I purchased this Trezor Model T wallet from Amazon. When I opened it, I noticed the Holographic seal on the back (right picture) looks like it has some glue/rubber cement around the edge. It does not look the same as the top edge (left picture), which looks very clean. Does this look normal?
Hi @MrStu
This looks to me like it was done in the manufacturing process.
Apart from the physical tamper-evident hologram, our devices also use software safeguards against tampering. The device firmware and bootloader are signed by SatoshiLabs, and these signatures are checked whenever you start the device. The Trezor device will warn you if the signatures are invalid.
Most important, we dispatch all of our devices without preinstalled firmware. Therefore your can conveniently check that there isn’t any preinstalled malicious firmware.
Doesn’t this device use a recovery seed phrase? If someone can remove the seal and learn the recovery phrase, wouldn’t they be able to restore it to another Trezor wallet? Someone buys the Trezor, removes the seal, and gains access to the recovery phrase. Then they return the Trezor after gluing the holographic seal back on. Wait a few months and recover the wallet using the recovery phrase. I haven’t connected it to my computer yet, but I hope it doesn’t generate a recovery phrase until first use; then, if a phrase exists, the user knows the wallet is compromised.
Yes the device does you recovery seed phrase (according to BIP39).
When you create new wallet the device generates NEW (unique) recovery seed that you are suppose to write down (this mnemonic phrase is shown to you only once during the initialization and never again) and you can use it later to restore access to your wallet (if it comes down to it).
So the bottom line is: as long as the device is “empty” - meaning there is no (malicious) firmware preinstalled. It is definitely legit and safe to use.