Common security threats
This article describes the layers of protection used to protect Trezor users from potential security threats.
- Phishing
- Brute forcing the Trezor PIN
- Reflashing the Trezor device with malicious firmware
- Evil maid attack - replacing a Trezor device with a fake
- Stealing the user's computer
- Hacking Trezor servers
- Trezor shutting down
- Running the recovery process on an infected computer
- Side channel attacks
- Honeypot token scam
Phishing
If you wish to make a payment to someone on the internet, you need to know their receiving address.
Unlike Trezor devices, computers are not necessarily secure, and it is possible that the address displayed on your screen is maliciously modified.
To be sure, always check the receiving address on your Trezor device screen (see Receiving payments). To be extra safe, we also recommend confirming the recipient's address using an additional second channel, such as SMS, phone call, or a face-to-face meeting.
For more information about phishing attacks on Trezor Suite, check out our blog posts:
Never give your wallet backup to anyone and never enter it anywhere in a straight sequence from the first word to the last one.
Brute forcing the Trezor PIN
Your Trezor device is protected by a PIN code. If a good PIN is selected, it would take hundreds of thousands of attempts to get it right.
Every time a wrong PIN is entered, the waiting time between the attempts increases by a power of two. The device automatically wipes itself after 16 unsuccessful attempts.
Reflashing the Trezor device with malicious firmware
Official Trezor firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the Trezor device is possible, but doing so will wipe the device storage, and it will show a warning every time it starts.
To be extra careful, make sure that the Trezor package is unopened, and the tamper-evident holograms are undamaged and in place.
For more information check out our articles discussing how to check the authenticity of your Trezor Safe 5, Trezor Safe 3, Trezor Model T or Trezor Model One.
Evil maid attack - replacing a Trezor device with a fake
It might be possible for a malicious third party to steal your Trezor and replace it with a fake one. If embedded with a wireless transmitter, the fake device could transmit any PIN it received. The attacker would then have full access to your funds.
If you are concerned about such an attack, it is a good idea to sign the back of your Trezor with a permanent pen. Do not forget to check the signature before each use. You can also set a custom home screen with a unique picture that would be hard to copy or fake.
The device chassis is sealed using ultrasonic welding, and opening a Trezor device without destroying the case is nearly impossible.
Stealing the user's computer
If the user's computer gets stolen, it does not affect the safety of his or her funds. The Trezor device can be used with a different computer. It is not possible to access the user's funds from the stolen computer without the Trezor device itself.
Hacking Trezor servers
SatoshiLabs and Trezor take security very seriously, so this option is extremely improbable. Moreover, you can set up your own custom backends, meaning you can use Trezor Suite without having to rely on the SatoshiLabs servers.
Trezor shutting down
There are no such plans because we love cryptocurrencies, but even if we had to close down, there is nothing to worry about. Trezor is compatible with other BIP32, BIP39 and BIP44 compatible wallets. Since our code is publicly available, developers from around the world can maintain it and add new functionalities. In extreme cases (although this is not recommended), it is possible to use the wallet backup to recover your funds in a different wallet as well.
Running the recovery process on an infected computer
During the recovery process of the Trezor Model One you are asked to enter your wallet backup into the computer with the words in a random order.
Even if your computer has a key-logger installed on it and the randomly ordered words are stolen, it would take many years to crack the order of the actual wallet backup even with the most powerful computer.
Moreover, on the Trezor Model T, Trezor Safe 3, and Trezor Safe 5, the wallet backup words are entered on the device itself, so there is no danger of key-logging by an infected computer. With the Trezor Model One, you can always use the advanced recovery method to avoid malicious computers.
Side channel attacks
Side channel attacks described by Jochen Hoenicke were fixed by rewriting all crypto functions to use constant time. Jochen did almost all of the fixing, and we have been collaborating ever since on various security and non-security related improvements. Furthermore, we ask for the user's PIN before every operation involving a private key (e.g., generating the public key), so even if there were some side channel attacks left, the attacker would still need to know the PIN to trigger it.
Honeypot token scam
What is a honeypot token?
A honeypot token is a type of malicious cryptocurrency token designed to deceive users into making transactions. It appears to be a legitimate investment opportunity, but it contains hidden code that restricts users from selling the token once they’ve purchased it. Essentially, it traps unsuspecting buyers by making the token seem attractive to investors while ensuring that they can’t sell their holdings.
How a honeypot token works
A honeypot token typically functions like any other cryptocurrency. A malicious actor creates a token and lists it on decentralized exchanges (DEXs) or other trading platforms, often with a catchy name, promising high returns or unique features. The token might seem perfectly legitimate, and it may even show a price increase or high trading volume to attract buyers.
However, once you buy the token, the real trick happens: the smart contract governing the token is programmed to prevent you from selling it. This often involves setting up restrictions on the “sell” function, allowing only the creator or a select group of wallets to execute sales transactions. In some cases, the smart contract could even contain hidden fees for sales, making it financially unfeasible to sell the token at all.
Why are honeypot tokens dangerous?
Honeypot tokens are designed to exploit the trust of crypto investors. Here’s why they are so dangerous:
Deceptive marketing
Honeypot tokens often have enticing marketing tactics that attract investors. High promised returns, or a compelling community presence can lure people in.
Loss of funds
The most obvious danger is that investors lose the money they’ve spent purchasing the token, as they are unable to sell it.
How to spot honeypot token
Protecting yourself from honeypot tokens requires awareness and due diligence.
Use honeypot detection tools
Several websites and tools allow users to check if a token is a honeypot before purchasing. Tools like Honeypot.is, Token Sniffer, and others scan the contract for suspicious behaviors.
Community feedback
Do your research. Check online communities like Reddit, or X (Twitter) for any reports or warnings about a particular token. Active communities will often alert others about suspicious tokens.
Verify token information
Use reputable sources to verify the legitimacy of a token. Avoid buying tokens with limited or no verifiable information.
What to do if you’ve been scammed by a honeypot token
If you’ve fallen victim to a honeypot token scam, there are limited options for recovery. Unfortunately, due to the decentralized and pseudonymous nature of crypto, recovering lost funds can be incredibly difficult. However, here’s what you can do:
Report to authorities
Depending on your country, reporting cryptocurrency scams to regulatory authorities or law enforcement can help them investigate and take action against malicious actors.
Share your experience
Share your experience on social media and with the crypto community. This can help warn others and prevent more people from falling victim to the same scam.