All articles

Past security issues

Collection of security issues found both internally and externally. For a more in depth look at each issue learn more at GitHub: Past Security Issues

Vulnerability	Date Reported	Notes	Details
Missing confirmation screen in the ECDHSessionKey call	2023-11-26	Impact: Skipped confirm on TS3 Severity: Medium Fix: Firmware 2.6.4 for Trezor Safe 3 Reported By: Mathias Herberts	GitHub
XSS in Trezor Connect legacy versions	2023-02-07	Impact: Possible phishing attack Severity: Medium Scalability: Remote (Interaction) Reported By: Jun Kokatsu	GitHub
Insufficient field size check in Protobuf	2021-07-12	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.10.3 Reported By: Stellar Development Foundation	GitHub
Read Protection Downgrade Attack	-	Impact: Seed Exposure Scalability: Local invasive Reported By: Kraken	GitHub
Monero unlock_time issue	2020-02-01	Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Sebastian Kung	GitHub
Possible large transaction fee via two Segwit transactions	2020-03-03	Impact: Destruction of Funds Severity: High Scalability: Remote (Interaction) Fix: Firmware 1.9.1 for Model One and 2.3.1 for Model T Reported By: Saleem Rashid	GitHub
Malicious change in mixed transactions	2020-03-07	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Saleem Rashid	GitHub
Insufficient field size check in Protobuf	-	-	GitHub
Malicious change in mixed transactions	2020-03-02	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.3.0 Reported By: Saleem Rashid	GitHub
OP_RETURN treated as change output	2020-03-02	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: 1.9.0 + 2.3.0 Reported By: Saleem Rashid	GitHub
Malicious change in mixed transactions	2019-10-01	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 2.1.8 Reported By: Marko Bencun	GitHub
Information leak via OLED display	2019-04-08	Impact: TBD Severity: TBD Scalability: Local (Non-invasive) Fix: Firmware 1.8.2 Reported By: Christian Reitter	GitHub
Secret information leak via USB Descriptors	2019-01-02	Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.8.0 for Model One and 2.1.0 for Model T Reported By: Colin O'Flynn	GitHub
SRAM dump via glitching the firmware update	2018-12-27	Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: wallet.fail	GitHub
Information leak via U2F	2018-11-26	Impact: TBD Severity: TBD Scalability: Remote (Unlocked) Fix: Firmware 1.7.2 Reported By: Christian Reitter Rashid	GitHub
Side-channel analysis (SCA) of PIN comparison	2018-10-31	Impact: Theft of Funds Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.8.0 Reported By: Charles Guillemet	GitHub
Buffer overflow in bech32_decode/cash_decode	2018-09-26	Impact: Device freeze Severity: None Scalability: Remote (Interaction) Fix: Firmware 1.7.1 Reported By: Christian Reitter	GitHub
MPU circumvention via SYSCFG registers	2018-08-07	Impact: - Severity: - Scalability: Supply Chain Fix: Firmware 1.6.3 Reported By: Sunny	GitHub
Buffer overflow in message processing	2018-05-25	Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.6.2 Reported By: Christian Reitter	GitHub
Race condition in recovery	2018-05-25	Impact: Seed Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.6.2 Reported By: Christian Reitter	GitHub
STM32F205 write-protection issue	2018-02-12	Impact: - Severity: - Scalability: Supply Chain Fix: Firmware 1.6.1 Reported By: Saleem Rashid	GitHub
Note on fixing SRAM memory access	-	-	GitHub
Note on theoretical fault attack vector (2017 DEFCON talk)	-	-	GitHub
Secret leak via SRAM residue	2017-08-01	Impact: Seed Exposure Severity: Moderate Scalability: Local (Destructive) Fix: Firmware 1.5.2 Reported By: Sunny	GitHub
Possible key extraction with oscilloscope	2015-03-26	Impact: Key Exposure Severity: High Scalability: Local (Non-invasive) Fix: Firmware 1.3.3 Reported By: Jochen Hoenicke	GitHub
Malicious change in mixed transactions	2015-02-23	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.3.1 Reported By: Nicolas Bacca	GitHub
Malicious ScriptSig in signed transaction	2014-07-30	Impact: Seed Exposure Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.2.0 Reported By: Nicolas Bacca	GitHub
XSS in Trezor Connect	-	-	GitHub
CSRF issues in Dropbox integration	-	-	GitHub
Missing path isolation check	2018-03-01	Impact: Theft of Funds Severity: Critical Scalability: Remote (Interaction) Fix: Firmware 1.9.2 Reported By: Yura Pakhuchiy	GitHub

a part of SatoshiLabs Group

Products

Trezor Safe 3 Model T Model One Trezor Keep Compare Trezors Trezor Suite Accessories

App Coins

Learn

Supported Coins Blog Privacy and Security About Company Support Knowledge Base Forum

Other

FAQs Terms of Use Affiliate Program Reseller Program Resellers GitHub Careers

Cookies settings

Learn

Support

Other Resources

Past security issues