The security model of a hardware wallet does NOT depend on how many stickers came in the box

Just had to get this off my chest. Obsessing over holograms, stickers, plastic cases is missing the point. It's actively dangerous to your Bitcoin because not understanding the security model of hardware wallets WILL get you hacked.

I wrote an article about how hardware wallets protect you, but TLDR:

a hardware wallet is initially devoid of any software, or firmware. The initial action for the user is to download and install the firmware, during which the device verifies that the firmware has been officially signed by the wallet's manufacturer.

THIS is the key step that protects against malicious senders.
Additionally:

This verification process occurs every time the wallet is powered on, ensuring the firmware's authenticity and safeguarding against supply-chain attacks—wherein malicious software might be installed while the device is en route to you—and evil maid attacks, which involve someone tampering with the device when left unattended.

Furthermore, there has never been an attack in the form of malicious devices. The only known interception attack is wallets delivered with pre-filled seed cards.

4 thoughts on “The security model of a hardware wallet does NOT depend on how many stickers came in the box”

  1. Please bear in mind that no one from the Trezor team would send you a private message first.
    If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/

    No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!
    Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. > Furthermore, there has never been an attack in the form of malicious devices. The only known interception attack is wallets delivered with pre-filled seed cards.

    False. There are well reported cases of fake Trezor Ts in the wild: https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/

    plus of course the thing with modified Ledgers that installed malware https://www.bleepingcomputer.com/news/cryptocurrency/criminals-are-mailing-altered-ledger-devices-to-steal-cryptocurrency/

    >>The initial action for the user is to download and install the firmware, during which the device verifies that the firmware has been officially signed by the wallet’s manufacturer.

    >THIS is the key step that protects against malicious senders.

    Super easy to fake

    >ensuring the firmware’s authenticity and safeguarding against supply-chain attacks

    ahahaha nope. this does nothing to protect from a supply chain attack, obviously, because the attacker had replaced this check as an integral part of said supply chain attack.

    I mean. You’re kinda right that the number of stickers is unlikely to indicate that a hacker kept one when re-packaging your tampered device.

    but other than that the only good defence is the secure element attestation in the Trezor Safe line, because it’s extremely difficult to pair the original secure element to an inauthentic chip.

    pls do better research before explaining security models to other people

  3. There are ways to bypass this by tricking you to download a malicious app which shows you that the hardware is authentic where in reality it is not. I really like Cypher rock wallet’s approach here where they allow you to setup an email as a 2FA where you can check the authenticity results apart from just the app.

  4. You took the time to write all of this, and you are correct. However, no one that buys one of these is going to do any research and they certainly won’t end up reading this post. They will still continue to rush in here with ridiculous things like OH MY THERE IS A SCRATCH ON THE CARDBOARD BOX THAT THE ITEM ARRIVED IN. AM I HACKED?

Comments are closed.