Bug in multisig verification
Incorrect on-device display/confirmation could have misled users into approving a seemingly minor “fee bump” transaction that was actually malicious, potentially compromising funds in a Bitcoin multisig wallet (threshold > 1). The attacker would need to control one signer, and the other signers’ Trezor Suite would need to be compromised.
In addition to this finding, the researcher submitted several minor reports spanning Firmware, Suite, Connect, and Blockbook. Many of the findings were low severity and focused on robustness and hardening issues such as out-of-bounds reads, parsing/validation bugs, verifier/bypass edge cases, memory-zeroization gaps in cryptography code paths, and transport/protocol handling problems. As these were primarily low-severity or purely informative, they have not been listed here individually. We sincerely thank the researcher for their comprehensive contributions.
Vulnerabilidades solucionadas
- Open redirect20 de marzo de 2026
- Biometric Verification bypassed in Trezor Suite with external monitor9 de marzo de 2026
- Insufficient entropy on Trezor Model One with 12/18 words6 de febrero de 2026
- Inability to cancel certain flows on pre-production firmware31 de octubre de 2025
- Fix side-channel in BIP-39 mnemonic processing when unlocked24 de septiembre de 2025
- Donjon's Trezor Safe 3 evaluation12 de noviembre de 2024