Is there a trustless way to update ledger firmware?

I own a ledger nano s, and recently thinking about to buy a ledger nano x, but only recently that I found the firmware on the hardware is close source, as a non-programmer I do not really understand what this mean to my safety.

So I have a few questions,

* Dev says most of the ledger software is open source, only the firmware on the hardware because of NDA, and he say the ledger live app has no way to interact it in a bad way (ie stealing the recovery phrase), aside from the dev word, may I know why is it not possible?
* We update ledger firmware via the ledger live app or the website, is there a possibility for dev to push a malicious update with the potential to steal our recovery phrase, or steal our crypto? Aside from trusting the dev won’t push a malicious update?
* Is there a regular or ongoing audit for every new firmware release that we can read on before updating our device firmware? I like the idea of open source, but the truth is open source doesn’t mean anything if I can’t understand the code, so ultimately I just have to rely someone else audit, or public audit

I’m hoping there’s a there’s a solution I can trust my hardware wallet without blindly trusting ledger company, hopefully someone can answer this to a non-programmer

What do you think?

10 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings


  1. You have to trust Ledger to issue the firmware properly – there’s always an element of trust when dealing with hardware. One of our strong points is that we picked the right architecture to reduce the number of parties you have to trust : Ledger and the smartcard division of STMicroelectronics (which is providing the same chips to highly critical industries) – by comparison with other popular hardware wallets, you should trust the chip manufacturer, the device issuer, the factory, and everyone that could have touched the device from manufacturing to delivery

    We also have several technical and operational processes in place to make sure that one single employee cannot push arbitrary code.

  2. None of the comments so far have addressed the “stealing the recovery phrase” question.

    Your recovery phrase is stored on the secure element, which is responsible for generating keys. It is designed to prevent many different types of attack and at the moment it is not possible for the recovery key to be extracted from the secure element. The tech is shared with credit cards and passports.

  3. 1. Answer is that they could push a malicious firmware but they wouldn’t because it would severely damage the company’s reputation. The ledger live software is open source and thus any changes made can be seen by the community.

    The only way for an update to be truly trust less is for you to have the same level of knowledge that the developers have. But why would they do that? There isn’t any economic incentive to do so. Not when they can create and sell many more hardware devices on the future.

  4. Trustless and not needing to trust some party is exactly the reason that draw us into cryptocurrency, but the main obstacle in mass adoption is because even though many project are open source, not everyone are equipped with the knowledge to understand it, let alone finding the bug / exploit from it.

    (That’s why software security audit company exist, and the bug bounty program too.)

    I really hope one day there’s a truly trustless way in the world of crypto currency, and before that I need to know how to secure my own crypto without trusting anyone first

  5. As a computer practitioner, I choose Ledger for two reasons
    1. Enterprise endorsement, one of the early manufacturers of hardware wallet, has a large user base (which is also what I value most), and can get faster firmware and security bug remedy.
    2. The private key is isolated at the hardware level, so that it does not touch the network. Moreover, the company has a deep cooperative relationship with STMicroelectronics.
    Once there was a damaged equipment, but the after-sales service solved the problem well and gave me the fastest time to replace the new equipment. I recommended Ledger equipment to at least 100 friends around me, and they completed the transaction under my recommendation. However, the recent firmware update was not timely, so I could not successfully pledge Polkadot. I contacted with them by email for many times, but no official reply was given, which made an old user very angry! What’s more, there is no compensation, which makes me very disappointed. As a co-founder, would you like to help me solve this problem?
    Request #898994:

Tipping Doge and Security Question

7 months Still Disabled – Every support case has been marked Resolved