Trezor One Compromised During Update? Please advise next steps

I needed to update my Trezor One, that had undergone no updates since 2017 and was not even accessible for me to acesss. I followed the instructions for the wipe until it got to the long code verification. I got up from the computer for some minutes, the computer went to sleep, and when returned the Trezor page said to remove device and refresh browser (DuckDuckGo). As I did so my Trezor informed me the update had been successful — though I never verified the code manually on it!

My concern is that during this time my Trevor could have been compromised? My computer has been acting really slow in these last few hours and many websites not loading. Obviously I am not tech savvy and need pointers. Should I be concerned about the integrity of the update on my Trezor? Is the safest route to order a new trezor and recover my wallet on the new one? Other pointers please…

Hi @tothestars,

I’m not sure why you needed to do a wipe because you haven’t used your Trezor One since 2017. Updating the Firmware and updating the Bridge software should’ve sufficed. But since you did a wipe I assume you have written down/saved your private key/seed, the 12 secret words?

You can perform a Dry-run recovery to check your seed.

If your seed is written down/saved but you’re unsure about your Trezor status and you want to recover your wallet, just wipe the Trezor and recover your wallet by running the setup routine again, but when asked if you want to Create a new wallet or Recover an existing wallet, choose the recover option.

Then you enter your 12 word seed and your old wallet should be recovered, once you’ve finished the setup routine.

About your PC getting slow and if you’re worried you may have malware in it, there are programs that can help you clean it up, without requiring you to be tech savvy. If you want some advice, I’ll be happy to help on PM.

1 Like

Thanks for this. There was no option for update that I saw, there had been one before some months back. Yes, have all the seeds safe, am concerned about the part where I enter them into the Trezor website…here at the last steps -

Is that part of verifying seed keys online in Advanced Recovery mode normal? Thanks!

Yes, to recover your old wallet you have to enter your private seed.

So long as you’re using the website at address then you’re at the right place anyway for the Advanced Recovery process. That page is on the SatoshiLabs website, which is the same company that makes Trezor. It’s considered safe.

I’m not sure if you can do this procedure from Trezor Suite (desktop). I don’t remember. You can try, if you don’t trust the website.

About the Firmware update, it’s automatic after you wipe the device, since Firmware is also wiped.

I have a question. I recently updated to the latest firmware and bridge after having not done so in a couple years too.

I did this after accessing MyEtherWallet and seeing my previous addresses and balances were in tact. When I went through the update process I did one thing that I think screwed everything up (I cancelled when I could not confirm my key? on the device)

After disconnecting and reconnecting the device the website advised that I have no Firmware at all on my device now and proceeded to ask for a set-up with recovery provided. I did so and could access my account again with the same passcode; but, when I reviewed my addresses on MyEtherWallet afterwards the address I use for my ETH is MIA.

I read some postings, replied to one posting, created a ticket 90541 and then read this posting.

I spot checked my Dry-Run Recovery and it failed.

So, my question is - did I create a new wallet entirely, which is why my Recovery Key is not working and I am missing my Address? If so, should I wipe my device and follow the guidelines you provided here to access the original Wallet again? My gut says yes; but, I don’t want assume and lose my bag holdings.

I have tried a wipe and recovery. What is odd is on recovery, the App asks to set a PIN - this is something I did previously. I’ve done this cycle 2 times. Once using the Website with Passphrase and again manually on the Device. Neither time I have been able to retrieve my original wallet.

Ticket 90541