Security question regarding Trezor and MetaMask

frazor · April 18, 2024, 9:15am

Hello,

I’ve a security question. I’m using MetaMask in my Firefox browser like many of us do and I’ve one account, my main account, in my MetaMask.

To protect my BEP-20 tokens as well as my ERC20 tokens, I connected my Trezor device with my MetaMask. This created a second account in MetaMask and the wallet address is the same as in the Trezor Suite and I can see all my tokens I sent to my Trezor wallet address. All good so far.

My question is: if for some reason my MetaMask private key gets compromised, are the tokens in my Trezor wallet also in danger since the Trezor wallet is also in my MetaMask?
I mean, both wallets have different private keys, so I would assume that if my main account that came with the installation of MetaMask gets hacked somehow, the Trezor account in my MetaMask shouldn’t be affected by the hack since it was generated in the Trezor Suite with a different private key. Is this correct?

Best,
Frazor

radekP · April 19, 2024, 11:47am

Hi @frazor,

Yes, this is correct. Both accounts (default MetaMask account and Trezor account) are backed up by different recovery seeds. Even if the recovery seed generated by MetaMask is compromised, it cannot compromise the recovery seed stored fully offline in your Trezor device.

Simply put, for maximal security you should consider moving funds from the MetaMask account to the Trezor account.

More information can be found at Pair and connect your Trezor device with MetaMask