ELI5: Trezor Seedphrase-Sicherheit

It’s pretty simple.

The seed phrase is stored in Trezor CPU memory. There is no practical way of getting it out unless the CPU tells it — you can’t take the memory out and plug it into a different computer.

There are two ways to get the CPU to tell you the memory contents:

1. Built-in debugging instructions: you wire the CPU to a special debugging board, send some signals, and other signals come out that tell you the contents.
The CPU is locked down in factory, so that these signals don’t work. But if you’re Kraken Labs, and have physical access to the CPU, you can take it out of the Trezor, wire it to the debugging board, and reverse the factory lockdown.

2. Ask the software running on the CPU nicely to tell you the memory contents. In other words, use some sort of feature of the firmware do download the memory contents.

You can see the source code for Trezor firmware [on github](https://github.com/trezor/trezor-firmware), and you can find instructions to verify that it is actually the same firmware that is running on the device.

A lot of people have been looking through the source, so you can be confident that (a) the firmware will NOT tell the PC the seed
**intentionally**, and (b) there are no known „underhanded“ ways to get the firmware to tell you the seed **by mistake**.

How can you be sure of (b)? Proof by people.

First, **security research.** The serious security researchers are doing things like [extracting the seed via physical attack](https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/) or [getting you to burn your funds as a fee](https://blog.trezor.io/details-of-firmware-updates-for-trezor-one-version-1-9-1-and-trezor-model-t-version-2-3-1-1eba8f60f2dd). If they _could_ find a way to get out the seed remotely, they would have done that and not mess with the other, more complex and more brittle methods of attack.

Second, **incidents**. If I were a hacker, and discovered a way to extract seeds from Trezors, I would first collect as many seeds as I can, and then [steal ALL THE MONEY](https://imgflip.com/i/5zvcg6), before Trezor team discovers the same thing and updates everyone’s Trezors.

This has not happened. Instead, the incidents you see are isolated, a completely random person claiming that their Trezor was [hacked in a boating accident](https://np.reddit.com/r/OutOfTheLoop/comments/74nd0i/what_is_up_with_guns_disappearing_in_boat/).

But in the end, nothing is unhackable. We don’t know of a way today, maybe someone will discover it tomorrow.

TLDR; if your wallet is physically stolen, restore as quickly as possible and move your funds to a new wallet with a new key.

Generally, the Key is in SRAM or RAM on the device, depending on which state it is in (powered, booted up, etc.). This is not a „secure element“ like certain other wallets use (but the makes of Trezor not only claim to have found serious problems with these, since they are closed source, nobody can ensure they don’t have a backdoor or are exploitable). Trezor has actually started a small open organization for secure element chip manufacture a while back. https://blog.trezor.io/introducing-tropic-square-why-transparency-matters-a895dab12dd3

Anyway, Trezor went some distance to make it harder to extract the key. The program(s) running on these chips in the Trezor is designed to never reveal these after the user seed phrase backup. It is reasonable to assume that it is difficult to get it out there, bordering on impossible.

There are currently no know remote exploits to do this (other than what I describe in the last paragraph). Trezor has a good history of addressing these vulnerabilities in the past, see here: [https://trezor.io/security/](https://trezor.io/security/)

Sadly, there are a few „underhanded“ ways to extract the private key / seed, which involve installing a custom software (firmware) on the wallet. Usually these require physical access (i.e. stealing the wallet, or a good amount of time during a break-in), or making you inadvertently install a compromised firmware (i.e. what you clicked on is swapped out with a manipulated piece of code).

Physical access is a narrow attack vector as it usually requires expert knowledge, but if someone steals your Trezor, chances are such an opportunity opens up for them (either in the past or future).Examples are the attacks demonstrated in the talk show at [https://wallet.fail](https://wallet.fail) (sorry, definitely not ELI); these may or may not apply to your personal threat profile. A Trezor One exploit is examined at 35:30, TLDR; it is possible to get the Trezor to reveal the private key.

If you have many millions in your cold wallet, „evil maid“ (someone already in your house, family, housekeeper, etc.) attacks or break-ins become more likely if they know who you are.

Some argue that only a few experts on the planets can break hardware like this; but instead I would assume that every organized burglar in 2022 is trained to recognize crypto wallets, and every fence and every sufficiently high law enforcement agency in the world knows about and has access to exploits for these potential vulnerabilities.

However, I am not sure about the economics of theft, so unless they know how much you have in your wallet, chances are they assume that on average, the funds stored on a hardware walled do not exceed the value of the wallet; and it can cost them significant time to breach it (with the chance of the wallet having been cleared of funds before).

A much bigger overall risk comes from something compromising your computer (a trojan horse program, a virus, etc.), and changing the transactions or addresses you paste in when you make your HWW transactions. Thus, always carefully read what it says on the display. Well-made malware will also pick false addresses that look similar to yours, i.e. start and end with the same letters. This is by far the biggest attack vector; in combination with smart contract exploits where you inadvertently authorize someone else to spend your funds in the future.