How Ledger Hardware Wallets Work
Jun 06,2024
— Ledger hardware wallets help you protect your assets with full ownership; focusing on providing uncompromising security and self-custody.
— Ledger hardware wallets are so secure due to Ledger’s Security Model and the hard work put in by the tech and product teams.
— The components in your Ledger device work together seamlessly to keep your assets safe from even the most sophisticated attacks.
If you have a Ledger wallet, you’ve likely wondered how on earth it works. While crypto can seem daunting at times, there are a few key elements to how Ledger wallets work and how they carry out transactions. It’s no secret that Ledger wallets are built for security, but ensuring crypto transactions are secure is not as simple as you might think.
Ledger hardware wallets are so secure thanks to their countless components and features working together seamlessly. All of these crucial elements make up Ledger’s Security Model, which is so strong that no Ledger device has ever been hacked! It’s a testament to the hard work of the tech and product teams and Ledger’s dedication to secure self-custody.
But how do Ledger wallets work exactly and why are they so secure? Let’s dive in.
How Do Ledger Hardware Wallets Work?
If you’re unfamiliar with crypto wallets in general, make sure to read the full article on how crypto wallets work. But if you’re curious about the technology behind Ledger devices in particular, let’s dive into the details.
Ledger devices generate your seed phrase (secret recovery phrase) securely
The first step of a secure wallet is generating your seed phrase, also known as a Secret Recovery Phrase, securely.
Ledger wallets are hierarchical deterministic (HD) wallets, meaning they generate each account using a single number called the entropy. Your secret recovery phrase and the entropy are one and the same: the only difference is that a Secret Recovery Phrase is formatted in a way humans can read. Ledger devices generate the entropy using a Random Number Generator tested and certified by an external laboratory. This method ensures no human or computer could work it out.
Ledger devices store your private keys offline in a Secure Element chip
Next, Ledger devices store your private keys in a Secure Element chip, isolated from your internet connection.
As you likely know, anyone with access to your private key can gain access to your account. Hot wallets (otherwise known as software wallets) store private keys online, meaning they are vulnerable to hackers. Ledger devices mitigate this risk by isolating your keys from the internet in a computer chip in a physical device.
The Secure Element chip is the same chip you will find in your bank card and biometric passport. This high-security computer chip is practically tamper-proof, protecting against countless physical hacks, such as glitching.
The Secure Screen is controlled directly by the Secure Element
Ledger devices also feature a Secure Screen, a tamper-proof screen isolated from the internet connection. The screen is controlled directly by the Secure Element chip, meaning you can trust the details it shows. This enables you to verify the address of the intended recipient of a transaction is correct. Even if your internet-connected device is infected with malware, your Ledger device’s Secure Screen will show the accurate intended address.
BOLOS, Ledger’s Custom Operating System, keeps your apps isolated from one another
Ledger has developed a custom OS called Blockchain Open Ledger Operating System or BOLOS. This OS works within the Secure Element chip to run each app and ensure that they operate separately from one another. This means that there is no single point of failure within the wallet.
The PIN code ensures that only you can sign transactions
The only way to unlock a ledger device and use it to sign transactions is through a PIN code. Only one person will ever know the PIN code, and that’s you! The only way to create a PIN code is when you set up a new Ledger device. Essentially, it guarantees that no one other than the wallet’s owner can execute a transaction. This keeps your wallet safe from thieves in the physical world: even someone with physical access to your Ledger device can’t access your funds.
Ledger Live is a secure companion app fighting against Blind Signing
Ledger devices connect to your host device via Ledger Live, a secure companion app. This software is installed on your smartphone or laptop and allows you to initiate transactions and communicate with the blockchain.
Ledger Live also delivers the latest security updates rolled out by our top-notch tech team and the Ledger Donjon. To ensure it’s a secure process. Ledger Live can verify your device is authentic.
Beyond that, Ledger Live provides a secure gateway to countless blockchain apps and services. Every app within Ledger Live comes with a Clear Signing plugin. Put simply it allows you to read each transaction in human-readable language—ensuring you don’t sign away your assets without knowing it.
How do Ledger hardware wallets process transactions?
Now you know all about the most important components of a Ledger device, let’s put them all together and see how a Ledger wallet processes a transaction.
You initialize the transaction via the Ledger Live App
To initialize a transaction with a Ledger wallet, you must start the transaction process from the Ledger Live app on an internet-connected device, such as a smartphone or laptop.
Ledger Live provides you with the intent, which you can then confirm or reject
When you confirm the transaction via Ledger Live (or a third-party wallet interface), you will be prompted to approve the action physically on your Ledger device.
At this point, the destination address is also shown on your Ledger’s Secure Screen. This allows you to double-check that the destination address on your Ledger wallet’s Secure Screen matches your internet-connected device. If it doesn’t match, your internet-connected device is likely infected with malware: you can always trust that your Ledger device will show the correct destination.
Confirming the transaction physically on the device guarantees that only someone with physical access to your device can confirm a transaction. Only you can unlock your device with the PINcode, thus no one can access your funds remotely.
The transaction is signed using your private key stored in the Secure Element chip.
The transaction is signed in the Secure Element chip, a completely offline environment. This guarantees that your private keys stay safe from potential onlookers via spyware on your internet-connected device. The Secure Element is also tamper-proof, serving as a layer of security against physical hacks.
Your Ledger device sends the signed transaction to your internet-connected device
Once you have signed the transaction on your Ledger device, it sends the signed transaction back to your internet-connected device via Bluetooth or USB-C cable. Since the transaction is already signed, it cannot be tampered with. From there, it’s safe for your internet-connected device to broadcast the transaction to the blockchain.
You’re Only as Secure as Your Crypto Wallet
Ledger devices contain many components and features that set them apart from other devices on the market. Plus Ledger’s battle-tested security model extends much further than its devices too.
Remember, you’re only as safe as your crypto wallet—and by extension the secret recovery phrase that protects it. No matter how you’re interacting with that ecosystem – whether it’s exploring dApps and DeFi, or strictly managing crypto– it’s important to understand what happens each time you hit confirm. Ledger devices keep your private keys safe and give you agency over your own assets. So why wait? Start exploring blockchain tech from the safety of the Ledger Ecosystem, where only YOU control what happens to your crypto.
Purchase Ledger
Previously, many users in the Greater China region chose to purchase LEDGER products from overseas due to difficulties in domestic purchasing. However, this approach had long shipping times, required self-clearing customs, and carried the risk of customs delays. Additionally, users were concerned about the authenticity of the products they were buying. Now, as top channel service experts, ShangYi Group aims to address these issues comprehensively. Products will be shipped from Hong Kong with fast logistics and no customs risk. Furthermore, the products are sourced directly from the French headquarters to ensure authenticity and eliminate the risk of counterfeit products.
By purchasing through the official channels in mainland China, customers can also access official after-sales services, providing assistance with any questions or issues that may arise during use.
As the authorized distributor for Ledger in China, please verify the official website at www.sy-collection.com or visit the LEDGER website to get redirected to authorized reseller, clicking on the Greater China region to access the Shangyi official website. For customers in the Greater China region, it is advisable to make purchases through official channels to safeguard your digital assets.