Button Up

Is Your Trezor Wallet Safe? Unveiling the Truth Behind Trezor Hacking Incidents

September 13, 2023

Introduction: Is Trezor Wallet Secure?

When it comes to keeping your Bitcoin and other cryptocurrencies safe, Trezor is a household name. As someone who has spent a decade specializing in crypto security, I understand the importance of keeping your digital assets secure. In this in-depth article, I will discuss the security features of Trezor wallets and answer a pressing question: Has Trezor ever been hacked?

Security Features of Trezor Wallets

Trezor Model T
Trezor Model T

Trezor offers two primary models: Trezor Model One and Trezor Model T.

Both models come with robust security features designed to keep your private keys and funds safe. As a professional in crypto security, I can vouch for the credibility of these features. Let's examine them:

  1. Offline Private Keys: Private keys remain offline even when connected to an internet-enabled device. Your private keys are impervious to online hacking attempts.
  2. Recovery Phrases: These 12, 18, or 24-word long phrases act as a backup if you lose access to your wallet. Keep them in a secure location to deter unauthorized access.
  3. PIN Code Protection: A PIN code between 4 to 9 digits protects your Trezor wallet. Multiple failed attempts reset the device, adding an extra layer of security.
  4. Open-Source Software: The community can audit the transparent code, allowing any potential vulnerabilities to be identified and addressed promptly.

🔒 Note: Trezor doesn't use Secure Elements Chips commonly found in credit cards. They argue that such chips contradict the transparent nature of cryptocurrency.

Security measures of Trezor
Image Credit: trezor.io

Have Trezor Wallets Been Hacked?

Yes, but understanding the nature of these attacks is crucial. Attacks usually require physical access to the wallet.

Known Attacks

  1. Joe Grand's Hack: In early 2022, hardware hacker Joe Grand revealed how he hacked the Trezor Model One. Trezor fixed this vulnerability soon after it was disclosed. They moved the PIN and key to RAM during the firmware update and installed unauthorized code on the device. After the video was released, Trezor confirmed that this exploit was fixed and could no longer happen on new devices.
  2. Seed Extraction Attacks: The other two attacks on Trezor were the so-called Seed Extraction Attacks performed by the Donjon security team and the Read Protection Downgrade Attack performed by Kraken Security Labs.

Both attacks could happen only because the Passphrase feature was not enabled on the devices. A strong passphrase fully mitigates the possibility of a successful attack. So you should always have it activated. Also the attacker must possess a specialized hardware tool, strong technical knowledge, and physical access to bypass the protection.

Trezor acknowledges these incidents and works diligently to improve security measures. They also advocate for community-driven security research to fortify industry standards.

Until today, there are no known remote attacks on Trezor devices, and remote attacks are the most common; according to Trezor, 94 % of the attacks are happening remotely.

Since these incidents, Trezor wallets haven't been hacked. This is likely due to the many firmware updates the wallet has implemented.

Remaining Vigilant 🛡️

Beware of phishing attacks targeting Trezor users, often involving compromised MailChimp services. Be vigilant against suspicious links and unsolicited requests for personal information.

Concluding : How Safe Is Your Trezor Wallet?

While Trezor wallets have been hacked through physical means, they remain highly secure against remote internet-based attacks. By following best practices in wallet and key management, your assets remain secure.

📈 Takeaways:

  • Trezor offers robust security features.
  • Physical access is often required for a successful hack.
  • Stay vigilant against phishing attacks.

📌 Tip: Considering a hardware wallet? Just click the button below.

If you are looking for your next hardware wallet, you can check our comparison of the best crypto hardware wallets currently available.


Frequently Asked Questions

For the Read Protection Downgrade Attack, they used specialized hardware to perform the voltage glitching of the STM32 microchip, which allowed them to bypass the protection. This way, they obtained the encrypted recovery seed from the device.

Trezor doesn't use a Secure Element; therefore, their devices are vulnerable to physical hacking attacks where the device is opened and tampered with.

Fixing this vulnerability would require a complete revamping of the hardware wallet. Trezor is aware of this weakness; however, they haven't made any changes.

For now, they firmly stand behind their statement that as long as you activate the BIP39 passphrase and keep your wallet and keys in a safe, offline place, your assets are highly protected from any remote attack.

Protective seals protect a Trezor box. The case is sealed using ultrasound, so you would see immediately if someone had tampered with it.

All Trezor devices come without firmware software, so you must install it for your first use. If your wallet has installed firmware, then someone used the device before you. You should not use this device.

Also, never buy a second-hand hardware wallet.

Phishing works by sending messages that look like they are from a legitimate company or website. The message usually contains a link that takes you to some dubious website that looks like the real one. Usually, the email contains information you need to confirm your personal information, enter a password, seed phrase, PIN, or card number, download malicious software, etc.

The important thing is that you should never click the links like that or share personal information. No legit company will ask you for your personal information. If you are not sure, don't click in a panic, but research whether the email is legit or not.

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

No items found.

Unlock your potential

Subscribe my weekly newsletter and get tips, tools, and insights directly to your inbox!
Leo Brunnhofer - Weirdo.Rocks