Hi TREZOR team.
After the Ledger controversy, and searching the web, I have just located a new piece of news that affects trezor model t wallets, in this case it is the following, it is attached at the end of the message.
From what I have been able to see, our wallets are not secure, since the vulnerability cannot be patched at the chip level.
So after this new breach, if a user gets stolen or loses their Trezor, they just now know to not only get a new device (ideally without this vulnerability), but move all funds to a new seed.
Given this vulnerability, what options does Trezor consider?
Is it worth removing the Model T from the market and providing a solution to users?
The truth is that I am quite worried about this new news.
Greetings and thank you.
Learn more about our Security approach and responsible disclosure program here https://trezor.io/security/
Please find our statement regarding the original Kraken attack which was from 2017 by clicking here: (Our Response to the Read Protection Downgrade Attack | by SatoshiLabs | Trezor Blog)
As you can read in our statement about the attack, we were always aware that all hardware is hackable and the question about physical attacks is not if they will happen, but when they will happen. It’s important to mention that this attack is viable only if the
Passphrase feature does not protect your coins. A strong passphrase fully mitigates the possibilities of a successful attack. Therefore, we have developed a feature that you can implement and avoid an attack by a hacker physically extracting your seed from a microchip on your device, before it was ever attempted.The passphrase is the only protective solution to a physical attack on the STM32 microchip, as it is not physically stored on any piece of hardware. Therefore it cannot be extracted, “read” or brute-forced out of the device and adds the necessary extra layer of security. You can read more about the Passphrase here (https://wiki.trezor.io/Passphrase).We are continuously working on the development of our products, so we can always provide as much security and safety as possible in the field of hardware wallets.
I would also invite you to learn about another Project we have launched to combat the issues with the STM32 chips. Learn about our other company Tropic Square, which hope to bring open source chips to the market in the near future. Tropic Square raise €4M for secure chip | SatoshiLabs.com
Please let me know if you have any more concerns or questions.
Thank you for your quick response, I’m sorry I didn’t reply sooner.
He did not know the information of the Kraken attack. The truth is, I am calmer with the alternative that they offer, so from now on I will move all my assets to a hidden wallet with Passphrase, although I will review the wiki beforehand, since I have doubts about capital letters and spaces in the use of this system and above all for being aware of a new security layer and where to keep it, away from my seed phrase or memorize it. But come on, I have a heuco, I’ll check it out.
Regarding Tropic Square, he was already aware of the project. So I hope I can see it implemented in a new Trezor as soon as possible.
Regards and thanks for everything.
I’m not saying they didn’t actually extract the seed, but if a company speaks obvious nonsense such as below, I would be skeptical of their capabilities, but at least of their intentions. (Screenshot from the comments under the YouTube video, Unciphered replying to the co-inventor of Trezor.)
I am writing one more time. All those who suffered and loss money. Let’s together start process against this company. Write to Czech Embassy located in your states, write to EU financial authorities, attach your invoices buying Trezor T. Start protest. I am Gegham Gevorgyan, from Yerevan, Armenia. I’m ready to cooperate and communicate. I have lost my family savings, I have newborn baby, I am living for rent. And I know there are many people in this situation.