Ledger Warns Blind Signing, AI Scams and Quantum Risk Threaten Crypto Security

Ledger is sounding the alarm on a problem crypto still treats far too casually: if people are signing transactions they can’t actually verify, then AI-powered scams, governance exploits, and even quantum threats are going to keep finding easy prey.

• Human sovereignty by design
• AI, governance attacks, and quantum risk
• Blind signing is the weak link
• Hardware wallets and human-readable verification

Crypto security is really about permission, not just defense

At the Institutional Web3 Forum in Seoul, held at the Glad Hotel in Yeongdeungpo district and attended by around 100 invited participants, Ledger’s APAC head of Ledger Enterprise, Takatoshi Shibayama, delivered a message that should be obvious by now but somehow still needs repeating: crypto security is not traditional finance with a crypto sticker slapped on top.

The event was co-hosted by TokenPost, the Korea Fintech Industry Association (KORFIN), and the Open Blockchain & AI Association (OBDIA), with official sponsorship from Bithumb, Coinone, and Korbit.

Shibayama’s core argument was blunt: in digital assets, attackers are not just trying to steal data anymore — they can steal the money itself. That changes the entire security model. In old-school finance, the main objective is usually to keep bad actors out of the system. In crypto, the bigger danger is that a bad approval goes through and the funds are gone. No helpdesk, no rollback, no “oops, wrong button.”

That is why Ledger says the real issue is authorization, not just perimeter defense. Put simply, the industry is too focused on keeping attackers out and not focused enough on stopping attackers from tricking humans or systems into giving them permission to move assets.

What blind signing gets wrong

Ledger keeps circling back to one especially ugly weakness: blind signing. That’s when a user, wallet, or automated system approves a transaction without being able to clearly understand what it is actually authorizing. In plain English: you’re being asked to sign something, but you can’t really see what it does.

That might sound like a small user-interface problem. It isn’t. In crypto, a signature can be the difference between keeping your funds and watching them vanish into an attacker-controlled wallet.

Shibayama’s position is straightforward: if a human cannot verify the transaction, it should not be signed.

That sounds almost too obvious to say out loud, but crypto has a habit of turning the obvious into a casualty. Convenience is nice until it becomes “please approve this opaque contract interaction and trust me, bro.” That’s not security. That’s a mugging with better branding.

AI is making attacks faster, cheaper, and nastier

Ledger framed artificial intelligence as the first major threat vector. That does not mean AI itself is the villain in some sci-fi sense. It means attackers can now automate more of the dirty work.

Shibayama said,

“AI can identify infrastructure vulnerabilities and run real-time attacks 24/7.”

That matters because phishing, impersonation, and social engineering are no longer limited by human attention spans. AI can generate convincing fake messages, adapt in real time, and scale attacks across thousands of targets with very little effort. The old advice — spot the suspicious email, use a hardware wallet, stay alert — still helps, but it is no longer enough on its own when the attack is personalized, persistent, and machine-generated.

For institutions, this is even more serious. AI can help an attacker probe weak points in custody workflows, automate reconnaissance, and target employees involved in approvals or operations. The risk is not just a bad wallet click. It is a bad workflow, a bad identity check, or a bad assumption baked into the approval chain.

That is one reason Ledger is pushing hardware-based security and explicit signing structures. The idea is to make approvals legible, deliberate, and hard to fake, instead of treating security as a hopeful side effect of a polished interface.

Governance attacks target the human layer

Ledger also pointed to governance attacks, which are basically attacks on decision-making, permissions, or operational processes rather than on the blockchain’s cryptography itself. In other words, the chain can still “work” while the people and systems around it get manipulated into sending money in the wrong direction.

One example cited was Drift, where social engineering allegedly enabled theft of $285 million in about 12 minutes. Another was Kalda, where malicious instructions were inserted into validator-node processes, rerouting funds to attacker-controlled addresses.

That line from Shibayama captures the problem neatly:

“The protocol operated normally, but it received incorrect information.”

That is the kind of sentence that should make anyone in crypto custody, infrastructure, or governance sit up straight. The blockchain can be perfectly healthy while the surrounding machinery gets compromised. The failure is not always in the chain itself; sometimes it is in the permissions, the validator workflow, the admin process, or the social engineering attack that convinces a human to open the door.

This is where separation of duties matters. If one person or one process can approve too much, too fast, the system is begging to be exploited. Crypto security is not just about cryptography. It is about operational discipline, access control, and making sure no single mistake can become a full-blown drain.

Quantum risk is not immediate, but it is real

The third threat Ledger highlighted was quantum computing. This is the slow-burn risk people love to dismiss until the math gets uncomfortable.

Shibayama referenced a March white paper from Google’s AI division claiming the resources needed to break Bitcoin- and Ethereum-style elliptic-curve cryptography may be about 20 times less than previously believed. He also cited a rough figure of around 500,000 qubits as a benchmark for breaking ECC, while noting that Google’s Willow system currently has 105 qubits.

For readers who do not spend their mornings thinking about cryptographic math, elliptic-curve cryptography is the scheme that helps secure wallet signatures in Bitcoin and Ethereum. It is one of the foundations of modern crypto security. If a future quantum machine can break those assumptions at scale, then wallet security and custody models need to be ready before that happens.

Google is reportedly targeting a post-quantum transition by 2029. Traditional banks and governments often talk more like 2030 to 2035. Ledger’s warning is that those timelines may be too slow for digital assets, especially given how irreversible onchain transactions are once they confirm.

To be clear, this is not a “Bitcoin gets hacked tomorrow” panic signal. Quantum computing remains a future risk, not an immediate one. But ignoring it would be lazy. Bitcoin and Ethereum have time to adapt — if the industry stops pretending the problem will solve itself. It won’t. Cryptography ages, and complacency is how old assumptions get people wrecked.

Why hardware wallets still matter

Ledger’s answer to all of this is not magic. It is architecture.

The company is arguing for hardware-based security, human-readable transaction verification, explicit signing structures, and post-quantum readiness. The goal is to make it harder for attackers to hide what a transaction really does, and harder for users to approve something they do not understand.

That is where hardware wallets remain relevant. They are not perfect, and they are not a license to be reckless, but they do help separate key storage from the messier, more attack-prone environment of internet-connected devices. In a world full of fake websites, malicious browser extensions, phishing campaigns, and compromised workflows, that separation still counts for a lot.

But hardware alone is not enough. If the signing prompt is unreadable, if the approval flow is opaque, or if the organization has sloppy permissions, then the hardware wallet becomes just another box with a false sense of safety wrapped around it. Security tools are only as good as the system built around them.

Shibayama summed up Ledger’s stance with another line that does not leave much room for ambiguity:

“Security is not a cost, not after-the-fact response, and not a feature.”

Why Korea is in the spotlight

The Seoul setting matters more than it might seem. South Korea has a deep retail crypto culture and a growing institutional interest in digital assets, which makes it a useful market for testing how security, custody, and compliance are evolving.

Shibayama framed the moment in unusually direct national terms:

“This is the moment that determines whether Korea remains a country that creates wealth — or a country that preserves wealth.”

That is a big statement, but the underlying point is hard to argue with. Markets that understand crypto security early can build stronger custody infrastructure, better operational controls, and more resilient institutional adoption. Markets that treat it like a side issue tend to learn the hard way, usually after a very public and very expensive incident.

Ledger is clearly trying to position itself as more than a hardware wallet company here. It wants to be seen as a security architecture player for the next phase of digital asset adoption — one where AI attacks are normalized, governance exploits are common, and post-quantum readiness stops being optional.

What this means for Bitcoin, Ethereum, and the rest of crypto

The big takeaway is that crypto security failures usually happen at the human interface, not at the blockchain layer. Bitcoin’s base protocol can be stubbornly secure while users still get phished, institutions still mismanage approvals, and wallets still sign garbage they should never touch.

Ethereum and other programmable blockchains face the same core issue, but often with even more attack surface because smart contracts, validator operations, and governance mechanisms add more ways for things to go sideways.

Ledger’s warning is not that Bitcoin or Ethereum are broken today. It is that the industry keeps building faster than it builds safety. That works right up until the first serious breach, and then everyone acts shocked that convenience and security were not actually the same thing.

The uncomfortable truth is that crypto’s self-sovereignty story only works if the human being in the loop can still tell what they are signing. Otherwise, sovereignty becomes theater, and blind signing becomes the perfect little trapdoor.

Shibayama’s closing message put the whole argument in one line:

“The final line of defense is human sovereignty.”

Key questions and takeaways

What is Ledger warning institutions about?
Crypto security needs to move from protecting data to protecting authorization and asset control, because one bad approval can move real money instantly.

Why is blind signing such a big deal?
Because it lets users approve transactions they cannot truly verify, turning convenience into a very expensive vulnerability.

How does AI increase crypto risk?
AI can automate phishing, spot vulnerabilities, and run attacks nonstop, making human defenders slower and easier to outmaneuver.

What are governance attacks?
They are attacks on voting, admin controls, validator processes, or decision-making systems rather than on cryptography itself.

Why does quantum computing matter for Bitcoin and Ethereum?
Future quantum machines could threaten the elliptic-curve cryptography used in wallet signatures and custody systems.

What is Ledger’s recommended defense?
Hardware-based security, explicit signing structures, human-readable verification, and post-quantum readiness.

Is human sovereignty just a slogan?
Not if it forces real verification before signing. In crypto, that final human check may be the difference between control and getting cleaned out.

Can quantum computers break Bitcoin right now?
No. The risk is not immediate, but planning for post-quantum cryptography now is far smarter than waiting for a crisis to force the issue.

Do hardware wallets solve everything?
No. They help a lot, but they do not fix bad workflows, unreadable prompts, or sloppy operational security.

The hard truth is that crypto still fails most often at the human layer. The blockchain may be immutable, but bad approvals, weak processes, and overconfident systems are not. Ledger’s message is basically that simple: stop treating security like a checkbox, stop trusting opaque prompts, and stop acting like every signature is harmless just because it looks convenient.