Trezor and Ledger, two of the most prominent hardware wallet manufacturers, have long been locked in a rivalry.
As part of Cointelegraph’s interview with Charles Guillemet, the CTO of Ledger, he revealed that the relationship is more complex than it may seem at first. Despite the rhetoric, cooperation and respect can be found as well.
A collaborative rivalry
Guillemet said that he doesn’t know who started the rivalry, as it goes back to the “very beginning of the Ledger and Trezor companies.”
“I think things got more serious when I created the Donjon, which is our internal security team,” he conceded. The Donjon was one of the first innovations introduced by Guillemet when he joined Ledger, due to his belief that the only way to design a secure system is to “try to break it, again and again.”
While the Donjon focused on Ledger wallets, they also began looking at competitors’ products. “At the beginning that was mostly by curiosity. We just wanted to understand how they work,” he said.
That study resulted in the team finding vulnerabilities in “each single wallet that we looked at.” Guillemet noted:
“When you find a vulnerability, the right thing to do is to report it to the vendor. And that’s what we did.”
The vendors then fixed the vulnerabilities, even giving bounties to Ledger some of the time. Regarding Trezor, he mentioned a “battle of PR” between the companies, adding:
“At the end, one thing which is completely true, is that the wallet security of Trezor improved a lot thanks to us.”
While Guillemet did not remember the exact number of vulnerabilities reported to Trezor, he said they were about “six or seven.” All of them were patched except one, which was unfixable due to the fundamental design of Trezor’s chips.
Due to this, the Ledger team did not disclose its details, though they were independently reported a year later by Kraken’s security team.
Open source vs. security
The reason why the bug is unfixable is that Trezor uses a so-called MCU chip in its wallet, which is used in common household appliances and was not meant for secure data storage, Guillemet explained. When asked why, he said that this was a conscious design choice:
“They are of strong belief in open source philosophy, and when you use the Secure Element, you have to sign an NDA with the chip manufacturer, which prevents you from giving any information on what's going on inside the chip.”
The Secure Element used by Ledger contains many countermeasures, which an open source firmware would likely reveal. According to Guillemet, secure elements are unacceptable to Trezor as they want to maintain their software completely open.
Guillemet said that open source software is “a very good thing” and noted that he personally contributed to some projects. “But when you design a security device, I think security is the most important thing.”
While he conceded that open source software could be a security benefit due to the additional scrutiny, this is not enough:
“As it prevents you from using a dedicated Secure Element, at the end you end up with a less secure device.”
Guillemet shared that he has a “good relationship personally with people at Trezor,” referring to them as “very interesting guys” — even if the two teams’ philosophies are different.