Trezor’s Multi-Layer Protection In opposition to Provide Chain Assaults | by SatoshiLabs | Mar, 2025

At Trezor, we pioneered the first-ever {hardware} pockets in 2013 with a transparent objective: to offer a safe and easy-to-use software for managing Bitcoin and crypto. {Hardware} wallets are designed to maintain non-public keys offline, defending them from distant assaults — a activity our earlier fashions have all the time excelled at.

Whereas {hardware} wallets provide sturdy safety, no system is fully resistant to bodily assaults. Given sufficient time, experience, and sources, a decided attacker might theoretically try to extract non-public keys from a stolen machine. To mitigate this danger, we launched the passphrase — a user-defined, further layer of safety on your pockets backup. Not like the pockets backup, the passphrase is rarely saved on the machine, making it unimaginable to extract even within the occasion of a bodily assault.

One of many largest variations between Trezor Secure Household (launched with the launch of the Trezor Safe 3 in 2023) was the introduction of a devoted Safe Component. It was launched as a response to person suggestions for enhanced safety in case of machine theft or loss. The Safe Component used within the Trezor Secure 5 and Trezor Secure 3 is the OPTIGA™ Belief M (V3). In impact, it's a chip designed to guard extremely delicate info from software program and {hardware} assaults.

Whereas all Trezor fashions stay safe in opposition to distant assaults, the Safe Component within the Trezor Secure 3 & Trezor Secure 5 provides an additional layer of bodily safety — for instance, in case a Trezor machine is misplaced or stolen.

The Safe Component in Trezor Secure 3 & Trezor Secure 5 offers safeguards in:

• Enhanced PIN protection: Stopping unauthorized entry in case of theft.
• Prevents seed extraction by fault injection assaults (voltage glitching): A beforehand identified concern with Trezor Mannequin One and Trezor Mannequin T.
• Gadget authenticity verification: Strengthening resistance in opposition to provide chain assaults.

A provide chain assault occurs when a tool is tampered with earlier than it reaches the client. This might contain an attacker modifying a authentic machine and reselling it.

To fight provide chain dangers, Trezor has applied a number of protection layers:

1. Firmware safety checks
   a. Firmware revision ID examine
   b. Firmware hash examine
2. Onboarding safety
   a. Preinstalled firmware detection
   b. Entropy examine workflow
   c. Firmware improve
   d. Gadget authentication examine
3. Firmware safety checks
   a. Firmware revision ID examine

Trezor Suite consists of a number of layers of verification to detect potential tampering. These embody:

a. Firmware revision ID examine

Firmware revision is a novel identifier assigned to every firmware launch. Each time a Trezor machine is related, Trezor Suite verifies the firmware revision in opposition to a database of official releases. This is the way it works:

• If the firmware revision doesn't match, Trezor Suite flags the machine as counterfeit.
• This examine is especially efficient in opposition to provide chain assaults requiring a protracted preparation time. That is on account of the time taken to change and distribute tampered gadgets.
• Since Trezor usually releases new firmware updates and Trezor Suite prompts customers to replace their firmware earlier than setup, a tool operating unauthorized firmware is more likely to fail this examine.

Vital: As a observe, we all the time suggest updating your machine’s firmware usually. That is essential to increase the performance of your Trezor, apply new safety measures, and allow newly developed options.

Right here’s extra on this:

b. Firmware hash examine

The firmware hash examine is a cryptographic verification course of that ensures the integrity of the firmware operating in your Trezor machine. That is the way it works:

• Upon each machine connection, Trezor Suite points a random cryptographic problem to the machine.
• The machine then calculates a firmware hash, which is in contrast in opposition to the anticipated hash from the official firmware binary file saved in Trezor Suite.
• If the outcomes don't match, Trezor Suite flags the machine as counterfeit.

Please observe, that this examine is just efficient if the machine is operating the newest firmware model. That is why Trezor Suite strongly encourages customers to replace the firmware usually.

Right here’s extra on this:

All Trezor gadgets endure extra safety checks throughout preliminary setup:

a. Preinstalled firmware detection

• If a tool is detected with preinstalled firmware, the person is prompted to substantiate whether or not they’ve used the machine earlier than.
• If it’s a case that they haven't used the machine beforehand, the machine could also be compromised, and customers are warned accordingly.

b. Entropy examine workflow

Throughout pockets creation, Trezor generates a pockets utilizing random information (entropy) from two sources,

1. Trezor machine: The interior supply.
2. A companion app: Sometimes Trezor Suite, but it surely can be one other appropriate app like trezorctl or Electrum.

Pretend or compromised gadgets usually ignore the enter from the exterior entropy supply (Trezor Suite), producing wallets in a predictable, deterministic method, permitting attackers to recreate and entry them.

The entropy examine protects the person from this habits and marks the machine as counterfeit if it doesn't cross the examine.

Right here’s extra on this:

c. Firmware improve

• Throughout onboarding, customers are inspired to improve to the newest firmware model, triggering each revision ID and hash checks, as defined earlier within the article.
• Whereas customers have the choice to choose out, we suggest not doing so in mild of the safety dangers round utilizing outdated firmware.

d. Gadget authentication examine

Within the case of the Trezor Secure 3 and Trezor Secure 5, the Safe Component performs an necessary position in verifying the authenticity of your machine.

When organising the machine:

• Trezor Suite sends a problem to the machine.
• The Safe Component indicators the problem and returns it with a novel machine certificates.
• Trezor Suite verifies each signatures to substantiate authenticity.

The certificates is just checked regionally and instantly discarded, making certain privateness. Customers could choose out of the machine authentication course of, however we strongly advise in opposition to it.

Study extra right here:

a. Tamper-evident packaging

Each Trezor Secure 3 comes with a holographic seal over the connector, making certain the machine hasn’t been interfered with earlier than reaching the client. Please observe, the Trezor Secure 3 packaging doesn't have a seal.

Right here’s what this could appear to be, relying on when your machine was manufactured and packaged.

Any signal of a damaged or lacking seal is a powerful indicator that the machine has been compromised. On this case, we encourage you to please contact Trezor Assist by way of our chatbot, Hal.

The Ledger Donjon crew demonstrated a approach to bypass the authenticity examine, and the firmware hash examine particularly in Trezor Secure 3, utilizing a sophisticated voltage glitching approach. The opposite countermeasures in opposition to provide chain assaults stay unchallenged. Nonetheless, you will need to observe:

• No non-public keys might be hacked or PIN extracted utilizing this assault.
• The assault requires full bodily entry to the machine. (This consists of disassembling the casing, desoldering the microchip, modifying or extracting information utilizing specialised instruments, after which reassembling and repackaging the machine with out leaving any seen indicators of tampering.)
• If the machine is bought from an official supply, it's extremely unlikely that it has been tampered with.

This highlights why we all the time suggest buying instantly from Trezor.io or licensed resellers.

Self-custody with a {hardware} pockets like Trezor stays the most secure approach to retailer crypto.

• With Trezor, you maintain your personal keys.
• No trade can freeze your funds.
• No third celebration can entry your pockets.

The true danger is trusting third events; on this case, buying a Trezor {hardware} pockets from sources past our formally listed ones.

Even in a worst-case provide chain assault situation, the attacker would nonetheless want to change and distribute gadgets at scale, which stays extremely impractical.

No. Should you purchased a tool from an official supply it's extremely unlikely that there's something unsuitable along with your machine. If there are indicators of tampering when your order arrives, otherwise you purchased it from an unauthorized reseller, simply attain out to Trezor Assist or begin a dialogue on Trezor Forum and we’ll stroll you thru examine for compromise.

• Your funds stay protected, and there's no want for any motion in your half.
• Safe Components present an added degree of safety in opposition to bodily assaults.
• Our in-built provide chain defenses embody a number of safety layers.
• Trezor Suite makes tampered gadgets almost unimaginable to distribute at scale.

Safety is rarely static, and at Trezor we're constantly taking steps to enhance our {hardware} and software program. Ledger Donjon’s analysis highlighted one doable assault vector. It, nevertheless, doesn't undermine the core safety of the Trezor Secure Household.

At Trezor, we totally embrace such safety analysis as a result of it helps strengthen the ecosystem. We'll proceed to refine our safety measures and stay totally clear about potential dangers.

Lastly, we suggest buying your Trezor {hardware} pockets or equipment instantly from Trezor.io or licensed listed resellers, as a finest observe on your safety.

As all the time, keep knowledgeable and keep safe!