Note that the recent scandal surrounding Ledger hardware wallets has led many cryptocurrency enthusiasts to look for alternatives. And because Trezor is open-source, some people have opted for it.

Alas, as the current situation shows, Trezor has its fair share of problems too.

How the Trezor wallet got hacked

In an interview with CoinDesk, Unciphered claimed a loophole to hack Trezor T. It’s important to note that the wallet must be in the hands of a potential attacker to do so – and that doesn’t happen very often. Overall, the experts reported “a hardware vulnerability in the STM32 chip that allows access to the flash memory of the device”.

The Unciphered team went beyond complicated technical terms: they filmed a video of a cryptocurrency wallet hack sent to them by journalists for experimentation. Through a series of manipulations, the experts successfully gained access to the device’s PIN and Sid phrase. These combinations are displayed at the end of the video, so we recommend reading the whole process.

A Trezor spokesperson noted that all the details of the attack are not yet known to the wallet manufacturer, but the vulnerability found is similar to the so-called Read Protection Downgrade (RDP) attack. It was published on the official Trezor blog back in January 2020.

The relevant blog post describes an RDP attack vector that could potentially be applied to Trezor One and Trezor T devices. It was discovered by experts on the Kraken trading platform’s cybersecurity team as early as October 30, 2019, meaning the direction to create problems was known earlier.

The attack is considered “physical”, meaning a potential attacker would need to have the victim’s device and have a fair amount of technical knowledge with the appropriate hardware.

The RDP attack is described in the blog as follows.

RDP Downgrade involves switching the voltage on the STM32 microchip. This allows an attacker with special equipment, knowledge and physical access to the device to bypass the manufacturer’s protection, as well as extract the contents of the microcontroller’s flash memory. In this way, the attacker can retrieve the encrypted Sid phrase from the device.

Recall that hardware wallets are designed to ensure that the Sid-Phrase and its associated private keys never make their way onto the Internet and generally do not leave the device. Accordingly, the current news is a serious blow to Trezor's reputation. And while it does require the presence of the device along with a thorough understanding of how the device works, the ability to extract syde from a locked hardware wallet is frustrating in any case.

That said, this attack is only possible when the device is not protected by a strong enough secret combination. The blog notes that this extra layer of protection supposedly completely removes the risk of any physical attack. This claim was also repeated by the Trezor speaker in an interview with journalists.


It's about creating a separate set of wallets by adding an additional passphrase. In other words, the user uses the generated 24 words of the passphrase and adds another word to it, which causes the device to create a completely different address. They can only be accessed by the owner of the device, who is able to enter the extra word and regain access to their coins.

However, the Unciphered experts noted in comments on YouTube that they were able to restore access to such wallets as well. Moreover, in this case, the device owner simply forgot that they had previously set up a passphrase.


However, Unciphered experts neither confirmed nor denied Trezor’s assumption about the type of attack. They cited a non-disclosure agreement – it’s dangerous to fully disclose the attack vector right now, as it could harm cryptocurrency users. The risk of an attack can only be fully mitigated by physically replacing the microchip, i.e. the wallet manufacturer must implement the new hardware base in the next models of devices.

Experts also didn’t appreciate Trezor’s reply comments from employees. Here is their quote.

The fact remains that with this article they are trying to shift the responsibility for device security to the customer instead of taking responsibility for what’s going on and admitting that their device is fundamentally insecure.

It’s been almost three years since the RDP was published, which means Trezor employees haven’t been able to get rid of the risks of the vulnerability in that time. Instead, representatives of the company published a blog post stating that an attack cannot occur unless the wallet falls into the hands of a hacker. Therefore, hardware wallet owners supposedly just need to take care of their own devices.

Such a recommendation sounds logical, but it does not obviate the risk of losing their coins and tokens. Therefore, if the owner of a Trezor hardware wallet or other similar device loses it, they need to urgently regain access to their addresses via a MetaMask-type online wallet and send cryptocurrencies to an exchange. Then use another hardware wallet with a different SYP phrase or buy a new device, reconfigure it, and only then send coins there.


We think this situation could seriously damage Trezor's reputation. Of course, the chances of running into such an advanced hacker and accidentally giving him your hardware wallet in real life are minimal. However, comfortably using a device that is publicly hacked will also be significantly more difficult. Therefore, there is a chance that some cryptocurrency lovers will now use Ledger hardware wallets again, whose devices, due to having a special security chip, are able to resist this attack vector.


What do you think about this situation? Share your opinion in our cryptochat, where we discuss other important developments in the world of blockchain and decentralized assets.