Kraken Trezor hack Nachwehen

There’s a [video](https://www.youtube.com/watch?v=dT9y-KQbqi4) about some guy successfully recovering his seed with help from a Trezor, but this bug has been fixed with a firmware upgrade by Trezor in 2017.

And if you’re gonna read about Kraken hacking Trezor, [do it on their official blog](https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/) and try to find [Kraken’s response](https://blog.trezor.io/our-response-to-the-read-protection-downgrade-attack-28d23f8949c6).

This hack can still be possible, if you don’t use a passphrase.Seriously, follow [this instruction](https://wiki.trezor.io/User_manual:Security_best_practices) about keeping you funds safe and read the entire wiki of any crypto device if you think about using them.

How secure is the best hardware wallet if someone is standing behind you with a gun to your head? Asking for a friend.

> access to all hidden wallets

That’s not true, the passphrase is not stored on the device. Even if your seed gets compromised without the passphrase your funds are safe.

This article is from feb. 2020 🤦
Spam imo.

this is a good post and a fair question. I have NOT forgotten about this exploit, and as such, I consider my trezor model T to be compromised (more specifically: able to be compromised upon someone gaining physical possession of it) and so I store it in the same place as my cryptosteel backup of my seed phrase. in other words, if you are carrying around a trezor model T, and then lose it, you would be wise to transfer your funds to a wallet backed by a separate seed phrase. to be fair and to not pick on trezor in particular, perhaps you should adopt this mindset after losing ANY hardware wallet. just because it’s not compromised today, doesn’t mean it can’t be in the future, right?

simply put, this device (Trezor Model T) is NOT secure anymore (if A. no passphrase and B. someone has physical possession), and I wish trezor would just be forthcoming about this risk. they owe it to their customers. I remember reading their response to the attack and it seemed to completely dance around this critical fact. ridiculous.

I don’t really get the issue. Its not reasonable to expect a hardware wallet to make it impossible for the seed to be extracted. That is exactly what the passphrase is for. You can get your seed phrase backup stolen too. So whether it can be extracted from the device itself doesn’t protect you from theft. Use a passphrase.