Trezor hacked (again)

[DaveF]

...Trezor is making their own secure element so new generation device will be much better, but knowing all this I was not recommending Trezor wallets for some time....

With all the other mistakes they have made through the years, and all the other issues with their products, do you think their first shot at designing a secure element is going to be good? Companies that have been designing and building SE for years and years still have massive issues now and then. Their first product out of the gate is either going to be perfect or an unmitigated disaster.

For this hack yes, you need physical access and specialized hardware and specific knowledge, but part of the point of a hardware wallet is is supposed to be idiot proof and secure out of the box. Without putting in an extra password and everything else. The fact that they did not issue a more dire warning about their security vulnerabilities in the past just really puts them in my do not use file.

-Dave

[1714044912]

1714044912

[1714044912]

1714044912

[1714044912]

1714044912

[1714044912]

1714044912

[1714044912]

1714044912

[o_e_l_e_o]

For this hack yes, you need physical access and specialized hardware and specific knowledge, but part of the point of a hardware wallet is is supposed to be idiot proof and secure out of the box. Without putting in an extra password and everything else. The fact that they did not issue a more dire warning about their security vulnerabilities in the past just really puts them in my do not use file.

We discussed exactly this over three years ago when this vulnerability was first demonstrated: https://bitcointalk.org/index.php?topic=5222188.msg53803392#msg53803392

Three years on, and nothing has changed. Their website still makes no mention of the vulnerability. Their new documentation and set up guides are still lacking in any and all information. Nowhere in their "First Steps" or "Trezor 101" are passphrases mentioned at all. If you head in the "Security" section to find a page on passphrases, you'll find it still makes no mention whatsoever of the vulnerability and makes frankly dangerous statements such as calling a passphrase "an extra word" and a graphic showing the passphrase "Martha". If your seed phrase is compromised by this attack, a passphrase of a single word will provide no protection whatsoever and will be bruteforced in a matter of minutes.

They've got their priorities straight though - long before you reach that (completely inadequate) page on passphrases, in the "Trezor Basics" section you get a nice page on how to dox yourself via their built-in KYC trading platform Invity, and a nice page on how to invite blockchain analysis companies to spy on you via their partnership with Wasabi.

[m2017]

~snip

This is nothing new for all devices without secure element, but there are few ways people can protect against attacks like this:

1. Use multiple strong passphrases - this is easy and free solution available to anyone, and it makes hackers job much harder.
2. Use Multisig setup with your Trezor wallet - this makes it impossible for anyone to extract keys with this procedure.
3. Use Secret Shamir Sharing with passphrase - this should in theory work in similar way like Mutlisig setup.
4. Don't keep any of your keys inside wallet if you don't use it daily, only import when you need to send transaction and then reset it.
5. Use other open source hardware wallet with secure element.

Trezor is making their own secure element so new generation device will be much better, but knowing all this I was not recommending Trezor wallets for some time.
However, risk of this happening to regular people is very low, especially if you improve security like I mentioned.

~snip

6. Store your trezor device in such a way that no one except you has access to it. In light of the latest news, this will reduce risks and save your nerves. I don't think that even if your hardware wallet ends up in the hands of attackers, this means that they will be able to access the contents of the wallet (they can't do without special skills and knowledge). At the very least, they will have to spend some time on this, and another recommendation follows from this.

7. If the trezor wallet is in the hands of attackers (you are 100% sure of this), then immediately transfer your crypto assets to another wallet (you do have backups, right).

Maybe because the trezor has put all its resources into developing a new wallet (this firm is creating a new wallet) they don't try to patch old holes and improve the security of existing HW devices. In the sense that why try to improve old models if can create a device that is initially superior in safety.

Like it or not, this doesn't justify their actions at all, because it jeopardizes the safety of the assets of their clients, who paid for it.

In fact, whatever it was, they have no excuse.

[tenant48]

Three years on, and nothing has changed. Their website still makes no mention of the vulnerability. Their new documentation and set up guides are still lacking in any and all information. Nowhere in their "First Steps" or "Trezor 101" are passphrases mentioned at all. If you head in the "Security" section to find a page on passphrases, you'll find it still makes no mention whatsoever of the vulnerability and makes frankly dangerous statements such as calling a passphrase "an extra word" and a graphic showing the passphrase "Martha". If your seed phrase is compromised by this attack, a passphrase of a single word will provide no protection whatsoever and will be bruteforced in a matter of minutes.

They've got their priorities straight though - long before you reach that (completely inadequate) page on passphrases, in the "Trezor Basics" section you get a nice page on how to dox yourself via their built-in KYC trading platform Invity, and a nice page on how to invite blockchain analysis companies to spy on you via their partnership with Wasabi.

In addition, in the Trezor suite, when entering a passphrase, a clearly visible window pops up for entering it through a computer, and a link for entering a passphrase through the wallet itself is displayed below in barely noticeable text. From which we can conclude that their priority is not a secure way to enter a passphrase through the wallet itself, but through the application.
Naturally, they have access to passphrases entered through the application, while intercepting passphrases through the open source wallet itself would be problematic for them.
Why they do all this can only be guessed, but the conclusions are drawn not in their favor.

[zasad@]

One company is passing off CID phrases to other companies, another wallet maker is partnering with Chainalysis albeit saying that "the coordinator simply refuses them". Companies are affected by regulators.
I wouldn't be surprised if they follow the metamask route and add "We reserve the right to withhold taxes where required."

Businesses simply cannot be trusted. Profits trump everything else, always.

It's been obvious for years that you cannot trust any centralized exchange, and that they will scam you, lock accounts, seize funds, gamble your coins, and go bankrupt. It should now be obvious to everyone that you cannot trust hardware wallet manufacturers either. From unfixable bugs, to support for government mandated KYC via AOPP, to directly funding blockchain analysis and spying on their users, to handing your seed phrases to third parties and making it vulnerable to government subpoenas.

The solution is run your own node, trade via Bisq, and as you point out use your own airgapped encrypted cold storage which does not rely on third parties being honest.

strong passphrase solves the hacking problem if hackers manage to get to your Seed.

It doesn't solve it, as the attacker will still have your seed phrase. It mitigates against your coins being stolen if and only if you use a long and random passphrase, but we also know that most people use incredibly weak passphrases.

I love decentralized trading, so I immediately have a lot of questions about fiat transactions and P2P trading. Then my tax office will have a lot of questions for me if my bank does not block the account earlier, because according to the agreement with the bank, I am prohibited from trading.
https://www.coingecko.com/en/exchanges/bisq
The main liquidity in the pair: Monero/Bitcoin, there is no liquidity for other cryptocurrencies.

[safar1980]

Trezor sales soar 900% amid Ledger’s seed recovery controversy
Trezor said a remote seed phrase extraction is impossible on its hardware wallets, adding that it would never implemented.
https://cryptoslate.com/trezor-sales-soar-900-amid-ledgers-seed-recovery-controversy/

The Trezor T has already become a scarce commodity.
Tell me, does the ledger own all the recovery phrases for the wallet of its clients for a long time, or can it do this after the last firmware of the wallet?
Can the ledger software send company recovery phrases now?

[Pmalek]

In addition, in the Trezor suite, when entering a passphrase, a clearly visible window pops up for entering it through a computer, and a link for entering a passphrase through the wallet itself is displayed below in barely noticeable text. From which we can conclude that their priority is not a secure way to enter a passphrase through the wallet itself, but through the application.
 
Naturally, they have access to passphrases entered through the application, while intercepting passphrases through the open source wallet itself would be problematic for them.
Why they do all this can only be guessed, but the conclusions are drawn not in their favor.

Everything about the Trezor is open-source. The native Trezor Suite, the firmware, the software on the device, etc. If such code exists, where are the security experts and code reviewers to point that out? If such code has been out there for years and no one has noticed it or no one wanted to notice it, what does that tell us about the importance of open-source? Open-source is a window, useful if people want to look through it with care and attention for detail. If everyone just walks by it blindly, you can as well pull the blinds down because you aren't using it.

Personally, I don't believe there is such a feature in Trezor. If there was, we could take our open-source recommendations, roll them up in a ball, bend down, and stick them where the sun doesn't shine. There is a saying in Germany that goes something along those lines.    

I love decentralized trading, so I immediately have a lot of questions about fiat transactions and P2P trading. Then my tax office will have a lot of questions for me if my bank does not block the account earlier, because according to the agreement with the bank, I am prohibited from trading.

Your bank and your tax office won't know where the money came from and how you earned it. It's not Bisq that pays you, so banks can't track or reject such transactions. You get paid by the people you trade with. If you buy from me using Bisq, I pay you from my account to yours. Your bank doesn't know you sold bitcoin to get those funds. You can tell them anything you want. They only see one individual transferring X to another individual.

We could be friends, family, colleagues, lovers, brothers... You could have sold me a bike, a sofa, a jacket, your NHL card collection... None of that is taxable.

[o_e_l_e_o]

because according to the agreement with the bank, I am prohibited from trading.

You can always open an account with another bank which has a less draconian view of crypto, or trade with cash. Although as Pmalek rightly points out, any transfers to your bank account come from other individuals, not from Bisq.

The main liquidity in the pair: Monero/Bitcoin, there is no liquidity for other cryptocurrencies.

That's because almost all other cryptocurrencies are trash. I use Bisq mainly for fiat pairs.

Trezor sales soar 900% amid Ledger’s seed recovery controversy

Imagine getting rid of your Ledger because you are worried about a seed extraction vulnerability, and buying another hardware wallet with a proven seed extraction vulnerability which is also happily cooperating with government sponsored blockchain analysis.

[zasad@]

because according to the agreement with the bank, I am prohibited from trading.

You can always open an account with another bank which has a less draconian view of crypto, or trade with cash. Although as Pmalek rightly points out, any transfers to your bank account come from other individuals, not from Bisq.

The main liquidity in the pair: Monero/Bitcoin, there is no liquidity for other cryptocurrencies.

That's because almost all other cryptocurrencies are trash. I use Bisq mainly for fiat pairs.

The bank will see incomprehensible transfers from unknown people and may block the account and require an explanation of the transactions and their legality.
Bisq reminds me of Localbitcoins, or BitZlato. The first campaign closed on its own, and there is now a criminal case against BitZlato in the United States. BitZlato did not have a KYC, but used the services of a well-known AML provider.

When trading, it is sometimes necessary to receive cash or stablecoins. It is possible to send several thousand dollars to a bank account, but if you send several hundred thousand dollars to a bank account, your bank will have a lot of questions for you, and cash transactions for such amounts are not safe.
I trade through DAI and through other stablecoins, large trades are DAI.

[JayJuanGee]

because according to the agreement with the bank, I am prohibited from trading.

You can always open an account with another bank which has a less draconian view of crypto, or trade with cash. Although as Pmalek rightly points out, any transfers to your bank account come from other individuals, not from Bisq.

The main liquidity in the pair: Monero/Bitcoin, there is no liquidity for other cryptocurrencies.

That's because almost all other cryptocurrencies are trash. I use Bisq mainly for fiat pairs.

The bank will see incomprehensible transfers from unknown people and may block the account and require an explanation of the transactions and their legality.
Bisq reminds me of Localbitcoins, or BitZlato. The first campaign closed on its own, and there is now a criminal case against BitZlato in the United States. BitZlato did not have a KYC, but used the services of a well-known AML provider.

When trading, it is sometimes necessary to receive cash or stablecoins. It is possible to send several thousand dollars to a bank account, but if you send several hundred thousand dollars to a bank account, your bank will have a lot of questions for you, and cash transactions for such amounts are not safe.
I trade through DAI and through other stablecoins, large trades are DAI.

A lot of your questions and concerns regarding various ways to trade (or transact) with others and not to be interrogated or traced in respect to your interactions seem to be legitimate, and surely not Trezor specific kinds of questions - and for sure, I would be interested in following/participating in forum threads related to such topics... even though even on the forum, sometimes we might not even want to be describing too many specifics regarding exactly what we are doing... and for sure, we live in a world that is complicated in terms of trying to attempt to preserve some of the privacies that we might have had in regards to face to face cash transactions in the past and in some ways, some of us may well be trying to apply those kinds of privacies in the digital space

---- and for sure a kind of dynamic that may well always be changing in terms of services that are available, government (and even financial institutional) encroachments and normies trying to exercise certain rights to privacy, autonomy, security and self-sovereignty - and not always knowing the extent to which they might be unwittingly giving up some of their rights, and I am surely not going to claim to know how to employ various technologies without getting trapped at various points.,. who wants to have their funds seized, locked up, frozen, hacked, rug pulled or otherwise removed from their abilities to be able to use them.. or even depleted for penalties, taxes or some other kinds of disputes regarding whether some middle man might say that they have claims against our funds (that we may well dispute).

For sure, not Trezor specific questions.. even though there is some overlap in ways that these kinds of topics can be discussed.

[Pmalek]

When trading, it is sometimes necessary to receive cash or stablecoins. It is possible to send several thousand dollars to a bank account, but if you send several hundred thousand dollars to a bank account, your bank will have a lot of questions for you, and cash transactions for such amounts are not safe.

Well, if you are trying to conceal your fiat trades, I would suggest not sending such big amounts. They will, of course, sound all kinds of alarms because receiving hundreds of thousands of dollars is not an everyday (normal) transaction. The bank will ask questions and is surely obliged to report to the local taxing authorities.

Regarding Bisq and trading limitations, a new user can only trade up to 0.1 BTC. After your account is signed and you become a more senior user of Bisq, these limits increase. But when fiat is concerned, the trade limits are in many cases 0.25 BTC/trade. For some payment methods, you will see 0.5 or 1 BTC. 

[safar1980]

In Russia, I can buy Trezor T for 80-100 dollars.
The wallet will be in its original packaging, but I can refuse the goods if I suspect fraud.
https://www.ozon.ru/product/apparatnyy-kriptokoshelek-trezor-model-t-holodnyy-koshelek-dlya-kriptovalyuty-913105391/
How can I check that this wallet has not been modified before selling? It's impossible to tell from the packaging and holograms.
What Trezor utilities can help me with this, so that I can be sure that this is an original wallet from Satoshi Labs?

[Pmalek]

<Snip>

I seriously doubt that a device sold for $80-100 can be a genuine Trezor Model T. Unless someone stole them off a truck somewhere.
I wouldn't pay attention to things like packaging, holographic seals, or the content of the box. I think none of that is difficult to fake.

This is what you should be looking for.

- Trezors don't ship with pre-installed firmware. You have to install the firmware the first time you connect it to your computer. You get to choose between a multi-coin or bitcoin-only firmware. If your Trezor already has a firmware on it, it has already been used and/or is fake.
- You have to generate a seed on your own local machine. Never accept a seed that's already entered on your HW or filled out on the seed cards.
- Only a Trezor with a genuine Trezor-signed firmware can connect and communicate with the official Trezor Suite app. A fake firmware will be detected, and you won't be able to use the Trezor Suite.
- Never download Trezor Suite or the firmware from any website mentioned on any notes that are shipped together with your package. Any software must be downloaded and verified from the official website only (https://trezor.io/).  

[zasad@]

because according to the agreement with the bank, I am prohibited from trading.

You can always open an account with another bank which has a less draconian view of crypto, or trade with cash. Although as Pmalek rightly points out, any transfers to your bank account come from other individuals, not from Bisq.

The main liquidity in the pair: Monero/Bitcoin, there is no liquidity for other cryptocurrencies.

That's because almost all other cryptocurrencies are trash. I use Bisq mainly for fiat pairs.

The bank will see incomprehensible transfers from unknown people and may block the account and require an explanation of the transactions and their legality.
Bisq reminds me of Localbitcoins, or BitZlato. The first campaign closed on its own, and there is now a criminal case against BitZlato in the United States. BitZlato did not have a KYC, but used the services of a well-known AML provider.

When trading, it is sometimes necessary to receive cash or stablecoins. It is possible to send several thousand dollars to a bank account, but if you send several hundred thousand dollars to a bank account, your bank will have a lot of questions for you, and cash transactions for such amounts are not safe.
I trade through DAI and through other stablecoins, large trades are DAI.

A lot of your questions and concerns regarding various ways to trade (or transact) with others and not to be interrogated or traced in respect to your interactions seem to be legitimate, and surely not Trezor specific kinds of questions - and for sure, I would be interested in following/participating in forum threads related to such topics... even though even on the forum, sometimes we might not even want to be describing too many specifics regarding exactly what we are doing... and for sure, we live in a world that is complicated in terms of trying to attempt to preserve some of the privacies that we might have had in regards to face to face cash transactions in the past and in some ways, some of us may well be trying to apply those kinds of privacies in the digital space

---- and for sure a kind of dynamic that may well always be changing in terms of services that are available, government (and even financial institutional) encroachments and normies trying to exercise certain rights to privacy, autonomy, security and self-sovereignty - and not always knowing the extent to which they might be unwittingly giving up some of their rights, and I am surely not going to claim to know how to employ various technologies without getting trapped at various points.,. who wants to have their funds seized, locked up, frozen, hacked, rug pulled or otherwise removed from their abilities to be able to use them.. or even depleted for penalties, taxes or some other kinds of disputes regarding whether some middle man might say that they have claims against our funds (that we may well dispute).

For sure, not Trezor specific questions.. even though there is some overlap in ways that these kinds of topics can be discussed.

I don't want to digress, but P2P trading in my country will quickly result in a blocked bank account. Therefore, the crypto community needs a decentralized stablecoin.

___

When trading, it is sometimes necessary to receive cash or stablecoins. It is possible to send several thousand dollars to a bank account, but if you send several hundred thousand dollars to a bank account, your bank will have a lot of questions for you, and cash transactions for such amounts are not safe.

Well, if you are trying to conceal your fiat trades, I would suggest not sending such big amounts. They will, of course, sound all kinds of alarms because receiving hundreds of thousands of dollars is not an everyday (normal) transaction. The bank will ask questions and is surely obliged to report to the local taxing authorities.

Regarding Bisq and trading limitations, a new user can only trade up to 0.1 BTC. After your account is signed and you become a more senior user of Bisq, these limits increase. But when fiat is concerned, the trade limits are in many cases 0.25 BTC/trade. For some payment methods, you will see 0.5 or 1 BTC. 

If you look at the trading volumes of Bisq and Uniswap, you will understand what I am talking about. P2P should be avoided for large sums.

this service helps me to trade without registrations and restrictions
https://rango.exchange/

And my topic is about such services
https://bitcointalk.org/index.php?topic=5389259

Trezor and ledger are perfectly compatible with these services.

[m2017]

In Russia, I can buy Trezor T for 80-100 dollars.
The wallet will be in its original packaging, but I can refuse the goods if I suspect fraud.
https://www.ozon.ru/product/apparatnyy-kriptokoshelek-trezor-model-t-holodnyy-koshelek-dlya-kriptovalyuty-913105391/
How can I check that this wallet has not been modified before selling? It's impossible to tell from the packaging and holograms.
What Trezor utilities can help me with this, so that I can be sure that this is an original wallet from Satoshi Labs?

The desire to save money always goes sideways.

Why don't you buy from an authorized reseller or directly from the manufacturer? I would choose the second option. For peace of mind. Moreover, they periodically have discounts.

The price of the device is lower than the cost of the official manufacturer should already be alarming. Especially if it's 2 times cheaper price.

Do you want to be sure that hardware wallet is from Satoshi Labs? Then order from them. What could be easier to be sure. Sorry for the banality.

[safar1980]

<Snip>

I seriously doubt that a device sold for $80-100 can be a genuine Trezor Model T. Unless someone stole them off a truck somewhere.
I wouldn't pay attention to things like packaging, holographic seals, or the content of the box. I think none of that is difficult to fake.

This is what you should be looking for.

- Trezors don't ship with pre-installed firmware. You have to install the firmware the first time you connect it to your computer. You get to choose between a multi-coin or bitcoin-only firmware. If your Trezor already has a firmware on it, it has already been used and/or is fake.
- You have to generate a seed on your own local machine. Never accept a seed that's already entered on your HW or filled out on the seed cards.
- Only a Trezor with a genuine Trezor-signed firmware can connect and communicate with the official Trezor Suite app. A fake firmware will be detected, and you won't be able to use the Trezor Suite.
- Never download Trezor Suite or the firmware from any website mentioned on any notes that are shipped together with your package. Any software must be downloaded and verified from the official website only (https://trezor.io/).  

I was looking for a more serious guide not to buy a modified wallet
Standard recommendations do not save you from a fake wallet
https://forum.trezor.io/t/how-to-verify-the-authenticity-of-trezor-model-t-hardware/4195/2

I was looking for something like this, but it is in Russian
https://slabber.io/posts/2538

We already have a business idea, buy 5 processors for Trezor for $ 115 and solder this cpu

Why don't you buy from an authorized reseller or directly from the manufacturer? I would choose the second option. For peace of mind. Moreover, they periodically have discounts.

There are no official sellers in Russia. Intermediary only, and buying for $220 will not guarantee buying an official wallet.

[Pmalek]

There are no official sellers in Russia. Intermediary only, and buying for $220 will not guarantee buying an official wallet.

Trezor doesn't have an official reseller in Russia, you are right about that. But they have one in Belarus. Intersafe Trade Ltd (https://satoshi-shop.by).

There are also two in Ukraine:
Lwallet - https://lwallet.com.ua
BITWALLET LLC - https://trezor.io/bitwallet.com.ua

There is one in Georgia.
Ravestag LLC
https://ravestag.app/

I am sure you could order one from Belarus if you want to. The shops in Ukraine might not be willing to ship to Russia due to the ongoing war.

[dkbit98]

In Russia, I can buy Trezor T for 80-100 dollars.
The wallet will be in its original packaging, but I can refuse the goods if I suspect fraud.

This device is unavailable at the moment on website you posted, but I wouldn't risk buying it because I am sure this is not original Trezor.
Form last reports of hacked modified Trezor T they said that it was packed and it looked exactly identical as original device, and only difference could be noticed when looking inside on the board.
One more difference was skipping the online check to confirm device is authentic.

With all the other mistakes they have made through the years, and all the other issues with their products, do you think their first shot at designing a secure element is going to be good? Companies that have been designing and building SE for years and years still have massive issues now and then. Their first product out of the gate is either going to be perfect or an unmitigated disaster.

Do you know any newly released thing will be good?
With that kind of thinking you shouldn't use or trust anything, but this should be open source and that means everyone will be able to contribute and improve it.
It's silly to compare this with any other closed source chips that exists much longer, and Trezor didn't fall from sky yesterday, they are the first even hardware wallet, so they have some experience.

Trezor sales soar 900% amid Ledger’s seed recovery controversy
Trezor said a remote seed phrase extraction is impossible on its hardware wallets, adding that it would never implemented.

Nice!
I am sure sales jumped a lot for all other hardware wallets like Passport, Keystone, etc, they posted something about all items sold.
They should all thank ledger marketing team for free promotion  

[tenant48]

- Only a Trezor with a genuine Trezor-signed firmware can connect and communicate with the official Trezor Suite app. A fake firmware will be detected, and you won't be able to use the Trezor Suite.

Unfortunately no. You can compile your own firmware for Trezor.

Here is how to do it for Trezor One:
https://docs.trezor.io/trezor-firmware/legacy/index.html

For Trezor T:
https://docs.trezor.io/trezor-firmware/core/build/index.html

[Cricktor]

I can use my DIY PiTrezor without problems with official Trezor Suite. Yes, Trezor Suite detects that the PiTrezor isn't genuine and shows a warning banner, but otherwise works perfectly fine with it.