Author

Topic: Can Trezor steal our bitcoins ? (Read 2735 times)

full member
Activity: 172
Merit: 100
February 08, 2016, 03:00:26 PM
#39
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?

Yes.

As several others have posted earlier, no. If you don't have any proof, don't spread rumors.
full member
Activity: 206
Merit: 100
February 08, 2016, 02:56:51 PM
#38
The seed and the PIN are generated in their site mytrezor.com
That is not true. The seed is generated in the Trezor device itself, and the only way it leaves the device is via the 24 words that you write down.

You generate your own PIN, and you send it to the device in such a way that only someone who is watching its screen could determine your PIN.

Of course, all this depends on the security of the software on the device itself, but as far as I know that's open source, and vetted by many people who aren't part of Trezor.
sr. member
Activity: 252
Merit: 250
February 06, 2016, 05:44:25 AM
#37
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?
you dont have to worry about this,even they know about anything on your account as long trezor is nt scam and trusted,they will not make you upset,they is the best so far,so do you think coinbase dont know about our private data? Wink
hero member
Activity: 756
Merit: 502
February 06, 2016, 04:34:46 AM
#36
No, I don't think that they can access your privatekeys. If the hardware fail, you can still recover your bitcoins via diverse ways like mentionned before.
member
Activity: 98
Merit: 10
February 05, 2016, 08:49:19 PM
#35
Everything and anything is possible to be stolen. However, Bitcoin has proven to be a rather incredible source of protecting privacy and money information.
legendary
Activity: 1512
Merit: 1012
January 19, 2016, 08:16:35 PM
#34
it's better to buy a dedicated desktop for your coins at this point

Yes.

Or a old phone with custom ROM android.
newbie
Activity: 11
Merit: 0
January 19, 2016, 08:13:22 PM
#33
Bitcoin is build on trust. If you do not trust that business then find a one you will trust more.
If you are in doubt that you Private key or seed can be seen by someone else, then do not use it.

learn to read.
newbie
Activity: 11
Merit: 0
January 19, 2016, 08:03:10 PM
#32
They could but they shouldn't because they are a legitimate business. Can the bank steal your money? Can PayPal steal your money? Heck the president could steal your money!

This is the most stupid sentece i've ever heard
Paypal and our Banks give insurance to frauds, trackable and controled by contry's law OECD etc
Bitcoin is anonymous open source service that ain't controled by anybody . no body with large amunt of btc would trust on a ''luck'' without asking questions unless he's a derp
hero member
Activity: 1106
Merit: 521
January 19, 2016, 01:47:10 PM
#31
I doubt very much they can access your privkey from that, so many people are always going on about how good trezor are and how secure so i am sure someone has checked them out.  my biggest worry about using the trezor would be hardware failure and not being able to use it.  i think fir the foreseeable future i will stick to good old paper wallets that i can backup.......

in case of hardware failure you can always resotre your wallet with the seed in Electrum

Fair enough, great answer........ what is it like 12 random words or something?
full member
Activity: 206
Merit: 100
January 19, 2016, 01:40:27 PM
#30
They could but they shouldn't because they are a legitimate business. Can the bank steal your money? Can PayPal steal your money? Heck the president could steal your money!
The bank and PayPal are different. They hold your money on your behalf. Trezor does not.

Not only should Trezor not steal your money, but they can't.

The firmware on your Trezor device is open source, and vetted by many other customers who are smarter than you or I.

This firmware does not ever send the private key (which is needed to spend your bitcoin) to the wallet. This includes the mytrezor.com wallet.

The firmware displays on the mini screen the BTC amount and the recipient address before it signs a transaction, and won't sign it until you press a key on the device. There is no way for a wallet on your PC, phone, or browser to get around these protections, because these wallets can't alter the Trezor's display or press its buttons.

The only way to hack your Trezor would be to load it with new firmware that has a back door. So don't upgrade the firmware on your Trezor.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
January 19, 2016, 04:38:49 AM
#29
First off all : Follow the Bump rules,you can only bump your post once in 24 hours.Neither the topic is as important that you needed the bump.

Secondly,no trezor can't steal your coins.Take example of your blockchain wallets,even though the private keys and addresses are generated by the website,they don't have access to the private keys since the algorithms follow specific encryption which is generated on the server side.
sr. member
Activity: 474
Merit: 252
January 19, 2016, 04:38:08 AM
#28
Of course it is not. I have verified Trezor security by code review and inspecting all network traffic. I might be wrong, but i seriously doubt it. Besides that fact, more capable people than me checked it, too.


Never deposit all your coins into one single wallet ,or exchange ,online stufs never safe to get hacked or anything else,the thing is we must trust and they keep taking their fees but one day they can see 1/3 bitcoins and think i can get this and no one will be able to recover or do anything,the thing is there is a risk involved into any wallet provider.
I don't know why you suggest / conclude that i use a single wallet or exchange. In fact just the opposite is true.
legendary
Activity: 924
Merit: 1002
January 19, 2016, 04:26:47 AM
#27
Bitcoin is build on trust. If you do not trust that business then find a one you will trust more.
If you are in doubt that you Private key or seed can be seen by someone else, then do not use it.
legendary
Activity: 1946
Merit: 1007
January 19, 2016, 04:26:03 AM
#26
Looks like there are some serious misconceptions about trezor.

Why would you trust a software wallet on your PC more than a hardware wallet? Both have the same potential issues.

Trezor can also be used with several wallets and does not need to be used with mytrezor website. Hardware failure can be overcome by using the seed in another trezor or software wallet. The trezor only communicates with the PC for signing transactions and never releases the private key, even if your system is malware infected. The blinded numpad also makes sure nobody can track your codes.

It doesn't get safer than this type of stuff.

so you're saying that i can not trust my core client? no sense, to me if we can not trust core with our private key, than bitcoin is indeed a fail

core is open source, and you can go ahead and compile yourself and check the code, this mean 100% safety, the problem is not trusting your desktop not your client, becaus emaybe you dl'ed malicious thing without knowing...

They could but they shouldn't because they are a legitimate business. Can the bank steal your money? Can PayPal steal your money? Heck the president could steal your money!

sure, this will change when one coin will be worth 100k, even the less greedy people on earth, if were in the positio to easily steal tons of million, will turn to greedy in no time

Trezor is also open source and has their firmware code and other stuff available on github. https://github.com/trezor

If you trust bitcoin core because it is open source, you can also trust trezor. (granted, more people checked the core code.)

Potential problems can arise from firmware updates that have not been checked yet.
legendary
Activity: 3248
Merit: 1070
January 19, 2016, 04:13:46 AM
#25
Looks like there are some serious misconceptions about trezor.

Why would you trust a software wallet on your PC more than a hardware wallet? Both have the same potential issues.

Trezor can also be used with several wallets and does not need to be used with mytrezor website. Hardware failure can be overcome by using the seed in another trezor or software wallet. The trezor only communicates with the PC for signing transactions and never releases the private key, even if your system is malware infected. The blinded numpad also makes sure nobody can track your codes.

It doesn't get safer than this type of stuff.

so you're saying that i can not trust my core client? no sense, to me if we can not trust core with our private key, than bitcoin is indeed a fail

core is open source, and you can go ahead and compile yourself and check the code, this mean 100% safety, the problem is not trusting your desktop not your client, becaus emaybe you dl'ed malicious thing without knowing...

They could but they shouldn't because they are a legitimate business. Can the bank steal your money? Can PayPal steal your money? Heck the president could steal your money!

sure, this will change when one coin will be worth 100k, even the less greedy people on earth, if were in the positio to easily steal tons of million, will turn to greedy in no time
member
Activity: 77
Merit: 10
January 19, 2016, 04:08:12 AM
#24
They could but they shouldn't because they are a legitimate business. Can the bank steal your money? Can PayPal steal your money? Heck the president could steal your money!
legendary
Activity: 1946
Merit: 1007
January 19, 2016, 04:05:41 AM
#23
Looks like there are some serious misconceptions about trezor.

Why would you trust a software wallet on your PC more than a hardware wallet? Both have the same potential issues.

Trezor can also be used with several wallets and does not need to be used with mytrezor website. Hardware failure can be overcome by using the seed in another trezor or software wallet. The trezor only communicates with the PC for signing transactions and never releases the private key, even if your system is malware infected. The blinded numpad also makes sure nobody can track your codes.

It doesn't get safer than this type of stuff.
legendary
Activity: 3248
Merit: 1070
January 19, 2016, 03:53:59 AM
#22
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?

Yes.

well that's bad, it's not as a safe as everyone was think then, it's better to buy a dedicated desktop for your coins at this point
legendary
Activity: 1512
Merit: 1012
January 18, 2016, 05:09:46 PM
#21
I do not trust any 3rd party with my coins after

+1
legendary
Activity: 1512
Merit: 1012
January 18, 2016, 05:08:03 PM
#20
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?

Yes.
full member
Activity: 167
Merit: 104
January 18, 2016, 03:33:44 PM
#19
I recommend using Trezor in a multisig configuration. That way even if your Trezor is compromised, you're still safe
full member
Activity: 206
Merit: 100
January 18, 2016, 02:21:08 PM
#18
Trezor uses bip-0032. The master private key (and all derived private keys) are kept on the device (except when the key is first generated, and bip-0039 is used to display words on the display).

After the master private key is generated, the parent public key is derived and made available to clients that connect to the trezor, such as mytrezor.com. This key is used to generate the child public keys, and thus the receiving addresses, but it cannot be used to generate the private keys. If this key were compromised, you could lose the privacy of your Trezor device, meaning that your entire balance could be determined, but it could not be used to steal your bitcoin.
hero member
Activity: 560
Merit: 500
January 18, 2016, 01:48:11 PM
#17
Of course it is not. I have verified Trezor security by code review and inspecting all network traffic. I might be wrong, but i seriously doubt it. Besides that fact, more capable people than me checked it, too.


Never deposit all your coins into one single wallet ,or exchange ,online stufs never safe to get hacked or anything else,the thing is we must trust and they keep taking their fees but one day they can see 1/3 bitcoins and think i can get this and no one will be able to recover or do anything,the thing is there is a risk involved into any wallet provider.
sr. member
Activity: 474
Merit: 252
January 16, 2016, 03:16:01 PM
#16
Of course it is not. I have verified Trezor security by code review and inspecting all network traffic. I might be wrong, but i seriously doubt it. Besides that fact, more capable people than me checked it, too.
full member
Activity: 172
Merit: 100
January 14, 2016, 02:10:14 PM
#15
I was thinking about buying a Trezor, but what's the point when you need to be online and log in into that mytrezor site? what if that site ever goes online? it's pretty dumb to be honest, we wouldn't need any connection to the internet to use it, that doesn't sound very cold storage.

You can use the Trezor with other wallet software: http://doc.satoshilabs.com/trezor-faq/overview.html#which-wallets-are-compatible-with-trezor-hardware
No need to use the mytrezor site.

Are you program developer ? you can't know it's100% trust.
the seed show up on the trezor thats correct but it also synchronized with their site

Not it's not. Do you have any proof of this?
legendary
Activity: 1904
Merit: 1074
January 14, 2016, 01:29:07 PM
#14
The person who keeps all his Bitcoins on a single device deserve to lose it for being stupid. That might sound harsh but it's true. I do not trust any 3rd party with my coins after

the MtGox fiasco. Any electronic device can fail and you might lose the paper backup and the coins will be gone. Some people have even proven that they can hack the Trezor,

if they had physical access to it. {Using specialized tools} ... I keep lots of small quantities on separate media to reduce the risk and I think most people should do the same. If

one option gets exploited, you still have coins spread over other media and you do not lose everything at once. 
sr. member
Activity: 343
Merit: 254
From The New World
January 14, 2016, 10:15:10 AM
#13
I like to store my btc on a paper wallet. The Trezor  is good if you wanna have some spending money and have access to it without worrying about a key logger. If have a massive amount if btc I would invest in a Trezor.
legendary
Activity: 1204
Merit: 1028
January 14, 2016, 10:06:37 AM
#12
I was thinking about buying a Trezor, but what's the point when you need to be online and log in into that mytrezor site? what if that site ever goes online? it's pretty dumb to be honest, we wouldn't need any connection to the internet to use it, that doesn't sound very cold storage.
full member
Activity: 215
Merit: 100
January 14, 2016, 09:28:37 AM
#11
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?

PIN is set by user and it is known by the Trezor device only. Your PC doesn't know it, because of the unique way you enter the PIN, see http://doc.satoshilabs.com/trezor-user/enteringyourpin.html

The same is true for the seed, when a new seed is being created entropy from PC and Trezor device is (provably) mixed in the device to get a new seed.  Seed never leaves the device and is only displayed once on the Trezor screen during the initialization to let the user create a paper backup (24 words using BIP0044), that can be used in many 3rd wallets, see http://doc.satoshilabs.com/trezor-apps/index.html

Are you program developer ? you can't know it's100% trust.
the seed show up on the trezor thats correct but it also synchronized with their site
newbie
Activity: 28
Merit: 0
January 14, 2016, 09:21:39 AM
#10
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?

PIN is set by user and it is known by the Trezor device only. Your PC doesn't know it, because of the unique way you enter the PIN, see http://doc.satoshilabs.com/trezor-user/enteringyourpin.html

The same is true for the seed, when a new seed is being created entropy from PC and Trezor device is (provably) mixed in the device to get a new seed.  Seed never leaves the device and is only displayed once on the Trezor screen during the initialization to let the user create a paper backup (24 words using BIP0044), that can be used in many 3rd wallets, see http://doc.satoshilabs.com/trezor-apps/index.html
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
January 14, 2016, 09:12:29 AM
#9
The exchanges ,and companys of wallets can anytime take all bitcoins... we never know what may happen into this world,but you need to trust those companies as they are providing a service and collecting fees from it,otherwise they would scam you,there are several wallets options.

That's what they said about MtGox......
hero member
Activity: 560
Merit: 500
January 14, 2016, 08:53:26 AM
#8
The exchanges ,and companys of wallets can anytime take all bitcoins... we never know what may happen into this world,but you need to trust those companies as they are providing a service and collecting fees from it,otherwise they would scam you,there are several wallets options.
sr. member
Activity: 474
Merit: 252
January 14, 2016, 08:13:09 AM
#7
I doubt very much they can access your privkey from that, so many people are always going on about how good trezor are and how secure so i am sure someone has checked them out.  my biggest worry about using the trezor would be hardware failure and not being able to use it.  i think fir the foreseeable future i will stick to good old paper wallets that i can backup.......
You can restore a broken trezors coins in many ways, e.g. even by restoring into Electrum as Curious8 mentioned, a spare trezor device or one of many scripts available.
full member
Activity: 215
Merit: 100
January 14, 2016, 08:07:31 AM
#6
I doubt very much they can access your privkey from that, so many people are always going on about how good trezor are and how secure so i am sure someone has checked them out.  my biggest worry about using the trezor would be hardware failure and not being able to use it.  i think fir the foreseeable future i will stick to good old paper wallets that i can backup.......

in case of hardware failure you can always resotre your wallet with the seed in Electrum
legendary
Activity: 3248
Merit: 1070
January 14, 2016, 08:02:55 AM
#5
is better use trezon than pc online

well it depend, on how you use your pc, if you don't download anything and run the client, only i can argue that it is as a safe as a trezor can be

you cna even build a mini-itx desktop just to run the client, it would cost you more than a trezor though
sr. member
Activity: 440
Merit: 250
January 14, 2016, 07:54:36 AM
#4
is better use trezon than pc online
hero member
Activity: 1106
Merit: 521
January 14, 2016, 07:49:57 AM
#3
I doubt very much they can access your privkey from that, so many people are always going on about how good trezor are and how secure so i am sure someone has checked them out.  my biggest worry about using the trezor would be hardware failure and not being able to use it.  i think fir the foreseeable future i will stick to good old paper wallets that i can backup.......
full member
Activity: 215
Merit: 100
January 14, 2016, 07:41:14 AM
#2
up
full member
Activity: 215
Merit: 100
January 14, 2016, 06:29:35 AM
#1
The seed and the PIN are generated in their site mytrezor.com
what makes me wonder if they have access to this sensetive info?
Jump to: