Using Trezor on infected computer

In fact, even malicious Bridge alone won’t be capable of making your wallet vulnerable if you confirm everything on the device.

When you set up your Trezor, your seed is not communicated to the computer. In fact, no confidential information is ever sent to the computer. All calculations using the private keys are done in Trezor, and it only sends the result to the computer. That’s why you don’t really need to set up/use Trezor on a safe computer.

1 Like

What do you mean by “malicious Bridge”? Is that a bridge that you can use to send tokens from one chain to another chain?

What can happen if you go on random websites and confirm random signing transactions and other transactions? Can a passphrase protected Trezor T still become vulnerable if you use your trezor to sign transactions that are malicious?

And if it becomes vulnerable, do all the different passphrase accounts on the trezor device automatically become vulnerable? Or just the one passphrase account that was used to sign transactions.

If someone signs or confirms malicious transactions (for example from a malicious “bridge”), while using a password protected Trezor T, will there theoretically be a possibility that funds can be drained by the hacker?

Important question: will the hacker be able to view or get access or drain all the other password protected accounts in Trezor T if indeed just one password protected account was hacked through signing a malicious transaction?

By “password protected account” I mean a passphrase / hidden account in Trezor T.

Only the address you connect with can be abused, other passphrase yields a different address.

1 Like

Hi @WD100,

If you mean signing some kind of allowance for the malicious contract, it can only affect the token that you signed the allowance for. For example, if the allowance is signed for SHIB in your ETH address, the malicious contract can’t steal ETH or other ERC20 tokens from the same ETH address, only SHIB.