advertisement - scroll to continue
Last Updated on August 25, 2022 by Eddu Oz
Which one is safer, Trezor T or Ledger Nano X?
Most threats posed to crypto assets stored in a wallet are remote. Hardware wallets, as a popular type of cold wallet, have been able to eliminate possible online threats by keeping vital personal data offline away from hackers. But aside from online attacks, physical attacks do still exist.
After Trezor’s “Read protection flaw” cracked by Kraken in under 15 mins and “Ledger data breach incidents, these two wallet giants have taken every possible step to ensure the security of crypto assets.
As you read further you will understand the different security approaches and components to help you make a choice on which wallet is safer, Trezor T or Ledger Nano X?
📌 Hardware wallets can be targeted with physical hacks to the device.
📌 How safe a hardware wallet depends on whether it can resist attacks on the device and from connected devices.
📌 Security infrastructure of hardware wallets revolves around the security chip, operating system, and continuous testing through bug bounty programs.
📌 Preventing attacks by keeping your hardware wallet safe and private is the safest way to store your crypto assets.
1. Security Chip
Both wallets are among the top wallets with resilient chips. But each has a different approach to security.
Trezor T Security Chip
The Trezor T uses the ARM Cortex M4-based STM32F4 Microcontroller Unit (MCU), a highly-efficient embedded processor to address signal control and digital signals to its screen.
Ledger Nano X Security Chip
Ledger Nano X uses a dual chip architecture, the ST31 Secure Element (SE), and the STM32 Microcontroller Unit (MCU).
Secure Element (SE)
Data on the Ledger Nano X is stored on a Secure Element (SE) – a chip commonly used in high-end data storage solutions like credit/debit cards. Ledger’s Secure Element chips have been tested numerously by third-party security labs and are certified to be resistant to voltage attacks, clock glitching, fault injections, attacks performed with a high-precision laser, electromagnetic injection, and many more.
Acts as a dumb router between the SE and the device peripherals since the SE lacks inputs/outputs.
2. Operating System
Trezor T Operating System
The Trezor T doesn’t really use an operating system. Trezor uses a monolithic approach, running every account through a single overall application installed, beating the need for a custom OS. It however uses multiple layers of code on the MCU to ensure the legitimacy and safety of operations on the device.
The boardloader is a write-protected embedded code that cannot be updated, modified, or removed and ensures that only embedded code with verified signatures runs as intended on the device. It checks the integrity of the Bootloader.
The bootloader installs, updates, and checks the firmware on the Trezor device every time the device is turned on. It is write protected and JTAG disabled.
Ledger Nano X Operating System
Ledger uses BOLOS (Blockchain Open Ledger Operating System), a custom-built Operating System (OS). The OS keeps all applications and systems isolated from one another through its multi-application approach. This means that each account is operated via a dedicated app. That way, the effects of a compromised application are isolated without affecting the others, keeping them safe from any vulnerability.
advertisement - scroll to continue
Firmware is a very important aspect of security as it controls how the device operates.
Trezor T Firmware
The security of the Trezor T is ensured through the following characteristics of the firmware.
The software used in Trezor devices is open-source, and always available for audit. It can be downloaded, cloned, or modified without any legal consequences. While this can be used for malicious purposes, it also means anyone from the large community of developers including you can verify, build and inspect the software used in Trezor devices for possible vulnerabilities and also contribute to its improvement. This provides a higher level of collaborative security.
The bootloader contained within the boardloader of the MCU always verifies the firmware signature every time the Trezor T is turned on and when it is updated. Unless it is correctly signed by SatoshiLabs, it will not run and a warning is displayed.
Bug bounty program
SatoshiLabs provides a bug bounty program to better engage with security researchers and hackers, and discover possible vulnerabilities.
Secure update procedure
The bootloader erases the device memory during updates and only restores it if the firmware signature is invalid.
The Ledger Nano X Firmware
Aside from being stored separately in the SE chip, the Ledger Nano X firmware has the following for more security.
While the BOLOS might be an open source framework, the Ledger Nano X uses a closed source firmware. This means cloning is not possible as third parties cannot access it.
Root of Trust system
Through BOLOS, the Root of Trust system can be used on the Ledger Nano X. When the Ledger device is connected to Ledger Live, the system checks if the device is genuine. It also performs genuineness checks on updated firmware and installation of apps.
Your Pathway to Understanding Crypto & Other Currencies
Trust us, your email is safe
Ledger Donjon (Bug bounty program)
Ledger runs a bug bounty program covering scopes under Devices Bug, Web Bug, and Phishing Attempts. The Ledger Donjon continuously works to keep the security system updated and improved by sniffing out any security loophole before a hacker finds and exploits it for malicious purposes.
4. Other Security Aspects to consider Trezor T or Ledger Nano X
Trezor T Homescreen and Label
Sometimes, malicious third parties can replace a hardware wallet with a replica to keylog and retrieve the PIN as it is entered by the unsuspecting owner.
Trezor devices come with a big enough display and allow you to customize your homescreen background that displays when it is turned on. You can choose from a gallery of pictures or upload your own picture as a homescreen background. This cannot be changed without the PIN hence serving as a defense line against device replacement attacks.
There is also a labeling feature in Trezor Wallet that lets you rename your device name, accounts, receiving addresses, and comments on transactions.
Ledger Nano X Certification
The Ledger Nano X has a CSPN (First Level Security Certificate) certification issued by ANSSI (National Agency for Information Systems Security).
Verdict: Which one is safer, Trezor T or Ledger Nano X?
Both devices are from top brands known for their security. The fact that there is not a single documented case of theft from either of them, says both are secure. Which you think is safer, depends on your choice and understanding of the components.
For better decision making, compare other non-security features of the Trezor Model T & Ledger Nano X
advertisement - scroll to continue
If you are having a hard time deciding, check out 11 Recommended Accessories For The Trezor Model T Wallet, it might help.
Decided to get a Ledger device? Learn how to know if your Ledger wallet is genuine. If your choice is the
Frequently Asked Questions (FAQs)
Q1. Is Trezor t the best wallet?
The Trezor Model T is considered one of the best hardware wallets alongside the Ledger Nano X.
Q2. Is Ledger compromised?
No, Ledger is not compromised. Although the customer data from the Database Leak that happened some years back had been used unsuccessfully in phishing attempts with replica wallets.
Q3. Is Trezor Model T hackable?
One never can tell what will happen if the device is opened and tampered with. With continuous white hack attempts and improvement to security codes by the open source community, the Trezor T is safe.
Physical attacks only become a threat when your hardware wallet device falls in the wrong hand. This is a major reason why you should always keep your device a secret and hidden when not in use. Do not leave it in open places, you never know who might be lurking.