CoinDailies Logo

CoinDailies

Home
/
Blockchain technology
/
Security protocols
/

Ledger donjon: internal white hat lab enhances security

Ledger's Donjon Lab | White-Hat Hackers Test Security Before Attacks

By

Mia Chen

Feb 15, 2026, 04:16 AM

Edited By

Carlos Ramirez

3 minutes of reading

Members of Ledger's Donjon white-hat team testing security on devices and software

Security isn’t a static checkbox; it’s a constant fight. Ledger reveals how their internal team of white-hat hackers, known as the Donjon, evaluates their hardware and the broader ecosystem to identify vulnerabilities before they can be exploited by bad actors.

What the Donjon Discovered in 2025

In 2025, the Donjon team focused on physical security, asking pertinent questions about device security. They specifically examined:

  • Smartphone Vulnerabilities: The team targeted the Mediatek Dimensity 7300 chip, widely used in Android phones. They demonstrated how electromagnetic pulses could disrupt the boot process, granting full control over devices.

  • Brute-Forcing Wallets: Their research on Tangem's card-style wallets revealed a method to bypass PIN delays. This allowed them to crack a 4-digit PIN in roughly one hour by interrupting power at critical moments.

  • Supply Chain Risks: Collaborating with Trezor, they identified potential supply-chain bypass vulnerabilities in the Safe 3 microcontroller, which could leave users exposed.

The Importance of Responsible Disclosure

When the Donjon uncovers a vulnerability, they don’t broadcast it publicly. Instead, the team practices responsible disclosure, notifying the affected companies privately with a 90-day window to fix the issue. As one insider noted, "We’d rather have a 'thank you' in a patch note than a viral exploit that costs people their savings."

Why Updates Matter

Users should question the assumption of safety if they think losing a device isn't an issue. Each finding from the Donjon goes directly to firmware teams, enhancing device security. An 'un-updatable' device is now seen as a "ticking clock" waiting for an inevitable exploit.

"Security that doesn’t evolve is just an old lock on a new door," a Donjon member emphasized.

Criticism from the Community

Comments from the community reflect skepticism about Ledger's practices. Users voiced concerns, with one stating, "Nobody cares. You might have a great team, but trust is the primary factor."

Several themes emerged:

  • Criticism of Ledger’s Business Practices: Users are wary due to past controversies.

  • Trust Issues: Trust remains crucial in financial and security sectors.

  • Desire for Transparency: There's a call for clear communication and accountability.

Sentiment Trends

Feedback is mostly negative, with community members questioning Ledger's reliability and practices, especially surrounding data security.

Key Insights

  • πŸ” The Donjon's physical security work reveals critical vulnerabilities.

  • πŸ”’ "Responsibility in disclosure protects not only companies but users as well."

  • πŸ’° Ongoing criticism raises questions about trust within Ledger's business practices.

In the crypto world, trust is paramount. As security threats evolve, Ledger's proactive approach may be refreshing but is met with scrutiny as users demand better reliability and transparency.

Future Outlook on Ledger's Security Journey

Experts estimate that Ledger will need to enhance its communication strategy and practices to regain user trust. With ongoing scrutiny, there’s a strong chance the company will introduce more transparent security disclosures within the next six months. If the Donjon Lab continues to identify critical vulnerabilities and provide timely updates, user confidence could see a notable rebound, with expectations of a 20% improvement in community sentiment. Conversely, if skepticism persists without visible change, Ledger might face a decline in user engagement over the coming year, leading to further market challenges.

Echoes of the Past: The Vault Company Dilemma

Looking back, a curious parallel can be drawn between Ledger's current situation and the case of vault manufacturers in the early 2000s. As the digital age began to displace traditional security measures, vault producers faced similar trust issues after a series of high-profile breaches. Just as vaults were deemed unreliable, despite high-grade materials, people ultimately turned to smart technology for security solutions. The lesson echoes: trust is built not just through innovation but through consistent, reliable performance over time, reminding us that a reputation can hinge on the smallest details.