Ledger has rolled out smart contract proxy support for its clear signing process, giving hardware wallet users stronger protection against stealthy exploits that target upgradeable contracts. The update tackles a growing threat in the Ethereum ecosystem where attackers manipulate proxy logic without altering the visible contract address.
Proxy contracts are widely used by developers because they separate a contract’s fixed address from its executable code.
A lightweight proxy holds the address users interact with, while pointing to a separate logic contract that contains the actual functionality.
This design makes upgrades easier and cheaper, as only the logic contract needs redeployment.
However, the same mechanism creates serious risks: an attacker can change the underlying logic contract through malicious calldata, and users may have no way to notice the switch before signing.
The dangers became clear in February 2025 during the Bybit incident, one of the largest crypto thefts on record.
Attackers compromised a Safe multisig contract by altering its proxy implementation address, draining roughly 400,000 ETH plus other assets worth over $1.4 billion.
The transaction looked routine on the surface, yet the hidden logic redirection allowed instant fund transfers to the attacker’s wallet.
Ledger’s solution focuses on the core behavior of the Ethereum Virtual Machine rather than relying on optional standards that many contracts ignore.
At the heart of proxy functionality lies the delegatecall opcode.
This single instruction lets one contract execute code stored in another contract while preserving its own storage layout.
Because proxy attacks depend on this exact operation, detecting delegatecall during transaction review reveals whether a proxy is involved and which logic contract will actually run.
Building a custom opcode simulator inside Ledger’s system proved impractical.
Supporting every EVM variant and keeping pace with ongoing protocol changes would have created heavy maintenance overhead.
Instead, engineers turned to production-grade Ethereum nodes.
Using Erigon nodes, the system runs an anonymized simulation of the transaction before the user reviews it on the device.
The resulting execution traces expose the calltype field for every internal operation.
When a delegate call appears, the system identifies the target implementation contract and surfaces its details on the Ledger screen.
This detection runs automatically and silently during every clear-signed transaction.
If a proxy pattern is present, users see clear information about the real logic contract they are interacting with, allowing them to verify the intended behavior before approving.
The feature is already live in production and protects all clear-signed transactions without requiring any user action or configuration changes.
By shifting from standards-based assumptions to direct analysis of EVM execution traces, Ledger delivers practical transparency for upgradeable contracts.
Developers continue to benefit from the flexibility proxies provide, while users gain visibility into changes that were previously invisible.
The approach directly addresses sophisticated attacks that exploit the gap between a contract’s public address and its hidden implementation.
In an environment where DeFi protocols, NFT platforms, and many other decentralized applications rely on upgradeable designs, this level of protection helps close a critical blind spot.
Ledger’s proxy support ensures that what appears on the device screen accurately reflects the actual code being executed, restoring user confidence when signing complex smart contract interactions. The update demonstrates how focused engineering on low-level blockchain mechanics can neutralize high-impact threats without compromising usability or performance.