify the recipient address through the display on the hardware wallet and then utilising the two buttons that are present on the hardware wallet to either confirm or reject the transaction.
Once connected to either a PC or smartphone, the only information they receive will be a signed message. As such, even if your PC or smartphone gets infected with a virus or another form of remote attack, your crypto assets will be 100% safe while using a Trezor wallet or Ledger wallet as long as they are physically untampered.
When comparing Trezor vs Ledger, if both wallets have physically tampered hardware, your assets will be vulnerable to a whole new variety of attacks which can happen in two ways.
Supply Chain Attacks where before you receive your wallet,it was tampered with somewhere along the supply chain whether it be during transit on a logistics company or when stored in a company warehouse.
Unauthorized Physical attacks is when after initial set up and verification processes, an attacker manages to gain access to your wallet.
When comparing Trezor vs Ledger, both have taken steps in order to prevent supply chain attacks. A trezor wallet utilises tamper-evident seals on their packages in order to indicate potential breaches within their supply chain. This means that if a seal is broken, it may indicate that the device within the packaging might be compromised. On top of this, a Trezor wallet is sealed using industrial glue which makes it difficult for any attackers to replicate and put back together the seal after tampering with the Ledger wallet.
A Ledger wallet utilises the Secure Element to design a trusted computer base which can be signed and validated through cryptographic proofs. A user is able to verify the integrity of a Ledger Device by performing an attestation check using this cryptographic proof. On top of this feature, the Ledger wallet automatically checks for the integrity of a computer if it is connected to one and only allows you to proceed if the attestation check is done successfully.
This is how Trezor vs Ledger both employ their countermeasures against supply chain attacks. However, it is possible for your Trezor wallet to be compromised through third party malicious attacks on the physical access of your hardware wallet after you set up your device. These physical attacks can mainly be done in two ways.
Theft, which is when your hardware wallet containing your crypto assets is being stolen permanently from you.
Evil Maid Attack, which is when an attacker temporarily gains physical access to your wallets without your knowledge in order to compromise your device. They would then replace it with a fake device that may have a wireless transmitter input and once you enter your pin/passphrase in order to access your private key, all the data input into the fake device could be transmitted to the attacker.
If an attacker was to successfully steal your device, they would have more time to conduct an attack using expensive lab equipment.
In both of these scenarios, both Trezor vs ledger have placed proper countermeasures in order to minimise the risks. The first layer of protection for both wallets would be having a secret PIN that is required to be inputted by a user before the contents of the wallets can be accessed. To prevent brute force PIN attacks on their wallets, Trezor and Ledger have designed the PIN system to be programmed for reset and wipe all contents within their wallets if the wrong PIN is entered wrongly for x amount of times.
On top of the Pin system, wallets from both Ledger and Trezor utilise encryption protocols to protect their wallets against potential extraction of a private key via physical attacks. This security element is further enhanced by Ledger’s storage of a user’s private key in a bank-grade Secure Element.
An Evil-Maid attack who has less time to perform an attack and might have no access to complicated equipment may compromise your device in order to trick you into giving away the device’s secrets.
Until recently, it was difficult for users to detect whether or not the software run on Trezor One wallets are genuine. Attackers who are aware of this loophole will be able to take advantage of this and then proceed to compromise the Trezor software version while hiding this fact from the user.
Trezor has however, recently released the Version 1.6.1 firmware which verifies the authenticity of a bootloader which in turn verifies the firmware signature to ensure both software parts are running a genuine and untampered code. Additionally a Memory Protection Unit or MPU within the Trezor device will now enforce an easy to use write-protection on the MCU in a way that only a firmware which is signed by Satoshilabs (The parent company of Trezor) will be allowed to modify any sensitive parts of the memory.
Moreover, Ledger utilises protocols to prevent an evil maid attack such as the automated attestation check. Ledger does this by having its wallets detect potential compromised software or hardware whenever it is connected to a computer or smartphone.
Security exploits and steps Ledger and Trezor has taken to mitigate them.
Both Security researchers and experts have agreed that both Ledger and Trezor devices are still vulnerable to many types of security exploits. Whenever an exploit or loophole is discovered, both Ledger and Trezor’s developer teams have provided timely and quick fixes via firmware software updates for each individual issue. Some of the security fixes provided by both Ledger and Trezor are as below.
Trezor’s Vulnerability – Flawed Bootloader Write Protection
The Trezor One device utilises a STMicroelectronics chip STM32F205 that is flawed. What it does is that the write-protection on the device is disabled which was designed to protect the bootloader of the device. What this means is that a malicious attacker will be able to gain access, modify and replace the bootloader through a fake malicious firmware update. This in turn compromises the seed word generation for the Trezor One and this vulnerability is further capitalised on by the fact that the Trezor One does not enable extractions of a private key from wallets where a recovery seed has already been set up.
Trezor in response, has set up the following software update in order to mitigate the hardware issue while also at the same time providing a new way to verify authenticity of the firmware.
Firstly, the bootloader which is flawed with the write-protection from STMicroelectronics has been supplemented with write-protection and additionally enforced by the Memory Protection Unit (MPU)
The new and improved firmware also checks the authenticity of the bootloader first prior to updating the device’s bootloader to the latest version. The final activated Memory Protection Unit also prevents code execution from memory.
The Trezor Blog has also stated that the flawed Option Bytes write-protections problem can be overcome through using another protection system which was the aforementioned MPU (Memory Protection Unit) and is a different part of the chip. When Trezor utilises this chip in the bootloader, it is able to effectively specify which areas of memory should be accessed or not which in turn is able to reach the intended level of protection (the MPU restricts access to sensitive parts of the device memory which includes the bootloader are and the FLASH_OPTCR register). STMicroelectronics also confirms that by utilising the MPU, this prior issue has been resolved.
Ledger’s Vulnerability – MCU Fooling and More
As mentioned previously, one of the sure ways of verifying the authenticity of a Ledger firmware will be to perform an attestation check on the device. However, there was a flaw in this system check. Ledger has implemented the design in a way that allows an attack to perform loading of a modified firmware onto the device but still be able to pass the attestation check.
Ledger subsequently released a blogpost regarding the matter explaining the nature and effect of the vulnerability while also specifying the details of the fixes applied. Ledger has also taken the opportunity to clarify that this vulnerability does not facilitate private key extraction in a Ledger hardware wallets that have been previously configured.
So basically, Ledger performs their attestation check on a wallet by having their Secure Element (SE) to request information from the MCU to send it a firmware code for verification purposes. If the firmware code was to be compromised, the MCU would still have to send the whole official firmware so that the MCU could pass it on to the Secure Element for verification purposes.
Ledger has stated that the MCU in the wallet did not possess enough memory and storage space available to include and send the entire official firmware to the Secure Element as well as any malicious code.
Previously, the Ledger MCU included the bootloader and firmware in two separate sections of the wallet memory. Both of those memory sections include a part of the code which was identical in all aspects. Tis code was called compiler intrinsics. As such, this makes the possibility of potential code caving which resulted in a malicious code being hidden within the official firmware.
A security researcher, Saleem Rashid explained how Ledger’s security system in their devices are flawed by modifying the official firmware in such a way that it would replace a copy of the compiler intrinsics’ code with a malicious one. This in turn allows it to connect to the bootloader’s intrinsics during the performance of the attestation check.
After being able to verify itself to the Secure Element through the malicious code replacement, it could now take advantage of the overlapped elements which include the two buttons on the Ledger device as well as its display.
Best practices for wallet security
You should always ensure that your hardware wallet is genuine. Depending on the Trezor or Ledger device of your choice, there are ways to check the integrity of the product whether it is the Ledger Nano X or Nano S Trezor. When comparing Trezor vs Ledger, Trezor has tamper-evident seals on their packaging which products such as the Ledger Nano S lack. On the other hand, Ledger devices such as the Ledger Nano X relies on software cryptographic attestation checks. Although this may be the case, it is always recommended to purchase a Ledger Nano X or Trezor Model T from authorized resellers and to reach out to official customer support for easy to use ways to check for authenticity and avoid third party resellers.
The user should also update their wallet to the latest firmware before using them. When comparing the updates of both Trezor vs Ledger, you should seek out the updates from an official channel whether it be their website as it is possible that firmware of either Trezor or Ledger wallets would be compromised or just be old.
Set Up Your Own Recovery Seed
When using Ledger or Trezor products such as the Ledger nano S Trezor, it is a good idea to use a new, non-pre-configured wallet in case the previous owner had tempered with the recovery seed. So it is a good idea to set up your own recovery seed.
Supported coins for Both Ledger and Trezor
Ledger and Trezor provide support to the main type of cryptocurrencies such as Bitcoin, Litecoin and Ethereum. Trezor has the following list of supported coins: Bitcoin, Bitcoin Cash, Bitcoin Gold, Litecoin, Ethereum, Ethereum Classic, Dash, Zcash, Zcash, Namecoin, Dogecoin, NEM, Expanse, UBIQ and ERC 20 tokens.
Ledger on the other hand provides support for Bitcoin, Bitcoin Cash, Bitcoin GOld, Digibyte, HCash, Qtum, PIVX, Vertcoin, Viacoin, Ubiq, Expanse, Dash, Dogecoin, Litecoin, Ethereum, Ethereum Classic, Stratis, Ripple, Zcash, Komodo, PoSW, Ark, Neo, Stellar, Stealthcoin, BTCP, Zencash and ERC-20 tokens.
As such, Ledger is one of the best crypto wallets to use. Furthermore Trezor has a slightly higher price point compared to Ledger. A Trezor One is currently available at a retail price of 89 Euros while its latest successor, the Trezor T is priced around 159 Euros. Both of these Trezor products compared to the Ledger Nano S, are cheaper being priced at 79 Euros only. As such if you are looking for the cheapest ledger hardware wallets, you should opt for the Ledger Nano S
Trezor vs Ledger – Frequently Asked Questions
Q: Has Trezor been hacked?
Trezor gadgets can be hacked but only through specialized hardware to extract any confidential keys.
Q: What is the best crypto hardware wallet?
Ledger and Trezor or both the best crypto hardware wallets currently available on the market
Q: Can wallets such as Ledger Nano X or Trezor Model T be hacked?
Research from both Ledger and Trezor has stated that they have potential to be hacked and it is up to both users and the manufacturers to perform steps to minimise the potential risks of theft.