Not sure if my device was compromised before I opened

Hi,

I just got a new Trezor one direct from the company. The box seemed untampered with (all holograms looked okay and had to destroy box to get inside).

This is my second Trezor one. When I went through the normal process to get this device going I got several warning messages and said something to the effect that it had been installed before. I plugged it back in and it sent me to the Suite page. At this point, I added the back up (seed phrase) and added a pin.

It seems like everything is working normally now, but I’m afraid that maybe it was tampered with?

My question is, if I do a factory reset and generate a new seed phrase, will that make this device safe to use in the unlikely chance it was tampered with? The website is unclear what a factory reset actually accomplishes. Trezor support is worthless trying to help me with this. Does anyone have any advice?

Thanks so much!

This would help with “naive” tampering, i.e., someone setting up a seed for you and trying to get you to use it.

If the device is modified in an actually clever manner – what someone going to the trouble of replacing the holograms would do – it’s going to give you one of twenty pregenerated seeds, and after a factory reset it’s gonna give you another one. There is no “untampering” a tampered device. It’s not like your PC where you erase the hard drive from BIOS and start fresh; it’s more like someone sold you a counterfeit safe, and now you think you can just change the combination and all is good.


Now, given that you ordered straight from trezor.io, it’s quite unlikely that there is a problem. It might have been useful to pay more attention to the warning messages though. If your device did arrive with firmware already on it, that indicates that, at best, something went very wrong at the packaging process.

Thanks so much for the response matejcik.

That makes sense, and I do think it’s very unlikely that it was compromised (came from Trezor, packaging was all sealed). It was just unsettling that I did this with another Trezor One a few months back and saw none of these warnings.

I’m going to use this as one key of a 2/3 multisig set up at Unchained so it may not matter anyway, but I’ve heard so many horror stories that I want to make certain I don’t introduce any kind of risk.

Thanks for your response.

1 Like

Update: I just did a factory reset of my Trezor, and when I went to plug it back the Trezor Suite says " Security check:
Firmware is already installed on the connected Trezor. Only continue with setup if you have used this Trezor before."

This seems strange since I just did a successful wipe of the Trezor. I thought the wipe was supposed to remove all Firmware?

There are two kinds of device erase operation and at this point I’m not sure what Suite is calling them.

The “basic” one is called “wipe device” internally, and it’s what you would get without any special steps, just by clicking a button in Suite and confirming on Trezor. That one will erase all personal data, but keep the installed firmware.

The other one is “bootloader wipe”. To achieve it, you would need to switch your Trezor to bootloader mode (hold down left button while plugging into USB), and then selecting Factory reset from the options Suite is presenting. Afterwards, firmware should be gone.

If you’re unsure, please try performing the second procedure. If you get the same Suite security check warning afterwards, something is definitely amiss.