How can I make sure Trezor One is safe besides checking the box?

I read about cases when people received their wallets with a modified loader. They set up their wallet, officially updated, and after a while discovered the loss of funds. How can I make sure that my wallet is completely safe?
P.S. I ordered my Tresor One from the official website, but I’m afraid that my wallet could have been substituted/infected along the way in my country. Sorry if this has already been discussed.

Hi @228bit,

As the device is bought directly from us, everything should be genuine and legit. However, there are a few security measurements with Trezor that can be checked.

  • Trezor One has a security hologram placed on the box. Trezor T over the port, these should be intact so you can be sure no one was manipulating with the device earlier.
  • All Trezor devices are distributed without a firmware software, so you need to install it for your first use. If there is a firmware installed already, then that means that someone used this device before you.
  • The bootloader verifies the firmware signature. The device only runs if the firmware is correctly signed by SatoshiLabs.
  • Because the recovery seed is generated during Trezor setup, there is no default seed, only the seed you will generate for yourself. If you encounter any Trezor device with pre installed firmware that was purchased as new, please let us know.

I hope this helped to put your mind at ease.

1 Like

The bootloader verifies the firmware signature.

Is bootloader substitution excluded? For example, can I infect the bootloader itself?

Bootloader is pre-installed on every device. If the new version of bootloader needs to be installed, the signature is also verified by the pre-installed version of bootloader. It means that unofficial bootloader (without the right signature) cannot be installed to the device.

1 Like