Cryptosecurity firm finds a vector to hack a Trezor T wallet

Hi TREZOR team.

After the Ledger controversy, and searching the web, I have just located a new piece of news that affects trezor model t wallets, in this case it is the following, it is attached at the end of the message.

From what I have been able to see, our wallets are not secure, since the vulnerability cannot be patched at the chip level.

So after this new breach, if a user gets stolen or loses their Trezor, they just now know to not only get a new device (ideally without this vulnerability), but move all funds to a new seed.

Given this vulnerability, what options does Trezor consider?

Is it worth removing the Model T from the market and providing a solution to users?

The truth is that I am quite worried about this new news.

Greetings and thank you.

Learn more about our Security approach and responsible disclosure program here
Please find our statement regarding the original Kraken attack which was from 2017 by clicking here: (Our Response to the Read Protection Downgrade Attack | by SatoshiLabs | Trezor Blog)

As you can read in our statement about the attack, we were always aware that all hardware is hackable and the question about physical attacks is not if they will happen, but when they will happen. It’s important to mention that this attack is viable only if the

Passphrase feature does not protect your coins. A strong passphrase fully mitigates the possibilities of a successful attack. Therefore, we have developed a feature that you can implement and avoid an attack by a hacker physically extracting your seed from a microchip on your device, before it was ever attempted.The passphrase is the only protective solution to a physical attack on the STM32 microchip, as it is not physically stored on any piece of hardware. Therefore it cannot be extracted, “read” or brute-forced out of the device and adds the necessary extra layer of security. You can read more about the Passphrase here ( are continuously working on the development of our products, so we can always provide as much security and safety as possible in the field of hardware wallets.

I would also invite you to learn about another Project we have launched to combat the issues with the STM32 chips. Learn about our other company Tropic Square, which hope to bring open source chips to the market in the near future. Tropic Square raise €4M for secure chip |

Please let me know if you have any more concerns or questions.

Good afternoon,

Thank you for your quick response, I’m sorry I didn’t reply sooner.

He did not know the information of the Kraken attack. The truth is, I am calmer with the alternative that they offer, so from now on I will move all my assets to a hidden wallet with Passphrase, although I will review the wiki beforehand, since I have doubts about capital letters and spaces in the use of this system and above all for being aware of a new security layer and where to keep it, away from my seed phrase or memorize it. But come on, I have a heuco, I’ll check it out.

Regarding Tropic Square, he was already aware of the project. So I hope I can see it implemented in a new Trezor as soon as possible.

Regards and thanks for everything.

1 Like

I’m not saying they didn’t actually extract the seed, but if a company speaks obvious nonsense such as below, I would be skeptical of their capabilities, but at least of their intentions. (Screenshot from the comments under the YouTube video, Unciphered replying to the co-inventor of Trezor.)


I am writing one more time. All those who suffered and loss money. Let’s together start process against this company. Write to Czech Embassy located in your states, write to EU financial authorities, attach your invoices buying Trezor T. Start protest. I am Gegham Gevorgyan, from Yerevan, Armenia. I’m ready to cooperate and communicate. I have lost my family savings, I have newborn baby, I am living for rent. And I know there are many people in this situation.

I just saw a video on youtube of a cybersecurity firm cracking a Trezor Model T wallet and extracting the seed. I can’t even believe that even after that Satoshi labs continued to sell the model T!!! I just purchased one 6 months ago and now I have to either get a Tangem or a Safe 3. I feel like everyone who bought a Trezor Model T after this explot was revealed to them should get a full refund or at LEAST be given 2 Trezor Safe 3’s to make up for the fact that they KNOWINGLY sold us vulnerable wallets!!

I urge everyone else who has a model T who purchased it after this hack happened to post here and demand that satoshi labs make this right. How on earth could they continue selling the device when they knew it had a vulnerability like that? The app doesn’t mention anywhere that if you don’t put a passphrase (therefore forcing you only be able to use the hidden wallet) then your device can be hacked. anyways it’s no different than any other wallet at that point! Why would I pay you $200 for a wallet that’s harder to use!?!

I don’t know what you’re smoking, but if someone has access to your device you might have bigger problems. I haven’t seen something like this, but I’m not sure if this is possible if you have a pincode enabled. To believe this I need to know how that person did this, because having access to the device and unlocking it with the correct pin and then trying to do something while just hacking the device without entering pin is already a huge difference.

I need to see it before I believe it :see_no_evil::joy:

if it worries you, just use a passphrase.
problem solved
end of the story

I just check it out and these hacks happened on an older device or on a device with older firmware. Seems like the security issues has been fixed.

1 Like