diff --git a/src/errors/invalidDataReason.ts b/src/errors/invalidDataReason.ts
index c405a48..9b7b17d 100644
--- a/src/errors/invalidDataReason.ts
+++ b/src/errors/invalidDataReason.ts
@@ -245,6 +245,8 @@ export enum InvalidDataReason {
    * typically resulting from a detailed analysis of key derivation paths
    */
   LEDGER_POLICY = "Action rejected by Ledger's security policy",
+  // canonical ordering wrong (cannot be checked in LedgerJS for withdrawals)
+  INVALID_DATA_SUPPLIED_TO_LEDGER = 'Invalid data supplied to Ledger',
 
   INVALID_B2_HASH = 'invalid blake2 hashing',
 }
diff --git a/test/integration/__fixtures__/signTxRejects.ts b/test/integration/__fixtures__/signTxRejects.ts
index e4822f7..da43616 100644
--- a/test/integration/__fixtures__/signTxRejects.ts
+++ b/test/integration/__fixtures__/signTxRejects.ts
@@ -1115,6 +1115,36 @@ export const certificateStakePoolRetirementRejectTestCases: TestCaseRejectShelle
   ]
 
 export const withdrawalRejectTestCases: TestCaseRejectShelley[] = [
+  {
+    testName:
+      'Reject tx with invalid canonical ordering of withdrawals',
+      // ledgerjs cannot validate this, so this test is only meaningful for a ledger device
+    tx: {
+      ...mainnetFeeTtl,
+      inputs: [inputs.utxoShelley],
+      outputs: [],
+      withdrawals: [
+        {
+          amount: 33333,
+          stakeCredential: {
+            keyPath: [ 2147485500, 2147485463, 2147483648, 2, 1 ],
+            type: 0
+          }
+        },
+        {
+          amount: 33333,
+          stakeCredential: {
+            keyPath: [ 2147485500, 2147485463, 2147483648, 2, 0 ],
+            type: 0
+          }
+        },
+      ]
+    },
+    signingMode: TransactionSigningMode.ORDINARY_TRANSACTION,
+    errCls: DeviceStatusError,
+    errMsg: DeviceStatusMessages[DeviceStatusCodes.ERR_INVALID_DATA],
+    rejectReason: InvalidDataReason.INVALID_DATA_SUPPLIED_TO_LEDGER,
+  },
   {
     testName: 'Script hash as stake credential in Ordinary Tx',
     tx: {
diff --git a/test/test_utils.ts b/test/test_utils.ts
index 49e47e0..b1fae26 100644
--- a/test/test_utils.ts
+++ b/test/test_utils.ts
@@ -137,6 +137,9 @@ export function describeSignTxRejects(name: string, testList: any[]) {
         if (rejectReason === InvalidDataReason.LEDGER_POLICY) {
           return
         }
+        if (rejectReason === InvalidDataReason.INVALID_DATA_SUPPLIED_TO_LEDGER) {
+          return
+        }
         const response = ada.signTransaction({
           tx,
           signingMode,