Still Got Your Crypto: In Response to Wallet.fail’s Presentation
At the 35th Computer Chaos Congress in Leipzig, Dmitry Nedospasov, Thomas Roth and Josh Datko gave a presentation called wallet[.]fail, where they tried to demonstrate that Hardware Wallets are vulnerable to several types of attacks.
Concerning Ledger, they presented 3 attack paths which could give the impression that critical vulnerabilities were uncovered on Ledger devices. This is not the case.
In particular they did not succeed to extract any seed nor PIN on a stolen device. Every sensitive assets stored on the Secure Element remain secure.