TheDinarian
News • Business • Investing & Finance
Understanding Ledger’s Secure Screen and Why It’s Important
August 30, 2024
post photo preview
KEY TAKEAWAYS:
— The screen of the device you use for crypto transactions is a potential attack vector.

Screens rely on the security of the computer chip that controls them, and not all chips or devices are built with security in mind.

—Ledger devices use a secure screen that connects directly to the Secure Element chip, meaning that what you see is what you sign.

Blockchain transactions, once processed, are immutable and irreversible. If you want to sign a transaction, you want to know the outcome before you steam ahead. If you make a mistake, your funds could be gone forever. While some lost funds can be attributed to copying down addresses carelessly or inputting incorrect information, they are often the result of hacking.

A common attack vector is the screen of your device. Without a secure screen, a malicious transaction wouldn’t look nefarious at all. That’s because screens we use for everyday work, study, and entertainment aren’t designed for security, they are built for performance. And when it comes to protecting and managing digital assets, these devices fall short.

Simply, you can’t trust the screen on your laptop or smartphone. But how can we mitigate this risk? 

The answer lies in a secure screen that guarantees the legitimacy of the information it shows. That’s exactly why Ledger devices have a secure screen driven directly by the Secure Element chip. It’s designed with security in mind, ensuring that what you see is what you sign

But what is a secure screen and why is it so important? Let’s dive in.

The Screen of Your Laptop or Smartphone Can’t Be Trusted

Behind every screen is a chip. That chip is responsible for the information the screen shows. For your laptop or smartphone to work, the screen must be able to access information from the chip. The type of chip it uses and how it communicates with the screen is integral to the security of any device. 

The problem arises with trusting the details of a transaction on a device connected to the internet. When you use a crypto wallet on your laptop or smartphone, you rely solely on the security of that device. Since they typically connect to the internet they are vulnerable to online threats.

Once exploited, hackers can change details on the screen of an infected device—even remotely. For example, if you were trying to initiate a crypto transaction on your laptop, a hacker could change transaction details on its screen, such as the recipient address or the total number of assets you want to send. Essentially, you can’t sign any transaction on an internet-connected device without risking your assets. 

This is exactly why hardware wallets exist: they keep your private keys stored in a chip isolated from the internet-connected device and any potential malware it hosts. By storing your private keys in a chip in a separate device that doesn’t connect to the internet, they are immune to online threats.

Some Hardware Wallet Screens Are More Secure Than Others

At this point, you might think that using any hardware wallet is enough. After all, the chip that controls the screen is completely separate from the internet-connected device initiating the transaction. That must be safe, right? 

Unfortunately, it’s not as simple as it seems. Any screen is a potential attack vector, and not all hardware wallets have the same level of security. It’s not just about keeping the chip containing private keys separate from internet connectivity, you also have to ensure that all of the device’s components are protected from physical hacks. 

Typically, hardware wallets use MCU chips to control their screens, and this is where the issue lies. It’s reasonably easy and inexpensive for a hacker to replace the firmware of an MCU chip. If a hacker gains access to the MCU that controls your hardware wallet’s screen, they wouldn’t need to gain access to your private keys. Simply with access to your screen, a hacker can tamper with the details of a transaction to trick you into signing away your assets.

To mitigate this risk, some hardware wallet providers have opted to remove the feature of a screen entirely. But without a screen, how can you know a transaction is legitimate? The answer is, you can’t. 

Luckily, the Ledger security model offers a different and more practical answer: a secure screen. But how does this work exactly? 

Understanding Ledger’s Secure Screen

The security of a Ledger device’s secure screen starts with its internal components. Ledger devices store private keys on a Secure Element chip, an industry-leading computer chip often used in bank cards and passports since it can withstand common attack vectors like side-channel attacks and glitching. 

Today, several hardware wallet providers use a Secure Element to generate and store private keys, but they typically drive their screens with MCU chips, which are vulnerable to physical hacking. Ledger devices are unique for using the Secure Element to drive their secure screens. Since the Secure Element chip drives the secure screen directly, no hacker can intercept this information or tamper with the transaction details it shows. 

The screen benefits from the Secure Element’s ability to withstand attacks, meaning “what you see is what you sign”. If the details on the screen of your Ledger device match what you see in Ledger Live, you can sign with confidence. This allows you to double-check the accuracy of your internet-connected device too. If the details on your Ledger device don’t match those on your internet-connected device, your laptop or smartphone is likely infected with malware. 

Finally, driving a screen with the Secure  Element also introduces the ability to carry out cryptographic attestations; allowing you to verify your Ledger device is running the genuine BOLOS operating system. These are just a few ways a secure screen makes interacting with the blockchain more secure and intuitive. 

What Does The Secure Screen Protect Me From

So now you know why having a secure screen is important, but what about the work it’s doing? Let’s dive into some of the most common attacks the screen of your device may face and how Ledger’s secure screen approaches them.

Address Poisoning

Ledger’s secure screen protects you from address poisoning. To explain, address poisoning is when an attacker sends you a small amount of crypto to appear in your transaction history. The transaction is designed to look like you initiated it, for example, the attacker will use an address with only a few characters different from your own. The scammer simply hopes you mistakenly copy their address from your transaction history, confusing their address for one you are familiar with.

This incredibly common scam catches out even the most experienced crypto users. However, with Ledger’s secure screen, you don’t have to worry about address poisoning: you can see the full details of a transaction, including the entire wallet address directly on your Ledger device. 

Address Switcher Malware

Another way scammers may attack your screen is through address switcher malware. With this scam, the attacker takes control of your computer or smartphone’s clipboard. With access to your clipboard, a hacker can use your own transactions against you.

For example, say you were trying to send funds to a friend, when initiating the transaction, the scammer copies their address onto your clipboard. When you sign the transaction, the funds end up in the hacker’s account instead of your friend’s. They can also replicate this attack when you plan to receive funds from a friend. The attacker replaces your address with their own, and when you share the address with your friend, the funds end up in the hacker’s account.

Ledger’s secure screen is controlled by a Secure Element chip, completely separate from your internet-connected device. Your Ledger device’s secure screen will always show the correct transaction details, even if your internet-connected device is compromised

Clickjacking Malware

Finally, hackers will attempt to trick you into revealing potentially sensitive information or unknowingly consent to malicious actions via clickjacking. This attack uses your clicks against you, modifying your device’s screen to convince you to hand over your login credentials, download more malware, or sign malicious transactions or smart contract approvals. 

 In these cases, a bad actor may take control of your screen to convince you to sign away your assets. All they need to do is make the approval look legitimate, i.e. from a familiar app you use, and your assets are theirs. 

Ledger’s secure screen cannot be targeted with clickjacking malware, as the Secure Element is tamper-proof and drives the secure screen directly.

All you need to do to protect yourself is double-check that the receiving address on your Ledger device’s secure screen matches the one on your internet-connected device before signing any transaction. Your Ledger device will handle the rest!

A Secure Screen: Just One Piece of Ledger’s Security Model

In conclusion, it’s clear that a secure screen is one of the most important aspects of managing crypto transactions. Without a secure screen, you don’t know what you’re signing. Remember, using a screen with vulnerabilities to send transactions could end in losing your funds. In the very worst-case scenario, you could lose everything by sending your assets to a spoofed address. 

No matter how big or small your portfolio is, understanding the results of signing a transaction is paramount. But a secure screen is just one piece of Ledger’s security model. So don’t stop here! Check out the full article on Ledger’s Security model to learn more about the different aspects of the Ledger ecosystem keeping you, your assets, and your devices safe.

Link

community logo
Join the TheDinarian Community
To read more articles like this, sign up and join my community today
0
What else you may like…
Videos
Podcasts
Posts
Articles
Brad Garlinghouse In Washington 🚀

It’s time for a fair and open level playing field.

Under Gary Gensler it was quite the opposite.

  • Brad Garlinghouse
    July 9, 2025
00:01:56
More Of The Same...l

🚨 JUST IN: Patriot Tom Fitton, who has been fighting DOJ and FBI to release documents for years, has practically thrown in the towel.

👉 "The justice department and the FBI are irredeemably compromised and corrupted.
The leadership needs to understand that and act accordingly." ~Tom Fitton

00:01:30
Christine Lagarde just gave Ripple & Circle A Shoutout!
00:00:44
👉 Coinbase just launched an AI agent for Crypto Trading

Custom AI assistants that print money in your sleep? 🔜

The future of Crypto x AI is about to go crazy.

👉 Here’s what you need to know:

💠 'Based Agent' enables creation of custom AI agents
💠 Users set up personalized agents in < 3 minutes
💠 Equipped w/ crypto wallet and on-chain functions
💠 Capable of completing trades, swaps, and staking
💠 Integrates with Coinbase’s SDK, OpenAI, & Replit

👉 What this means for the future of Crypto:

1. Open Access: Democratized access to advanced trading
2. Automated Txns: Complex trades + streamlined on-chain activity
3. AI Dominance: Est ~80% of crypto 👉txns done by AI agents by 2025

🚨 I personally wouldn't bet against Brian Armstrong and Jesse Pollak.

👉 Coinbase just launched an AI agent for Crypto Trading

same for: https://coinmarketcap.com/community/articles/686e68f5d405956445e039ff/

🚨 Ripple Picks BNY Mellon to Back RLUSD Stablecoin Amid Major Surge 🚨

Ripple has selected BNY Mellon, one of the world’s largest and most trusted financial institutions, to serve as the primary custodian for its RLUSD stablecoin. This decision comes as RLUSD experiences a surge in demand, highlighting growing institutional interest in Ripple’s stablecoin offering.

🔹 Institutional Partnership

🔹 BNY Mellon will safeguard the reserves backing RLUSD, ensuring transparency, security, and regulatory compliance for the stablecoin.

🔹 This partnership is designed to build trust with both institutional and retail users by leveraging BNY Mellon’s expertise in asset custody.

🔹 RLUSD’s Rapid Growth

🔹 RLUSD has seen a significant increase in adoption, reflecting confidence in Ripple’s approach to stablecoins and its commitment to compliance and transparency.

🔹 The collaboration with BNY ...

From Wall Street to Web3: Building Tomorrow’s Digital Asset Markets

COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS will meet in OPEN SESSION, HYBRID FORMAT to conduct a hearing entitled, “From Wall Street to Web3: Building Tomorrow’s Digital Asset Markets.” The witnesses will be: The Honorable Summer Mersinger, CEO, Blockchain Association; Mr. Jonathan Levin, CEO, Chainalysis; Mr. Dan Robinson, General Partner, Paradigm; Mr. Brad Garlinghouse, CEO, Ripple; The Honorable Timothy Massad, Research Fellow and Director of Digital Assets Policy Project of the Mossavar-Rahmani Center for Business and Government, Kennedy School of Government at Harvard University, former CFTC Chairman; and Mr. Richard Painter, S. Walter Richey Professor of Corporate Law, University of Minnesota Law School, former Associate Counsel to the President and chief White House ethics lawyer.

https://www.banking.senate.gov/hearings/from-wall-street-to-web3-building-tomorrows-digital-asset-markets

‼️XRP ETF INFOGRAPHIC REVEALS AMERICAN EXPRESS UTILIZES XRP‼️

“A well-known company that uses XRP is American Express, which leverages RippleNet to enable realtime cross-border payments for corporate clients.

Through its partnership with Ripple, American Express uses XRP indirectlyvia Ripple's infrastructure to facilitate faster and more transparent transactions between the U.S. and international markets, helping businesses move money efficiently and reduce settlement times from days to seconds.”✅

OP: Smqkedqg

post photo preview
post photo preview
Musk Turns On Starlink to Save Iranians from Regime’s Internet Crackdown

Elon Musk, the world’s richest man and a visionary behind SpaceX, has flipped the switch on Starlink, delivering internet to Iranians amid a brutal regime crackdown.

This move comes on the heels of Israeli strikes targeting Iran’s nuclear facilities, as the Islamic Republic cuts off online access.

The former Department of Government Efficiency chief activated Starlink satellite internet service for Iranians on Saturday following the Islamic Republic's decision to impose nationwide internet restrictions.

As the Jerusalem Post reports, that the Islamic Republic’s Communications Ministry announced the move, stating, "In view of the special conditions of the country, temporary restrictions have been imposed on the country’s internet."

This action followed a series of Israeli attacks on Iranian targets.

Starlink, a SpaceX-developed satellite constellation, provides high-speed internet to regions with limited connectivity, such as remote areas or conflict zones.

Elizabeth MacDonald, a Fox News contributor, highlighted its impact, noting, "Elon Musk turning on Starlink for Iran in 2022 was a game changer. Starlink connects directly to SpaceX satellites, bypassing Iran’s ground infrastructure. That means even during government-imposed shutdowns or censorship, users can still get online, and reportedly more than 100,000 inside Iran are doing that."

During the 2022 "Woman, Life, Freedom" protests, Starlink enabled Iranians to communicate and share footage globally despite network blackouts," she added.

MacDonald also mentioned ongoing tests of "direct-to-cell" capabilities, which could allow smartphone connections without a dish, potentially expanding access and supporting free expression and protest coordination.

Musk confirmed the activation, noting on Saturday, "The beams are on."

This follows the regime’s internet shutdowns, which were triggered by Israeli military actions.

Adding to the tension, Israeli Prime Minister Benjamin Netanyahu addressed the Iranian people on Friday, urging resistance against the regime.

"Israel's fight is not against the Iranian people. Our fight is against the murderous Islamic regime that oppresses and impoverishes you,” he said.

Meanwhile, Reza Pahlavi, the exiled son of Iran’s last monarch, called on military and security forces to abandon the regime, accusing Supreme Leader Ayatollah Ali Khamenei in a Persian-language social media post of forcing Iranians into an unwanted war.

Starlink has been a beacon in other crises. Beyond Iran, Musk has leveraged Starlink to assist people during natural disasters and conflicts.

In the wake of hurricanes and earthquakes, Starlink has provided critical internet access to affected communities, enabling emergency communications and coordination.

Similarly, during the Ukraine-Russia conflict, Musk activated Starlink to support Ukrainian forces and civilians, ensuring they could maintain contact and access vital information under dire circumstances.

The genius entrepreneur, is throwing a lifeline to the oppressed in Iran, and the libs can’t stand it.

Conservative talk show host Mark Levin praised Musk’s action, reposting a message stating that Starlink would "reconnect the Iranian people with the internet and put the final nail in the coffin of the Iranian regime."

"God bless you, Elon. The Starlink beams are on in Iran!" Levin wrote.

Musk, who recently stepped down from leading the DOGE in the Trump administration, has apologized to President Trump for past criticisms, including his stance on the One Big Beautiful Bill.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
GENIUS Act lets State banks conduct some business nationwide. Regulators object

The Senate passed the GENIUS Act for stablecoins last week, but significant work remains before it becomes law. The House has a different bill, the STABLE Act, with notable differences that must be reconciled. State banking regulators have raised strong objections to a provision in the GENIUS Act that would allow state banks to operate nationwide without authorization from host states or a federal regulator.

The controversial clause permits a state bank with a regulated stablecoin subsidiary to provide money transmitter and custodial services in any other state. While host states can impose consumer protection laws, they cannot require the usual authorization and oversight typically needed for out-of-state banking operations.

The Conference of State Bank Supervisors welcomed some changes in the GENIUS Act but remains adamantly opposed to this particular provision. In a statement, CSBS said:

“Critical changes must be made during House consideration of the legislation to prevent unintended consequences and further mitigate financial stability risks. CSBS remains concerned with the dramatic and unsupported expansion of the authority of uninsured banks to conduct money transmission or custody activities nationwide without the approval or oversight of host state supervisors (Sec. 16(d)).”

The National Conference of State Legislatures expressed similar concerns in early June, stating:

“We urge you to oppose Section 16(d) and support state authority to regulate financial services in a manner that reflects local conditions, priorities and risk tolerances. Preserving the dual banking system and respecting state autonomy is essential to the safety, soundness and diversity of our nation’s financial sector.”

Evolution of nationwide authorization

Section 16 addresses several issues beyond stablecoins, including preventing a recurrence of the SEC’s SAB 121, which forced crypto assets held in custody onto balance sheets. However, the nationwide authorization subsection was added after the legislation cleared the Senate Banking Committee, with two significant modifications since then.

Originally, the provision applied only to special bank charters like Wyoming’s Special Purpose Depository Institutions or Connecticut’s Innovation Banks. Examples include crypto-focused Custodia Bank and crypto exchange Kraken in Wyoming, plus traditional finance player Fnality US in Connecticut. Recently the scope was expanded to cover most state chartered banks with stablecoin subsidiaries, possibly due to concerns about competitive advantages.

Simultaneously, the clause was substantially tightened. The initial version allowed state chartered banks to provide money transmission and custody services nationwide for any type of asset, which would include cryptocurrencies. Now these activities can only be conducted by the stablecoin subsidiary, and while Section 16(d) doesn’t explicitly limit services to stablecoins, the GENIUS Act currently restricts issuers to stablecoin related activities.

However, the House STABLE Act takes a more permissive approach, allowing regulators to decide which non-stablecoin activities are permitted. If the House version prevails in reconciliation, it could result in a significant expansion of allowed nationwide banking activities beyond stablecoins.

Is it that bad?

As originally drafted, the clause seemed overly permissive.

The amended clause makes sense for stablecoin issuers. They want to have a single regulator and be able to provide the stablecoin services throughout the United States. But it also leans into the perception outside of crypto that this is just another form of regulatory arbitrage.

The controversy over Section 16(d) reflects concerns about creating a regulatory gap that allows banks to operate interstate without the oversight typically required from either federal or state authorities. As the two Congressional chambers work toward reconciliation, lawmakers must decide whether stablecoin legislation should include provisions that effectively reduce traditional banking oversight requirements.

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

Read full Article
post photo preview
Dubai regulator VARA classifies RWA issuance as licensed activity
Virtual Asset Regulatory Authority (VARA) leads global regulatory framework - makes RWA issuance licensed activity in Dubai.

Real-world assets (RWAs) issuance is now licensed activity in Dubai.

~ Actual law.
~ Not a legal gray zone.
~ Not a whitepaper fantasy.

RWA issuance and listing on secondary markets is defined under binding crypto regulation.

It’s execution by Dubai.

Irina Heaver explained:

“RWA issuance is no longer theoretical. It’s now a regulatory reality.”

VARA defined:

- RWAs are classified as Asset-Referenced Virtual Assets (ARVAs)

- Secondary market trading is permitted under VARA license

- Issuers need capital, audits, and legal disclosures

- Regulated broker-dealers and exchanges can now onboard and trade them

This closes the gap that killed STOs in 2018.

No more tokenization without venues.
No more assets without liquidity.

UAE is doing what Switzerland, Singapore, and Europe still haven’t:

Creating enforceable frameworks for RWA tokenization that actually work.

Matthew White, CEO of VARA, said it perfectly:

“Tokenization will redefine global finance in 2025.”

He’s not exaggerating.

$500B+ market predicted next year.

And the UAE just gave it legal rails.

~Real estate.
~Private credit.
~Shariah-compliant products.

Everything is in play.

This is how you turn hype into infrastructure.

What Dubai is doing now is 3 years ahead of everyone else.

Founders, investors, ecosystem builders:

You want to build real-world assets onchain.

Don’t waste another year waiting for clarity.

Come to Dubai.

It’s already here.

 

Source

🙏 Donations Accepted 🙏

If you find value in my content, consider showing your support via:

💳 PayPal: 
1) Simply scan the QR code below 📲
2) or visit https://www.paypal.me/thedinarian

🔗 Crypto – Support via Coinbase Wallet to: [email protected]

Or Buy me a coffee: https://buymeacoffee.com/thedinarian

Your generosity keeps this mission alive, for all! Namasté 🙏 Crypto Michael ⚡  The Dinarian

 

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals