CoinChronx Logo

CoinChronx

Home
/
Education resources
/
Security practices
/

Ledger's donjon lab: tackling security before attackers

Ledger's Donjon Lab Sparks Controversy Amid Security Concerns | Users Demand Apology

By

Anna Smith

Feb 14, 2026, 05:09 AM

Edited By

Olivia Murphy

Updated

Feb 15, 2026, 04:16 AM

2 minutes estimated to read

A team of white-hat hackers at Ledger's Donjon Lab testing smartphone chips and wallets for security flaws

Ledger's ongoing battle with security vulnerabilities takes center stage as the Donjon team faces backlash from some users over recent findings and company practices. Controversy mounts as calls for accountability and transparency resonate within the crypto community.

The Context of the Criticism

Recent comments on forums highlight significant discontent with Ledger's handling of security issues, particularly regarding its association with Changelly. Users express skepticism, questioning the company's commitment to trust and secure practices. "Nobody cares. You might have a great team but business practices suggest we should not trust you," one user lamented.

Key Security Findings from 2025

The Donjon team, Ledger's internal white-hat hackers, uncovered serious issues during their 2025 security evaluations. Here’s what they found:

  • Smartphone Vulnerabilities: They exploited Mediatek Dimensity 7300 chips, leading to unauthorized access to millions of Android devices.

  • Brute Force Weaknesses: An attack method discovered on Tangem's wallets allows hackers to crack a 4-digit PIN in about an hour by bypassing their security measures.

  • Collaboration Insights: The team’s work with Trezor highlighted vulnerabilities within their Safe 3 microcontroller, reflecting a broader ecosystem risk.

"You can’t claim a device is 'unhackable' if you aren’t actively trying to hack it yourself," summarized a senior team member, emphasizing the need for vigilance in security practices.

Community Reactions: A Mixed Bag

While some users appreciate Ledger's proactive measures, others are vocal about incomplete trust in its practices. A recurring theme in the comment section underscores the need for the company to address the Changelly situation directly.

  • Users expressed frustration, calling for Ledger to "remove Changelly and apologize to the victims."

  • Comments emphasize that transparency is crucial in restoring trust, particularly in a sector that requires high levels of security.

The Cost of Running an Internal Lab

Running an internal testing lab is both a costly and slow process, yet it plays a crucial role in Ledger's commitment to security. This investment is necessary for building and maintaining user trust, especially given the evolving threat landscape in the crypto market. "An 'un-updatable' device is just a ticking clock," a recent report cautioned, reinforcing the idea that ongoing updates are essential in mitigating future risks.

Looking Ahead: The Fight for Trust

As Ledger navigates through this controversy, engaging directly with the community may be pivotal. Users are looking for leadership in security transparency and commitment to addressing vulnerabilities. Experts suggest a unified approach across the crypto ecosystem could mitigate many software vulnerabilities arising from interconnected platforms.

Key Insights:

  • β—‡ Significant vulnerabilities revealed in 2025 may require urgent attention from Ledger and partners.

  • β—† User sentiment leans towards skepticism; trust hinges on accountability actions.

  • β–½ Community demands direct engagement with victims of security breaches, indicating a need for transparency.

For continued updates and security insights, refer to the official Ledger site.