Security Research

Donjon @ Ledger

We are the security research team at Ledger, dedicated to protecting your digital assets through cutting-edge security research, vulnerability discovery, and open-source tools.

Bug Bounty Program About Us Read the Donjon Blog

Security Bulletins

Technical details of past security issues, their impact, and available patches.

Threat Model

Comprehensive documentation of security objectives and mechanisms.

Tools Suite

Open-source security research tools for hardware and software analysis.

Bug Bounty

Report vulnerabilities and earn rewards for helping secure Ledger products.

Latest Blog Posts

View all posts

Jun 26, 2026 New

A Second-Order Side-Channel Attack on Masked Kyber768

Part 3 of our series on side-channel attacks against post-quantum cryptography: masking defeats the first-order attack, but masked Kyber768 still falls to a second-order CPA.

Jun 17, 2026 New

No Fight, No Chance: Security Teams Must Become Hybrid AI Teams

The Ledger Donjon's journey from AI-assisted development to an AI security harness, and why offense is no longer only the best defense, but a required security capability.

Jun 11, 2026 New

Non-Profiled Deep Learning Side-Channel Attacks on ML-KEM

Part 2 of our series on side-channel attacks against post-quantum cryptography: we break the CRYSTALS ML-KEM reference implementation with a non-profiled deep learning attack — no clone device, no leakage model.

Latest Security Bulletins

View all bulletins

LSB 022

Ledger Security Bulletin 022

Monero secret key recovery through Keccak state exposure

LSB 021

Ledger Security Bulletin 021

Missing parameter validation during MCU firmware update

LSB 020

Ledger Security Bulletin 020

Ledger Live incorrectly parses some EIP-712 messages

Found a vulnerability?

We reward security researchers who help us protect our users. Join our bug bounty program and get recognized in our Hall of Fame.

Submit a Report Hall of Fame