Ledger Blocks Proxy Attacks With EVM Trace Detection

Ledger's engineers considered building a custom opcode simulator inside the device. Supporting every EVM variant and keeping up with protocol changes would have created heavy maintenance overhead. Instead they turned to production-grade Ethereum nodes. The simulation runs silently during every clear-signed transaction. No user action or configuration change is required.

The approach shifts from standards-based assumptions to direct analysis of EVM execution traces. Many contracts ignore optional standards like ERC-1967. The delegatecall opcode is fundamental to how the Ethereum Virtual Machine works. Detecting it during transaction review reveals whether a proxy is involved and which logic contract will actually run.

For users signing complex DeFi or NFT interactions, the update restores visibility into changes that were previously invisible. Developers keep the flexibility proxies provide. The protection is already live in production.

What would confirm the system works over time: no major proxy-based exploits on Ledger wallets after this update. What would weaken it: attackers finding a way to obfuscate delegatecall traces from the simulation, or a vulnerability in the Erigon node layer itself. For now, the feature addresses a specific attack vector that has already cost the ecosystem over a billion dollars.