At Trezor, we pioneered the first-ever hardware wallet in 2013 with a clear goal: to provide a secure and easy-to-use tool for managing Bitcoin and crypto. Hardware wallets are designed to keep private keys offline, protecting them from remote attacks — a task our earlier models have always excelled at.
While hardware wallets offer strong security, no system is entirely immune to physical attacks. Given enough time, expertise, and resources, a determined attacker could theoretically attempt to extract private keys from a stolen device. To mitigate this risk, we introduced the passphrase — a user-defined, extra layer of security for your wallet backup. Unlike the wallet backup, the passphrase is never stored on the device, making it impossible to extract even in the event of a physical attack.
One of the biggest differences between Trezor Safe Family (introduced with the launch of the Trezor Safe 3 in 2023) was the introduction of a dedicated Secure Element. It was introduced as a response to user feedback for enhanced protection in case of device theft or loss. The Secure Element used in the Trezor Safe 5 and Trezor Safe 3 is the OPTIGA™ Trust M (V3). In effect, it is a chip designed to protect highly sensitive information from software and hardware attacks.
While all Trezor models remain secure against remote attacks, the Secure Element in the Trezor Safe 3 & Trezor Safe 5 adds an extra layer of physical security — for example, in case a Trezor device is lost or stolen.
The Secure Element in Trezor Safe 3 & Trezor Safe 5 provides safeguards in:
- Enhanced PIN protection: Preventing unauthorized access in case of theft.
- Prevents seed extraction by fault injection attacks (voltage glitching): A previously known issue with Trezor Model One and Trezor Model T.
- Device authenticity verification: Strengthening resistance against supply chain attacks.
A supply chain attack happens when a device is tampered with before it reaches the customer. This could involve an attacker modifying a legitimate device and reselling it.
To combat supply chain risks, Trezor has implemented multiple defense layers:
- Firmware security checks
a. Firmware revision ID check
b. Firmware hash check - Onboarding protection
a. Preinstalled firmware detection
b. Entropy check workflow
c. Firmware upgrade
d. Device authentication check - Firmware security checks
a. Firmware revision ID check
Trezor Suite includes multiple layers of verification to detect potential tampering. These include:
a. Firmware revision ID check
Firmware revision is a unique identifier assigned to each firmware release. Every time a Trezor device is connected, Trezor Suite verifies the firmware revision against a database of official releases. Here’s how it works:
- If the firmware revision does not match, Trezor Suite flags the device as counterfeit.
- This check is particularly effective against supply chain attacks requiring a long preparation time. This is on account of the time taken to modify and distribute tampered devices.
- Since Trezor regularly releases new firmware updates and Trezor Suite prompts users to update their firmware before setup, a device running unauthorized firmware is likely to fail this check.
Important: As a practice, we always recommend updating your device’s firmware regularly. This is necessary to expand the functionality of your Trezor, apply new security measures, and enable newly developed features.
Here’s more on this:
b. Firmware hash check
The firmware hash check is a cryptographic verification process that ensures the integrity of the firmware running on your Trezor device. This is how it works:
- Upon every device connection, Trezor Suite issues a random cryptographic challenge to the device.
- The device then calculates a firmware hash, which is compared against the expected hash from the official firmware binary file stored in Trezor Suite.
- If the results do not match, Trezor Suite flags the device as counterfeit.
Please note, that this check is only effective if the device is running the latest firmware version. This is why Trezor Suite strongly encourages users to update the firmware regularly.
Here’s more on this:
All Trezor devices undergo additional security checks during initial setup:
a. Preinstalled firmware detection
- If a device is detected with preinstalled firmware, the user is prompted to confirm whether they’ve used the device before.
- If it’s a case that they have not used the device previously, the device may be compromised, and users are warned accordingly.
b. Entropy check workflow
During wallet creation, Trezor generates a wallet using random data (entropy) from two sources,
- Trezor device: The internal source.
- A companion app: Typically Trezor Suite, but it can also be another compatible app like trezorctl or Electrum.
Fake or compromised devices typically ignore the input from the external entropy source (Trezor Suite), generating wallets in a predictable, deterministic way, allowing attackers to recreate and access them.
The entropy check protects the user from this behavior and marks the device as counterfeit if it does not pass the check.
Here’s more on this:
c. Firmware upgrade
- During onboarding, users are encouraged to upgrade to the latest firmware version, triggering both revision ID and hash checks, as explained earlier in the article.
- While users have the option to opt out, we recommend not doing so in light of the security risks around using outdated firmware.
d. Device authentication check
In the case of the Trezor Safe 3 and Trezor Safe 5, the Secure Element plays an important role in verifying the authenticity of your device.
When setting up the device:
- Trezor Suite sends a challenge to the device.
- The Secure Element signs the challenge and returns it with a unique device certificate.
- Trezor Suite verifies both signatures to confirm authenticity.
The certificate is only checked locally and immediately discarded, ensuring privacy. Users may opt out of the device authentication process, but we strongly advise against it.
Learn more here:
a. Tamper-evident packaging
Every Trezor Safe 3 comes with a holographic seal over the connector, ensuring the device hasn’t been interfered with before reaching the customer. Please note, the Trezor Safe 3 packaging does not have a seal.
Here’s what this should look like, depending on when your device was manufactured and packaged.
Any sign of a broken or missing seal is a strong indicator that the device has been compromised. In this case, we encourage you to please contact Trezor Support via our chatbot, Hal.
The Ledger Donjon team demonstrated a way to bypass the authenticity check, and the firmware hash check specifically in Trezor Safe 3, using an advanced voltage glitching technique. The other countermeasures against supply chain attacks remain unchallenged. However, it is important to note:
- No private keys can be hacked or PIN extracted using this attack.
- The attack requires full physical access to the device. (This includes disassembling the casing, desoldering the microchip, modifying or extracting data using specialized tools, and then reassembling and repackaging the device without leaving any visible signs of tampering.)
- If the device is purchased from an official source, it is highly unlikely that it has been tampered with.
This highlights why we always recommend purchasing directly from Trezor.io or authorized resellers.
Self-custody with a hardware wallet like Trezor remains the safest way to store crypto.
- With Trezor, you hold your own keys.
- No exchange can freeze your funds.
- No third party can access your wallet.
The real risk is trusting third parties; in this case, purchasing a Trezor hardware wallet from sources beyond our officially listed ones.
Even in a worst-case supply chain attack scenario, the attacker would still need to modify and distribute devices at scale, which remains highly impractical.
No. If you bought a device from an official source it is highly unlikely that there is anything wrong with your device. If there are signs of tampering when your order arrives, or you bought it from an unauthorized reseller, just reach out to Trezor Support or start a discussion on Trezor Forum and we’ll walk you through how to check for compromise.
- Your funds remain safe, and there is no need for any action on your part.
- Secure Elements provide an added level of protection against physical attacks.
- Our in-built supply chain defenses include multiple security layers.
- Trezor Suite makes tampered devices nearly impossible to distribute at scale.
Security is never static, and at Trezor we are continuously taking steps to improve our hardware and software. Ledger Donjon’s research highlighted one possible attack vector. It, however, does not undermine the core security of the Trezor Safe Family.
At Trezor, we fully embrace such security research because it helps strengthen the ecosystem. We will continue to refine our security measures and remain fully transparent about potential risks.
Finally, we recommend purchasing your Trezor hardware wallet or accessories directly from Trezor.io or authorized listed resellers, as a best practice for your security.
As always, stay informed and stay secure!
