Ledger Security Bulletins

Ledger believes in better security through openness. The Ledger Security Bulletins describe technical details of past security issues, their potential impact and available patches or workaround.

If you believe that you have discovered a vulnerability, please report it through the bug bounty program.

2019-10-04LSB 007: Monero private key retrieval
2019-08-07LSB 006: OLED screen side-channel vulnerability
2018-12-27LSB 005: MCU bootloader verification bypass
2018-11-28LSB 004: Bitcoin change address injection
2018-03-20LSB 003: Isolation vulnerability
2018-03-20LSB 002: Supply chain attack
2018-03-20LSB 001: Padding oracle attack on SCP

Note: these security bulletins are inspired by Qubes Security Bulletins but aren’t related in any way.