Trezors are vulnerable to physical key extraction.
Some older Trezors are vulnerable to physical key extraction if the attacker steals your hardware wallet and if the attacker has the sophisticated equipment required to do it, and if the attacker doesn't fry the device in the process. It was only done once as a proof of concept, not an actual hack where anyone's coins were stolen.
Ledger's have the ability to do key extraction over the internet by Ledger, their partner companies, or anyone who hacks their code.
Ledger's code has been hacked:
Ledger's hardware has been hacked:
In this post, I’m going to discuss a vulnerability I discovered in Ledger hardware wallets. The vulnerability arose due to Ledger’s use of a custom architecture to work around many of the limitations of their Secure Element.
An attacker can exploit this vulnerability to compromise the device before the user receives it, or to steal private keys from the device physically or, in some scenarios, remotely.
I chose to publish this report in lieu of receiving a bounty from Ledger, mainly because Eric Larchevêque, Ledger’s CEO, made some comments on Reddit which were fraught with technical inaccuracy. As a result of this I became concerned that this vulnerability would not be properly explained to customers.
https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/Ledger's security has been hacked:
Ledger's CEO said not to trust Ledger Recover:
That would be fine if the code required for that key extraction feature wasn't baked into the firmware. You can choose to not use it, but you can't choose to not have that dangerous code on your Ledger device.
Look, Ledger isn't great, but it does the job.
Why would you trust a company you admit isn't great to secure your Bitcoin? Their code isn't open, so you have to trust them. But why?