An Inside Look Into the Surprisingly Friendly Rivalry Between Ledger and Trezor

Trezor and Ledger, two of the most prominent hardware wallet manufacturers, have long been locked in a rivalry.

A collaborative rivalryGuillemet said that he doesn't know who started the rivalry, as it goes back to the "Very beginning of the Ledger and Trezor companies."

While the Donjon focused on Ledger wallets, they also began looking at competitors' products.

The vendors then fixed the vulnerabilities, even giving bounties to Ledger some of the time.

"At the end, one thing which is completely true, is that the wallet security of Trezor improved a lot thanks to us."

While Guillemet did not remember the exact number of vulnerabilities reported to Trezor, he said they were about "Six or seven." All of them were patched except one, which was unfixable due to the fundamental design of Trezor's chips.

Due to this, the Ledger team did not disclose its details, though they were independently reported a year later by Kraken's security team.

Open source vs. securityThe reason why the bug is unfixable is that Trezor uses a so-called MCU chip in its wallet, which is used in common household appliances and was not meant for secure data storage, Guillemet explained.

The Secure Element used by Ledger contains many countermeasures, which an open source firmware would likely reveal.

According to Guillemet, secure elements are unacceptable to Trezor as they want to maintain their software completely open.