Ledger

65.8K posts

Ledger banner
Ledger

Ledger

@Ledger

Free from Compromise. Ledger will never DM you, call you, or ask for your 24 word recovery phrase. Posts under this account are not intended for the UK

Paris, Vierzon, SG, ZRH, LDN Katılım Temmuz 2014
248 Takip Edilen670.4K Takipçiler
Sabitlenmiş Tweet
Ledger
Ledger@Ledger·
New upgrades are officially rolling out for the Ledger Wallet™ app. The ease of an exchange. The security of a Ledger touchscreen signer. Free from compromise. → Clarity: your whole portfolio, history, Profit & Loss all in one view → Choice: swap, earn, trade Perps and more across 50+ providers, 100+ chains → Control: verify every move on your secure signer. Keys stay offline. Download Ledger Wallet today 👇
English
167
85
533
123.1K
Ledger
Ledger@Ledger·
reply to this, we’re checking to see what's up with crypto twitter 👀
English
85
4
114
9.4K
Ledger
Ledger@Ledger·
Hi @Cryptomattster, we appreciate your efforts to warn others about these scam attempts. Always remember: Ledger will never call, DM, or ask for your 24-word recovery phrase. If someone does, it's a scam. Stay cautious, keep your crypto safe and always Clear Sign transactions where possible. Scammers impersonating Ledger and other crypto brands are unfortunately common. While we actively report and block them, malicious actors often pull from multiple leaks across the industry. In practice, even if a scam letter mentions Ledger, the address may have been sourced from any number of crypto‑related breaches. Because Ledger is a trusted name in self‑custody, scammers use our brand to increase the likelihood of tricking users. Please stay vigilant against phishing attempts. At Ledger, we've designed our technology so that your crypto and private keys remain safe, regardless of external incidents. Ledger devices are purpose-built to keep your assets secure and entirely under your control - always. We've reinforced our systems time and again to meet the highest standards of security in an increasingly connected world. Please don't engage with accounts claiming to be Ledger employees or anyone offering to help recover funds. For support and technical assistance, connect with our support team directly at support.ledger.com/contact-us For guidance on protecting yourself, check out the Ledger Academy article on Crypto Phishing Scams And How To Avoid Them: ledger.com/academy/someth…
English
0
0
1
149
nabu
nabu@nabu_lines·
agentic trading is coming to Robinhood the next challenge isn’t making agents smarter it’s making sure they can act without ever taking full control that’s where hardware-anchored security fits in thats the layer @Ledger brings
nabu tweet media
Robinhood@RobinhoodApp

Crypto is coming to agentic trading. Eligible US customers will soon be able to connect their AI agent to a dedicated Robinhood account to trade crypto on their behalf, with the same real-time P&L tracking and push notifications they already know from agentic trading. More soon. x.com/i/broadcasts/1…

English
124
22
184
15.8K
itsYalda
itsYalda@YaldaMasoudi·
the weird part isn’t that agents can rewrite their memory It’s that one day you might wake up trusting an agent you never actually chose to trust that’s the first AI security argument that’s genuinely changed how I think about human approval looking at it that way, keeping the final approval in human hands doesn’t feel like friction anymore. It just feels like common sense. glad @Ledger was already building for that future
itsYalda tweet media
Ledger@Ledger

Your AI agent can rewrite its own memory file. That's also how it ends up writing cult manifestos into it 🤯 New episode of The Ledger Podcast ft. Shisa.ai is live. @lhl, CTO of Shisa.ai, sits down with Ledger CXO @iancr to talk about building AI agents you can actually trust 👇

English
50
1
129
1.2K
nabu
nabu@nabu_lines·
the laser isn’t the interesting part! @DonjonLedger found a way to make tangem card misread a single security check with a precisely timed laser pulse according to their research, that’s enough to reset the password because the card firmware can’t be updated, there’s no way to patch the bug once it’s found
nabu tweet media
Charles Guillemet@P3b7_

💥One Check, One Laser, Every Card: The Tangem Immutability Trap. The @DonjonLedger just published research worth stating plainly. With a single laser pulse the Ledger Donjon team faults one conditional check in the firmware of a Tangem card and resets the password to a value of its choosing. No existing password, backup card, or recovery feature needed. Once reset, the attacker is able to sign anything and can potentially drain the user’s wallet. To be precise about the threat model: this attack requires physical possession of the card, invasive chip opening, lab-grade fault-injection equipment, our own setup costs roughly $250,000, and genuine technical expertise. That puts it well beyond the reach of an opportunistic thief, but comfortably within the capabilities of a serious lab. Both things can be true at the same time. Why one pulse is enough: the recovery path depends on a single yes/no check, “is this card in recovery state?”, and a pulse is simply a precisely timed electrical disturbance designed to make the chip misread that decision at the critical moment. Because there is no redundant check and no penalty for repeated SetPin attempts, one successful disturbance is enough. The chip’s countermeasures are formidable, but they cannot protect the one bit the firmware chose to trust. The uncomfortable part: it cannot be patched. Tangem cards have no firmware update mechanism. The vulnerability was disclosed on February 10th, 2026. There is no fix coming, because there is no channel to deliver one. Tangem presents immutable firmware as a security feature. Call it what it is: a trade-off. "We cannot change the firmware" is a strong story right up until the firmware is wrong. Then the same property that protected you guarantees you can never be protected again. This research did not create that reality. It made it visible. What a user can do, since there is no patch: this attack requires physical possession of the card and invasive lab work, so it cannot be done covertly. The practical risk is a lost or stolen card in the hands of a capable attacker. If the card stays in your possession, there is no reason to assume compromise. If you have doubt, or if your threat model requires a higher level of assurance, treat the funds as compromised and move them to a new secure set up. This was published in line with Ledger Donjon’s responsible disclosure process. When a vulnerability cannot be patched, the next responsibility is to inform users clearly and widely, so they can make their own informed decisions, especially here where the vulnerability can not be exploited remotely. The bigger lesson is not about one product. Security is never static, and systems should be designed with human error and future failure in mind. You should not have to blindly trust that yesterday’s assumptions still hold. You should be able to verify, adapt, and recover when they do not. Design for the day you are wrong, because eventually, you will be. Full write-up from Baptistin Boilot, Ledger Donjon. Stay safe. Stay honest about your trust assumptions. donjon.ledger.com/blog/bypassing…

English
130
22
212
13.4K