|
Title: TREZOR can Hacked ? Post by: Cogy on July 03, 2018, 04:17:30 PM I bought a trezor, they delver it to my office unfortunately I forgot it at my office and next day I saw someone open it and its not intact.
Is there have any possibility to hacked. I setup it but now i scared is it safe now for me. please suggest me what can i do now. Title: Re: TREZOR can Hacked ? Post by: Rath_ on July 03, 2018, 04:30:13 PM TREZOR comes without any pre-loaded software, it's downloaded automatically from their servers once you initialize it. Plug it in and check if the device asks you to install firmware. If so, I would consider it as safe. Check if it isn't physically damaged. It would be difficult for anyone to tamper with the device without damaging the case.
Edit: I have just read your post once again and I see that you have already initialized it. Do you remember if it was downloading the firmware? Is the case damaged or scratched? Title: Re: TREZOR can Hacked ? Post by: Cogy on July 03, 2018, 04:35:57 PM TREZOR comes without any pre-loaded software, it's downloaded automatically from their servers once you initialize it. Plug it in and check if the device asks you to install firmware. If so, I would consider it as safe. Check if it isn't physically damaged. It would be difficult for anyone to tamper with the device without damaging the case. Edit: I have just read your post once again and I see that you have already initialized it. Do you remember if it was downloading the firmware? Is the case damaged or scratched? Thanks a lot, Yes I install it successfully , even I didn't face any problem. I just afraid , need to confirm that no one can hacked it. Title: Re: TREZOR can Hacked ? Post by: HeRetiK on July 03, 2018, 04:49:34 PM You mean someone opened the box or someone opened / broke apart the hardware wallet itself?
The latter should be fairly obvious and I wouldn't be using the Trezor anymore at that point. If someone simply opened the box, you should be fairly safe assuming you don't use the Trezor's default seed phrase The wallets hardware and firmware itself is fairly tamper-proof, so if someone tried to update your Trezor with malicious code you'd get a warning whenever you try to access your wallet. The physical hardware itself is rather unlikely to be opened up and tampered with without any obvious signs. SatoshiLabs has a nice overview of possible (known) attack vectors btw: https://doc.satoshilabs.com/trezor-faq/threats.html Edit: I was utterly mistaken regarding the BIP-0039 mnemonic. Please refer to HCP's post (https://bitcointalk.org/index.php?topic=4592050.msg41601091#msg41601091) below. Title: Re: TREZOR can Hacked ? Post by: Rath_ on July 03, 2018, 04:50:54 PM Yes I install it successfully , even I didn't face any problem. I just afraid , need to confirm that no one can hacked it. You should be safe if you installed the firmare by yourself and generated the seed. It looks like the person who opened your package didn't know what to do with it. Remember to check your seed (it's available on TREZOR wallet page) because you will need it to recover your coins. Title: Re: TREZOR can Hacked ? Post by: Cogy on July 03, 2018, 04:55:54 PM You mean someone opened the box or someone opened / broke apart the hardware wallet itself? The latter should be fairly obvious and I wouldn't be using the Trezor anymore at that point. If someone simply opened the box, you should be fairly safe assuming you don't use the Trezor's default seed phrase and create one yourself by selecting words from the BIP-0039 word list: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt Make sure to select words from the BIP-0039 word list randomly, not by selecting lucky numbers or words you more easily remember. Using dice may help as well during the selection process. Use a strong passphrase on top just to be sure (ie. when setting up your wallet you not only enter the seed phrase, but optionally can also add passphrases for multiple accounts in addition to your PIN). Make sure to back up your seed phrase. The wallets hardware and firmware itself is fairly tamper-proof, so if someone tried to update your Trezor with malicious code you'd get a warning whenever you try to access your wallet. The physical hardware itself is rather unlikely to be opened up and tampered with without any obvious signs. SatoshiLabs has a nice overview of possible (known) attack vectors btw: https://doc.satoshilabs.com/trezor-faq/threats.html I mean Someone opened the packet. Title: Re: TREZOR can Hacked ? Post by: Cogy on July 03, 2018, 05:03:24 PM Yes I install it successfully , even I didn't face any problem. I just afraid , need to confirm that no one can hacked it. You should be safe if you installed the firmare by yourself and generated the seed. It looks like the person who opened your package didn't know what to do with it. Remember to check your seed (it's available on TREZOR wallet page) because you will need it to recover your coins. Thanks a lot, now I feel free. Title: Re: TREZOR can Hacked ? Post by: suzanne5223 on July 03, 2018, 06:02:58 PM I bought a trezor, they delver it to my office unfortunately I forgot it at my office and next day I saw someone open it and its not intact. Both Trezor and Ledger Nano S wallet are secure wallet but can be hack if you dont avoid the necessary error but with the wallet package not intact. I will advice to contact the wallet provider and the issue cause the wallet might be vulnerable or not secure due to what you said about the pack.Is there have any possibility to hacked. I setup it but now i scared is it safe now for me. please suggest me what can i do now. Where do you order the item? Title: Re: TREZOR can Hacked ? Post by: Rath_ on July 03, 2018, 09:26:51 PM I will advice to contact the wallet provider and the issue cause the wallet might be vulnerable or not secure due to what you said about the pack. Where do you order the item? Did you even bother to read the whole thread? The package arrived to his office intact and he saw that someone has already opened it. There is no point in contacting the manufacturer because it's not their fault. Title: Re: TREZOR can Hacked ? Post by: dunfida on July 03, 2018, 11:18:37 PM I will advice to contact the wallet provider and the issue cause the wallet might be vulnerable or not secure due to what you said about the pack. Where do you order the item? Did you even bother to read the whole thread? The package arrived to his office intact and he saw that someone has already opened it. There is no point in contacting the manufacturer because it's not their fault. I believe it has been opened for a curious office mate ;D If someone on the place had a knowledge about cryptocurrencies and hardware wallets then you are possible at risk but on a short period of time i dont think it had been compromised. Title: Re: TREZOR can Hacked ? Post by: Lucius on July 04, 2018, 08:40:22 AM The mistake was to order something like this to your work place, only reasonable option is to order it at your home address so you would avoid someone open the package. It's probably just a question of a curiosity, but it's definitely not okay to open a package that is not named in your name - this is a classic violation of privacy. Although in this case using of mentioned hardware wallet is not compromised, there is one dose of doubt which remains.
Title: Re: TREZOR can Hacked ? Post by: Cogy on July 04, 2018, 03:43:59 PM The mistake was to order something like this to your work place, only reasonable option is to order it at your home address so you would avoid someone open the package. It's probably just a question of a curiosity, but it's definitely not okay to open a package that is not named in your name - this is a classic violation of privacy. Although in this case using of mentioned hardware wallet is not compromised, there is one dose of doubt which remains. Yes Sir, I did this mistake. I already install it successfully, I want to know now its have any possibility to hacked. Title: Re: TREZOR can Hacked ? Post by: notaek on July 04, 2018, 07:01:57 PM Yes Sir, I did this mistake. I already install it successfully, I want to know now its have any possibility to hacked. Just to make sure you're fully safe, you can wipe your Trezor device and start initializing again with a new seed. This can be accessed by pressing "Advanced settings" button on Trezor Bridge Interface after you have plugged it. https://i.imgur.com/w99dBIT.png Out of curiosity, which model of Trezor did you buy? Title: Re: TREZOR can Hacked ? Post by: HCP on July 05, 2018, 11:23:24 PM The latter should be fairly obvious and I wouldn't be using the Trezor anymore at that point. If someone simply opened the box, you should be fairly safe assuming you don't use the Trezor's default seed phrase and create one yourself by selecting words from the BIP-0039 word list: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt You can't just randomly select words from the BIP39 wordlist and expect to get a valid seed mnemonic.Make sure to select words from the BIP-0039 word list randomly, not by selecting lucky numbers or words you more easily remember. Using dice may help as well during the selection process. Use a strong passphrase on top just to be sure (ie. when setting up your wallet you not only enter the seed phrase, but optionally can also add passphrases for multiple accounts in addition to your PIN). Make sure to back up your seed phrase. Part of the last word value is a "checksum" that is derived from the rest of mnemonic. If you're randomly picking words, it is highly likely that you're going to end up with an invalid checksum... from memory the odds of picking a word that includes a valid checksum are something like 8/2048 (there are usually around 8 words that will have the correct checksum out of the possible 2048). OPs best option, if they're concerned, is to simply wipe the device and set it up from scratch again as suggested above (it'll generate a new random seed). Title: Re: TREZOR can Hacked ? Post by: HeRetiK on July 06, 2018, 12:04:24 AM The latter should be fairly obvious and I wouldn't be using the Trezor anymore at that point. If someone simply opened the box, you should be fairly safe assuming you don't use the Trezor's default seed phrase and create one yourself by selecting words from the BIP-0039 word list: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt You can't just randomly select words from the BIP39 wordlist and expect to get a valid seed mnemonic.Make sure to select words from the BIP-0039 word list randomly, not by selecting lucky numbers or words you more easily remember. Using dice may help as well during the selection process. Use a strong passphrase on top just to be sure (ie. when setting up your wallet you not only enter the seed phrase, but optionally can also add passphrases for multiple accounts in addition to your PIN). Make sure to back up your seed phrase. Part of the last word value is a "checksum" that is derived from the rest of mnemonic. If you're randomly picking words, it is highly likely that you're going to end up with an invalid checksum... from memory the odds of picking a word that includes a valid checksum are something like 8/2048 (there are usually around 8 words that will have the correct checksum out of the possible 2048). OPs best option, if they're concerned, is to simply wipe the device and set it up from scratch again as suggested above (it'll generate a new random seed). Aw geez. Thank you for correcting me! I had a feeling that my memory was off but couldn't quite put my finger on it. |
