Many believed it wasn't possible on a hardware level. Ledger claimed numerous times that extracting data from the chips can't be done. Turns out that the only thing preventing data extraction is the accompanying software that wasn't there in the past. Ledger has now created it and included it in their firmware.

What we now know is that key extraction is and has always been possible from secure element chips and the hardware built-into hardware wallets. The developers only needed to write the necessary code. Ledger was the the first company that did that (that we know of), and they introduced a new potential attack vector.