Back to security portal

Malicious change in mixed transactions

Reported on March 7, 2020
A specially crafted multisig transaction could leverage a inconsistent sanitization of inputs to include a change output of an attacker, which wasn't confirmed by the user.
Reported bySaleem Rashid
Our blog post
Trezor Model T

Resolved vulnerabilities

Reported by community. Investigated. Resolved. Because your security is never optional.