Are Ledger Wallets Safe? Top Security Features & Risks

Once a trusted crypto hardware wallet manufacturer with 6 million+ customers, Ledger’s new feature, Ledger Recover, raises concerns about safety. So, are Ledger wallets safe?

Ledger wallets protect your private keys using a Secure Element chip. However, they remain susceptible to potential malicious attacks and phishing scams. It’s worth noting that there are other hardware wallets available on the market that offer even higher levels of security.

In this article, we cover four main aspects about Ledger wallets:

• Security features
• Ledger Recover service
• Risks of using Ledger hardware wallets for storing digital assets
• Best Ledger wallet alternatives

Lets get into it.

Are Ledger Wallets Safe?

Here are Ledger’s primary security features that ensure the safety of their devices.

• Offline Storage
• BOLOS
• EAL5+ Secure Element chip
• Trusted Display
• Ledger Donjon
• PIN protection
• Ledger Recover

Below we break down each security feature even further.

Ledger Security Features

Offline Storage

Ledger devices offer a unique solution to a common problem seen in many crypto wallets.

Unlike software wallets which are vulnerable to digital hacks due to their internet-connected nature, Ledger hardware wallets keep your private keys offline. 

Storing private keys in an offline environment safeguards them from potential hackers, enhancing overall security and protecting your assets.

BOLOS

BOLOS is the operating system in all Ledger cold wallets. It ensures a secure environment for running apps through a lightweight, open-source framework.

Developers use BOLOS to create apps that keep your sensitive information safe.

With BOLOS, users can install multiple apps while maintaining secure and isolated data within each one.

EAL5+ Secure Element Chip

All Ledger wallets utilize an EAL5+ Secure Element to encrypt and store private keys while also being resistant to side-channel attacks and other physical threats.

The Secure Element is one of the greatest security features of all Ledger devices.

PIN Protection

Every Ledger wallet is safeguarded by a 4 – 8 digit user-generated PIN code. Without the code, you cannot perform any actions on the device, such as sending or receiving crypto or upgrading the firmware.

Trustless Display

Unlike computers and phone screens that can be tampered with by hackers through internet connections, Ledger screens cannot be compromised.

Each Ledger device comes with a Trusted Display, which is tamper-proof because it is secured by the Secure Element.

Ledger Donjon

Ledger Donjon is a team of top security experts that are committed to continuously testing Ledger devices’ security.

These white-hat hackers thoroughly assess every potential attack path and promptly address any issues they find.

When a vulnerability is discovered, they release firmware updates immediately, constantly enhancing the security of Ledger wallets.

Ledger Recover

Ledger Recover is an optional monthly subscription service that allows users to recover their wallet’s secret recovery phrase. If your recovery phrase is lost or damaged, you can restore your private key using a Ledger hardware wallet and your ID.

Here is how Ledger Recover works step-by-step:

1. Duplicate the recovery phrase.
2. Encrypt the duplicated phrase.
3. Links it to the user’s identity.
4. Split the encrypted phrase into 3 fragments.
5. Store each fragment with separate reputable companies (Coincover, Ledger, and EscrowTech).

To recover a private key using Ledger Recover, users simply need to verify their identity by taking a selfie and a government-issued ID.

Then two out of the three parties involved will send the fragments to your Ledger device. The device then reconstructs your private key to grant you access.

To subscribe to Ledger Recover users are required to upload their government-issued ID.

Ledger Recover utilizes identity verification and not KYC (Know Your Customer) procedures, as stated by Ledger.

In the video below, I explain the concept of Ledger Recover, discuss the potential risks linked to it, and share some of my favorite alternative wallet options.

What Ledger Wallets Protect You From

Now that you know all about Ledger’s security features, let’s look at what Ledger wallets protect you from.

Malware and Software Attacks

One of the most common ways crypto wallets get compromised is through software and malware attacks.

Hot wallets, which store your private key on your device, can be targeted by hackers using malware to extract the key.

Ledger devices protect against this by isolating your private keys with the secure element, keeping them safe from internet-connected devices.

The trusted display ensures tamper-proof transaction signing, and connecting to Ledger Live lets you verify your device and firmware validity.

Physical Access

Ledger wallets are resilient to physical hacks thanks to their Secure Element chip, which resists power-glitching.

Additionally, they are protected against side-channel attacks that attempt to uncover the PIN code through hardware behavior observation.

Thankfully, you don’t need to worry about these vulnerabilities with your Ledger device.

Ledger Wallets Security Concerns

Ledger has done a great job creating secure crypto wallets. But that doesn’t mean there aren’t some security concerns to consider.

Ledger’s firmware is closed-source

Ledger’s firmware remains closed-source. Until they make it open source, the public is left unsure of what the code contains and what Ledger does and doesn’t has access to.

For most people, the fact that Ledger implemented a firmware upgrade capable of accessing their private keys is an instant red flag.

Note that any hardware wallet manufacturer can do the same thing. But no one has because they understand how important wallet security is to their users.

Ledger lied to their users

Ledger’s Tweet from November 15, 2022, clearly stated that users’ private keys never leave the device’s secure element chip.

Hi – your private keys never leave the Secure Element chip, which has never been hacked. The Secure Element is 3rd party certified, and is the same technology as used in passports and credit cards. A firmware update cannot extract the private keys from the Secure Element.

— Ledger (@Ledger) November 15, 2022

It also claimed that a firmware update cannot extract private keys from the secure element.

With the release of Ledger Recover, Ledger said that the operating system allows access to private keys stored within the secure element if the user manually approves it.

Unfortunately, this mistrust has led users to destroy their wallets and move on to a more transparent cold wallet manufacturer as seen in the video below.

Compensation for lost funds is NOT guaranteed

In the event of someone gaining unauthorized access to your wallet through Ledger Recover, there is a possibility of receiving compensation up to $50,000 from Coincover, subject to investigation.

This compensation is provided in the unlikely scenario that something goes wrong.

I have two problems with this:

1. It is a possibility you would be compensated. There is no guarantee.
2. You will only be compensated up to $50,000. Some users have more than that stored on their Ledger wallets.

Why Doesn’t Ledger Make a Separate Wallet for Ledger Recover?

If Ledger made a separate wallet, they would have to manufacture a second operating system with the ledger recovery option installed. According to Ledger, these are the reasons why they won’t do that:

1. There is no difference in having this part of the code in the operating system or not. It’s the user’s choice to activate the feature.
   
2. No increased threat: Firmware implementation doesn’t raise risks.
   
3. Cost consideration: Running two operating systems is expensive. Ledger prefers using those funds to develop and improve security and ease of use for our products for their current and future customers.
   
4. Commitment to open source: Apparently, the code will soon be made open source, meaning that users will be able to verify the code themselves.

What If You Don’t Opt-in to Ledger Recover?

If you don’t subscribe to Ledger Recover, no information is collected and Ledger nor anyone else can access your private key. “Ledger Recover is and will always be optional.”

For users who would like to opt-in for this feature, they’ll have to pay $10/month.

Should I Still Use Ledger?

If you prefer a subscription-based service that stores your wallet’s private key on your behalf, then Ledger is the right choice for you. If you have reservations about a wallet manufacturer sharing your private key, then Ledger is not a suitable hardware wallet for you.

If you are still using a Ledger wallet and want to discontinue its use, your next step would be to get another cold wallet.

Then generate a new private key and transfer all of your funds to that new device.

There is one common misconception about Ledger wallets I want to address…

I’ve seen a lot of people claim Ledger isn’t secure because they have had their funds stolen from their wallet.

To clarify, these incidents are a result of user error. People unknowingly click on phishing links, leading to these issues.

Best Ledger Wallet Alternatives

Here are the 5 best Ledger wallet alternatives:

• Keystone Pro
• OneKey Touch
• Tangem
• Ellipal Titan Mini
• OneKey Classic

The Keystone Pro is by far my favorite cold storage wallet on the market.

Its firmware is open-source and it utilizes a checksum to verify the authenticity of the firmware you install. The checksum is used to confirm the firmware is identical to the original code created by Keystone. 

The Pro is completely air-gapped and it has a massive 4-inch touchscreen making it easy to use. Oh, and it supports Solana!

If you’re looking for more Ledger alternatives, check out my hands-on review of the top cold wallets or watch the video above. I guarantee you’ll find one that suits your needs.

Frequently Asked Questions