Vincent BOUZON
@b0l0k_
Followers
457
Following
644
Media
40
Statuses
2K
🧑💼 Director @Ledger 🆓 https://t.co/yNkYBawMQL 🕸️ https://t.co/Nf8JfILyDn
France
Joined July 2009
What if a hacker could gain total control of your smartphone, not via malware, but the hardware itself? The @DonjonLedger discovered a potentially unpatchable flaw impacting MediaTek Dimensity 7300 - a popular Android phone SoC - enabling arbitrary code execution in minutes.
5
10
23
Shai Hulud 2.0 kill switch: Sha1 Hulud repos ➜ contents.json ➜ module.github.token ➜ GitHub revoke API 🔒 No token left behind. @GitHubSecurity @GHSecurityLab
0
0
5
Great opportunity for c# devs to join us!
If you're a C# developer dreaming of going full-time in Bitcoin FOSS, join us! Reply here with a link to your GitHub profile or reach out via https://t.co/NttUHCNHWi, and let's keep building 💪
1
6
12
The ongoing debate on quantum-safe Bitcoin address formats misses the point! A quantum computer capable of breaking modern cryptography could compute private keys from public keys. Some therefore argue that hiding public keys (by hashing them) would keep users safe. Technically,
DUMMIES GUIDE TO BEING QUANTUM SAFE. In the past it was about protecting your PRIVATE KEY (your seed phrase). In the age of big scary quantum computers (BSQC) that are coming, you need to protect your PUBLIC KEY also. Basically a BSQC can figure out your private key from a
30
26
159
Update on the NPM attack: The attack fortunately failed, with almost no victims.🔒 It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity,
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works
541
1K
4K
If you use a Ledger or hardware wallet with clear signing, you are not at risk. My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign.
196
268
2K
The next era of digital ownership starts here. Ledger OP3N returns to Paris — a stage where security, culture, and creativity collide. This isn’t just a reveal. It’s a glimpse into what comes next: new ways to own, create, and trust in a world being rewritten. Paris. 106 rue
15
23
129
Ledger OP3N is where we show the world what's next. Not only for us, but for digital ownership itself. Paris is the stage, the next era of @Ledger begins here.
The next era of digital ownership starts here. Ledger OP3N returns to Paris — a stage where security, culture, and creativity collide. This isn’t just a reveal. It’s a glimpse into what comes next: new ways to own, create, and trust in a world being rewritten. Paris. 106 rue
9
14
46
Huge thanks to @trailofbits for spotlighting blind signing risks 🙌 The $1.5B Bybit hack showed what we’ve known for years: asking users to sign unreadable hex data is unsafe & unsustainable. That’s why we proposed and implemented EIP-7730. It enables (hardware) wallets to
blog.trailofbits.com
EIP-7730 enables hardware wallets to decode transactions into human-readable formats, eliminating blind signing vulnerabilities with minimal implementation effort for dApp developers.
7
17
94
Shipping starts today! Ledger Recovery Key is now included with every new purchase of a Ledger Stax or Ledger Flex! Need more than one Recovery key, you can order additional keys 👉
shop.ledger.com
Millions of people lose access to their crypto. Stay safe with a combination of backup solutions.
🚨I'm excited to announce a huge technical milestone in @Ledger’s mission to simplify self-custody. Ledger Recovery Key—a PIN-protected physical card enabling storage & recovery of your 24 words with just a few taps. No KYC, no subscription fee, just peace of mind: 👇🧵
12
18
102
ETHCC in Cannes was a blast ✨. Great energy, tons of new projects, and strong momentum all around. I had the chance to present some of Ledger’s latest innovations: 1️⃣ Clear Signing Standard: Human-readable transaction details, directly on-device. 2️⃣ Transaction Checks on
6
10
50
Bybit hack $1.5 billion. Caused by blind signing, a screen can fix this.
USE 👏 HARDWARE 👏 WALLETS 👏WITH 👏 A 👏 SCREEN 👏
6
11
90
✅ Accepted Paper at the 23rd IEEE/ACIS International Conference on Software Engineering, Management and Applications (SERA 2025) & Presentation at the University of Nevada, Las Vegas 🔗 Link : https://t.co/ttMII8FZv7
10
3
59
🚨At Ledger Donjon, we don’t just secure our own products, we help make the entire crypto ecosystem safer. As part of our ongoing security research and responsible disclosure efforts, we identified an important vulnerability in Tangem’s Android app. 👇🧵
174
95
415
Security leaves no room for error, a single variable mishandled, and the entire security model can collapse. We're excited to share an illustration of this through our recent research on the Tangem card. Big thanks to the @Tangem team for their responsiveness and collaboration!
🚨At Ledger Donjon, we don’t just secure our own products, we help make the entire crypto ecosystem safer. As part of our ongoing security research and responsible disclosure efforts, we identified an important vulnerability in Tangem’s Android app. 👇🧵
3
5
23
Real World Cryptography Paris number 4 already?! 🧩 Join us on April 29 at @Ledger's offices in Paris for an evening of talks and networking (and cheese boards), co-organized by Hylé and @symbolicsoft! Call for talks is open: submit a talk, and share your work! Links below 👀
1
1
7
Donjon is at @BlackHatEvents Asia this week! Karim (@k15ab_ ) is presenting his research on using deep learning attribution methods for fault injection attacks. Don't miss his presentation: https://t.co/wQEjEYcMvB
1
2
8