Which One is Safer, Trezor T or Ledger Nano X?

Key Takeaways

• Hardware wallets can be targeted with physical hacks to the device.

• How safe a hardware wallet depends on whether it can resist attacks on the device and from connected devices.

• Security infrastructure of hardware wallets revolves around the security chip, operating system, and continuous testing through bug bounty programs.

• Preventing attacks by keeping your hardware wallet safe and private is the safest way to store your crypto assets.

SEE ALSO: Which Is Best For Staking – Ledger Nano X Or Trezor Model T?

SEE ALSO: KeepKey Vs Trezor Model T (Which Supports More Coins)?

SEE ALSO: BitBox02 Vs Ledger Nano X (Which Supports More Coins)?

1. Security Chip

Both wallets are among the top wallets with resilient chips. But each has a different approach to security.

Trezor T Security Chip

The Trezor T uses the ARM Cortex  M4-based STM32F4 Microcontroller Unit (MCU), a highly-efficient embedded processor to address signal control and digital signals to its screen.

Ledger Nano X Security Chip

Ledger Nano X uses a dual chip architecture, the ST31 Secure Element (SE), and the STM32 Microcontroller Unit (MCU).

Secure Element (SE)

Data on the Ledger Nano X is stored on a Secure Element (SE)  – a chip commonly used in high-end data storage solutions like credit/debit cards. Ledger’s Secure Element chips have been tested numerously by third-party security labs and are certified to be resistant to voltage attacks, clock glitching, fault injections, attacks performed with a high-precision laser, electromagnetic injection, and many more.

MCU

Acts as a dumb router between the SE and the device peripherals since the SE lacks inputs/outputs.

2. Operating System

Trezor T Operating System

The Trezor T doesn’t really use an operating system. Trezor uses a monolithic approach, running every account through a single overall application installed, beating the need for a custom OS. It however uses multiple layers of code on the MCU to ensure the legitimacy and safety of operations on the device.

Boardloader

The boardloader is a write-protected embedded code that cannot be updated, modified, or removed and ensures that only embedded code with verified signatures runs as intended on the device. It checks the integrity of the Bootloader.

Bootloader

The bootloader installs, updates, and checks the firmware on the Trezor device every time the device is turned on. It is write protected and JTAG disabled.

Ledger Nano X Operating System

Ledger uses BOLOS (Blockchain Open Ledger Operating System), a custom-built Operating System (OS). The OS keeps all applications and systems isolated from one another through its multi-application approach. This means that each account is operated via a dedicated app. That way, the effects of a compromised application are isolated without affecting the others, keeping them safe from any vulnerability.

3. Firmware

Firmware is a very important aspect of security as it controls how the device operates.

Trezor T Firmware

The security of the Trezor T is ensured through the following characteristics of the firmware.

Open source

The software used in Trezor devices is open-source, and always available for audit. It can be downloaded, cloned, or modified without any legal consequences. While this can be used for malicious purposes, it also means anyone from the large community of developers including you can verify, build and inspect the software used in Trezor devices for possible vulnerabilities and also contribute to its improvement. This provides a higher level of collaborative security.

Firmware verification

The bootloader contained within the boardloader of the MCU always verifies the firmware signature every time the Trezor T is turned on and when it is updated. Unless it is correctly signed by SatoshiLabs, it will not run and a warning is displayed.

Bug bounty program

SatoshiLabs provides a bug bounty program to better engage with security researchers and hackers, and discover possible vulnerabilities.

Secure update procedure

The bootloader erases the device memory during updates and only restores it if the firmware signature is invalid.

The Ledger Nano X Firmware

Aside from being stored separately in the SE chip, the Ledger Nano X firmware has the following for more security.

Closed source

While the BOLOS might be an open source framework, the Ledger Nano X uses a closed source firmware. This means cloning is not possible as third parties cannot access it.

Root of Trust system

Through BOLOS, the Root of Trust system can be used on the Ledger Nano X. When the Ledger device is connected to Ledger Live, the system checks if the device is genuine. It also performs genuineness checks on updated firmware and installation of apps.

Ledger Donjon (Bug bounty program)

Ledger runs a bug bounty program covering scopes under Devices Bug, Web Bug, and Phishing Attempts. The Ledger Donjon continuously works to keep the security system updated and improved by sniffing out any security loophole before a hacker finds and exploits it for malicious purposes.

4. Other Security Aspects to consider Trezor T or Ledger Nano X 

Trezor T Homescreen and Label

Sometimes, malicious third parties can replace a hardware wallet with a replica to keylog and retrieve the PIN as it is entered by the unsuspecting owner.

Trezor devices come with a big enough display and allow you to customize your homescreen background that displays when it is turned on. You can choose from a gallery of pictures or upload your own picture as a homescreen background. This cannot be changed without the PIN hence serving as a defense line against device replacement attacks.

There is also a labeling feature in Trezor Wallet that lets you rename your device name, accounts, receiving addresses, and comments on transactions.

Ledger Nano X Certification

The Ledger Nano X has a CSPN (First Level Security Certificate) certification issued by ANSSI (National Agency for Information Systems Security).

Verdict: Which one is safer, Trezor T or Ledger Nano X?

Both devices are from top brands known for their security. The fact that there is not a single documented case of theft from either of them, says both are secure. Which you think is safer, depends on your choice and understanding of the components.

For better decision making, compare other non-security features of the Trezor Model T & Ledger Nano X

If you are having a hard time deciding, check out 11 Recommended Accessories For The Trezor Model T Wallet, it might help.

Decided to get a Ledger device? Learn how to know if your Ledger wallet is genuine. If your choice is the 

Frequently Asked Questions (FAQs)

Q1. Is Trezor t the best wallet?

The Trezor Model T is considered one of the best hardware wallets alongside the Ledger Nano X.

Q2. Is Ledger compromised?

No, Ledger is not compromised. Although the customer data from the Database Leak that happened some years back had been used unsuccessfully in phishing attempts with replica wallets.

Q3. Is Trezor Model T hackable?

One never can tell what will happen if the device is opened and tampered with. With continuous white hack attempts and improvement to security codes by the open source community, the Trezor T is safe.

Final Thoughts

Physical attacks only become a threat when your hardware wallet device falls in the wrong hand. This is a major reason why you should always keep your device a secret and hidden when not in use. Do not leave it in open places, you never know who might be lurking.