The last report of the vulnerability is not that dangerous, which could enable users to lose their money, so why did they force others to update the new version 2.3.1?
I think they should contact these wallets before they release the new Trezor firmware since they have had about 3 months.
It is also related to SEGWIT transactions, and does not necessarily mean that it will cause money loss, am I the only one who felt that correcting this vulnerability was not correct?
Topic: [BUG] Don't update Wasabi if you are using Trezor hw (Read 442 times)
Trezors were updated to protect users employing SEGWIT transactions. Trezor users on legacy BTC were never at risk because the network design protected against this vulnerability already. SEGWIT made the decision, for speed, to do it differently. I feel that now this vulnerability is out in the public maybe the process might be up for consideration of change. Actually, I still hang on legacy because for me speed is not an issue.
Basically the latest patch has broken any third-party apps compatibility, not exclusive to Wasabi or Electrum. As discussed previously on a thread such as https://bitcointalksearch.org/topic/update-your-trezor-firmware-5253425. There's a high chance even if you use other third-party wallet apps, it won't work.
It seems that for Trezor users who have updated to the latest firmware (Trezor One v1.9.1 and Trezor Model T v2.3.1).
Recommended to temporarily not use third-party wallets such as Electrum and Wasabi until they are updated to work correctly and avoid problems, as mentioned in their blog:
Recommended to temporarily not use third-party wallets such as Electrum and Wasabi until they are updated to work correctly and avoid problems, as mentioned in their blog:
Quote from: https://blog.trezor.io/latest-firmware-updates-correct-possible-segwit-transaction-vulnerability-266df0d2860
The firmware updates for Trezor One (version 1.9.1) and Trezor Model T (version 2.3.1) change how Segwit transactions are handled and correct this.
Unfortunately, some third-party tools like Electrum or PSBT-based tools like BTCPay Server and Wasabi Wallet do not allow Trezor to obtain the previous transaction in case of Segwit inputs, which is why Trezor will not be able to sign transactions using these tools until they are updated to work correctly. We are cooperating with these parties to fix the problem as we speak.
Another option: don't update the Trezor firmware if you still want to use it with the previous version of wasabi or electrum wallet. Unfortunately, some third-party tools like Electrum or PSBT-based tools like BTCPay Server and Wasabi Wallet do not allow Trezor to obtain the previous transaction in case of Segwit inputs, which is why Trezor will not be able to sign transactions using these tools until they are updated to work correctly. We are cooperating with these parties to fix the problem as we speak.
Recently found BIP-174 security vulnerability was fixed by Trezor, BUT it broke compatibility with third party software like Wasabi wallet is.
Quote
If you’re a Wasabi Wallet user with a Trezor device, please don’t update your current Wasabi Wallet installation and Trezor devices to version 2.3.1
(Trezor Model T) and version 1.9.1 (Trezor One) yet or you may get locked out of your bitcoins until we fix the issue.
Please update both when we’ve published a new version of Wasabi Wallet through our official channels.
Addendum:
We are advising users to not update Wasabi Wallet until the fixes are out due to the potential of bad actors distributing a malicious copy of Wasabi Wallet and exploiting the vulnerability.
source: https://medium.com/@jmacato/wasabi-wallets-advisory-for-trezor-users-7d942c727f92(Trezor Model T) and version 1.9.1 (Trezor One) yet or you may get locked out of your bitcoins until we fix the issue.
Please update both when we’ve published a new version of Wasabi Wallet through our official channels.
Addendum:
We are advising users to not update Wasabi Wallet until the fixes are out due to the potential of bad actors distributing a malicious copy of Wasabi Wallet and exploiting the vulnerability.
Jump to: