Hi, first of all, comment that I have a Trezor model one and the model T has always caught my attention (you can put the passphrase on the screen of the device itself and gain security), the other day on eBay United Kingdom I saw a seller who I was selling and buying one
The item was cheap in relation to the new price of the Trezor model T (more than 300 euros in the official store), the However, the seller indicates that it is sealed (I am still waiting for the receipt this week and I will update the thread when I receive it)
At this point I know that it is not reliable to buy a hardware wallet from a third party, I am aware of the risk and before buy it I am going to assume that it is false or modified and the checks that I will do will be the following
1 Check that it comes exactly the same as Trezor describes on its website, with the same security seals, the same type of box with drawings and barcode and no firmware installed
2 When trying Trezor for the first time it has to come with no firmware and the original firmware signed by Trezor has a digital signature that would be (supposedly) impossible to install on a tampered device so I’ll install the firmware and then I will reset the device again to the factory and reinstall the firmware for double security.
3 I have communicated with Trezor in a preventive way and they indicate the following to me through an email
Regarding security features:
It is very important that the holographic seals are intact.
As long as they are, the device is definitely legit and safe to use.
In addition to the physical tamper-evident hologram, our devices also utilize software protections against tampering. The device firmware and bootloader are signed by SatoshiLabs, and these signatures are verified every time you boot the device. The Trezor device will notify you if the signatures are invalid.
Most importantly, we ship all of our devices without pre-installed firmware. Thus, you can conveniently check that there is no malicious firmware pre-installed.
However, when the device is purchased from an unofficial reseller, we cannot guarantee error-free functionality (because there is always the possibility that it has also been tampered with hardware).
So if the package looks legit (based on the provided article), could you please go ahead and connect the device and provide the image showing your device screen when connected in bootloader mode?
To do so, slide your finger across the screen while simultaneously connecting the cable to your Trezor Model T.
4 After checking the bootloader as it appears in the YouTube video of the email and following the steps, I will contact them again and send the photo of the bootloader as requested to see if they have additional security indications
Do you think that really and knowing how Trezor devices work I run some risk?
Can the trezor team somehow verify the legitimacy of the article if I think it is false or manipulated? I have to admit that the more I read, I am somewhat regretful of the purchase because more than 5 bitcoin would go inside…
today i read this post and i’m really scared, i really don’t think i’ll be able to use it unless trezor team gives me a total green traffic light
I have read that trezors do not have a serial number but on the box there is a small QR code that helps to follow traceability, could trezor support help me with this to confirm that it is an authentic unit?