Author

Topic: How to prevent if The Trezor release new firmware update to steal Bitcoin (Read 140 times)

legendary
Activity: 2212
Merit: 7064
For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?
Confiscating trezor or any other hardware wallet is not needed if they find (or you give them) your seed words backup.
You can somehow improve safety of your funds by adding multiple passphrases and creating fake decoy account with smaller amount of bitcoins.
Multisig with other hardware or software wallets could also be one of the options but it adds extra layer of complexity and it's meant for storing larger amount of coins.
legendary
Activity: 2730
Merit: 7065
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?
Both your Trezors would rely on the same code and software. If you are using the same seed on both, the one where you installed that malicious update would cause you to lose everything. Alternatively, you could have two different wallets protected by different seeds in each of your Trezors. Or two different passphrased wallets.

In theory. If any open-source client releases a backdoored and malicious update, and the vulnerability is not checked or discovered by anyone in the updated code, it can lead to the loss of funds for those who installed the new update. But with hardware wallets, you are forgetting that you have to physically approve the transaction by pressing the correct buttons on the gadget. The malicious code could be written to reveal your seed maybe or have you generate pre-generated addresses that belong to scammers when you want to send a new transaction.     
newbie
Activity: 22
Merit: 7
Thanks for all the replies. Really appreciate it. 👍🏻
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
Otherwise, i would repeat what @jackg said about basic security awareness/research from user side.

I agree here.
Waiting a few days to pass the first tests is always a good solution. I do that almost always because it is not uncommon to make another new one with additional improvements, almost immediately after the new version.
I gained that experience in working with the administration of Windows, the new update often caused me unexpected problems.
for Trezor I don't even remember which the last update was mandatory and without it it could not function
legendary
Activity: 2450
Merit: 4415
🔐BitcoinMessage.Tools🔑
Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
In order to prevent being hacked by a Trezor team, you should behave the same way you behave while interacting with the bitcoin network, which is you don't trust what you see, instead you run your own open-source software and maintain your own copy of transactions history to verify everything by yourself before accepting. If you're concerned about the credibility of Trezor, don't run their software, use other open-source alternatives. Don't trust the firmware they are forcing you to install. Either verify it and reproduce from source code or never update your device. Once you bought your hardware wallet, you have become an owner of an autonomous, independent device the security of which shouldn't necessarily be maintained or rely on the company that produced it.
newbie
Activity: 22
Merit: 7
Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite
I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted?

Sorry for so many questions. I wanted to know, at least superficially, how this is implemented.

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes.

yup, I guess we should use 2 Trezor, 1 for testing if the new update is good when every new update is released.🤔
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
I mean user don't noticed that Trezor is captured and they voluntarily update it.

I think there's a slight obligation by the user to do a small amount of research before updating (or waiting a few days without installing and update or using the device) to see if anything is unusual. Completely updating to a new UI you're unfamiliar with can be problematic too for example.
newbie
Activity: 22
Merit: 7
Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack.

I mean user don't noticed that Trezor is captured and they voluntarily update it.
legendary
Activity: 1792
Merit: 1296
Crypto Casino and Sportsbook
Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite
I've always been curious to know how often the source code is checked? When does a new release come out? Who is doing this? How many people check the source code? How much can they be trusted?

Sorry for so many questions. I wanted to know, at least superficially, how this is implemented.

Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
It seems to me that if this is implemented, it will be done differently. The regulator will create conditions under which people themselves will be forced to give their bitcoins or part of it in the form of taxes.
newbie
Activity: 22
Merit: 7
Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite

Been open source is helpful but we need to wait for some time before update it, allowing people to check it first.
I believe many people will immediately update it as soon as new update released  without any doubt.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Also I don't think trezor can force people to update their firmware if they don't want to. I guess they could make it incompatible but since there are other drivers that can be used and it's open source, that makes things a lot harder for them to succeed in an attack.
staff
Activity: 3500
Merit: 6152
Both Trezor's software and firmware are open-source. If they add malicious code, people would find out[1][2]

[1] https://wiki.trezor.io/Firmware_changelog
[1] https://github.com/trezor/trezor-suite
newbie
Activity: 22
Merit: 7
Hello,

For example, Trezor captured by regulator and regulator wanna confiscate all people Bitcoin.
They will release a new firmware update to steal all people Bitcoin.
How to prevent that? Use 2 Trezor?

Regards
Jump to: