In fact, even malicious Bridge alone won’t be capable of making your wallet vulnerable if you confirm everything on the device.
When you set up your Trezor, your seed is not communicated to the computer. In fact, no confidential information is ever sent to the computer. All calculations using the private keys are done in Trezor, and it only sends the result to the computer. That’s why you don’t really need to set up/use Trezor on a safe computer.
What do you mean by “malicious Bridge”? Is that a bridge that you can use to send tokens from one chain to another chain?
What can happen if you go on random websites and confirm random signing transactions and other transactions? Can a passphrase protected Trezor T still become vulnerable if you use your trezor to sign transactions that are malicious?
And if it becomes vulnerable, do all the different passphrase accounts on the trezor device automatically become vulnerable? Or just the one passphrase account that was used to sign transactions.
If someone signs or confirms malicious transactions (for example from a malicious “bridge”), while using a password protected Trezor T, will there theoretically be a possibility that funds can be drained by the hacker?
Important question: will the hacker be able to view or get access or drain all the other password protected accounts in Trezor T if indeed just one password protected account was hacked through signing a malicious transaction?
If you mean signing some kind of allowance for the malicious contract, it can only affect the token that you signed the allowance for. For example, if the allowance is signed for SHIB in your ETH address, the malicious contract can’t steal ETH or other ERC20 tokens from the same ETH address, only SHIB.
I have been using Trezor one and Trezor T (I have one each) before but have now ordered a Trezor 5. Because Im really paranoid, I would like to ask:
When I connect the Trezor 5 to the computer and download the firmware from Trezor Suite, how can I be 100% assured that the software isn’t tampered with? My computer is a couple of years old and I have different programs on and have downloaded loads of different programs on it during the years. So I always assume that my computer is a cesspool of viruses.
So is there (even if the chances are extremely slim) in theory possible for someone to make a “virus” so when I download the the firmware from Trezor Suite to my new Trezor 5 I get a “bad software” that can be tampered with? For an example, making the seed words not random so a hacker can get to it?
Is the safest route to use a completely new computer or any thing else you recommend?
Also, Im thinking about sending over my funds from my old devices to the Trezor 5 instead of importing the keys so I can use a 20 words backup instead of a 24 words backup. But, lets say I import the keys instead, should I then destroy my previous devices or can I wipe them clean and give them away to a friend that is new to bitcoin and be 100% secure that he can’t recover the the old seed? (he works within software security, so I want to be 100% secure with my decision here).
I have the same kind of doubts as you. I have searched for information about it.The questions I ask myself:
Is it safe to use a self-custody device with one that may be infected?
If this is the case, should we protect ourselves with a VPN and Antivirus or is it necessary to allocate the management of cold wallets to a device purchased exclusively for this purpose?
Thanks mate, I hope we can start a conversation to exchange knowledge or help us find the solution