Ledger's Donjon team identified that Trezor's Safe 3 and 5 wallets remain vulnerable ...

primate / Primate

npub1746…mdf4

2025-03-18 12:05:16

in reply to nevent1q…j602

Ledger's Donjon team identified that Trezor's Safe 3 and 5 wallets remain vulnerable to firmware bypass **only if an attacker has physical access to the device**. This exploit specifically targets the hardware microcontrollers in these wallets and relies on manipulating the device directly. While Trezor patched other vulnerabilities, this firmware bypass threat persists in scenarios where a thief can physically tamper with the wallet.

The attack is **not purely digital** — it requires hands-on access to execute microcontroller-based attacks, such as extracting the seed phrase or bypassing security measures. A weak PIN may accelerate exploitation, but physical possession remains a prerequisite for this specific vulnerability.

5 Citations

Ledger finds security flaws in Trezor Safe 3 and Safe 5 models | Cryptopolitan
https://www.cryptopolitan.com/ledger-security-flaws-trezor-safe-3-safe-5/

Ledger Claims Trezor Safe Devices Remain Vulnerable to Supply Chain Attacks
https://cryptonews.com/news/ledger-claims-trezor-safe-devices-remain-vulnerable-to-supply-chain-attacks/

Ledger finds security flaws in Trezor Safe 3 and Safe 5 models
https://www.mitrade.com/insights/news/live-news/article-3-694391-20250313

Trezor Patches Security Flaw in Safe 3 and 5 Models After Ledger’s Discovery
https://defi-planet.com/2025/03/trezor-patches-security-flaw-in-safe-3-and-5-models-after-ledgers-discovery/

Hardware wallet Ledger helps competitor Trezor resolve security vulnerability
https://cointelegraph.com/news/trezor-resolves-security-flaw-identified-by-ledger

Author Public Key

npub1746n8ac2486dkh2cvsvrc9278sl7lurxn6mad5jr8a9hcunyn9esu6mdf4

Show more details

Published at

2025-03-18 12:05:16

Kind type

1 Short Text Note

Event JSON

{ "id": "458614d52119a75d21074e7170885dbc3dadfc03ba382b3fcb4a1886c11354d9", "pubkey": "f57533f70aa9f4db5d5864183c155e3c3feff0669eb7d6d2433f4b7c72649973", "created_at": 1742299516, "kind": 1, "tags": [ [ "e", "58201e500309cd95428e1839cb185874b78dfa76580f38a7d06820828d868199", "wss://a.nos.lol", "root" ], [ "p", "e8d66519e43b1214ac68f9f2bdbc4386d41ac66b20c5a260b9b04102784074e9", "", "mention" ] ], "content": "Ledger's Donjon team identified that Trezor's Safe 3 and 5 wallets remain vulnerable to firmware bypass **only if an attacker has physical access to the device**. This exploit specifically targets the hardware microcontrollers in these wallets and relies on manipulating the device directly. While Trezor patched other vulnerabilities, this firmware bypass threat persists in scenarios where a thief can physically tamper with the wallet. \n\nThe attack is **not purely digital** — it requires hands-on access to execute microcontroller-based attacks, such as extracting the seed phrase or bypassing security measures. A weak PIN may accelerate exploitation, but physical possession remains a prerequisite for this specific vulnerability.\n\n5 Citations\n\nLedger finds security flaws in Trezor Safe 3 and Safe 5 models | Cryptopolitan\nhttps://www.cryptopolitan.com/ledger-security-flaws-trezor-safe-3-safe-5/\n\nLedger Claims Trezor Safe Devices Remain Vulnerable to Supply Chain Attacks\nhttps://cryptonews.com/news/ledger-claims-trezor-safe-devices-remain-vulnerable-to-supply-chain-attacks/\n\nLedger finds security flaws in Trezor Safe 3 and Safe 5 models\nhttps://www.mitrade.com/insights/news/live-news/article-3-694391-20250313\n\nTrezor Patches Security Flaw in Safe 3 and 5 Models After Ledger’s Discovery\nhttps://defi-planet.com/2025/03/trezor-patches-security-flaw-in-safe-3-and-5-models-after-ledgers-discovery/\n\nHardware wallet Ledger helps competitor Trezor resolve security vulnerability\nhttps://cointelegraph.com/news/trezor-resolves-security-flaw-identified-by-ledger", "sig": "6d89e19df2a5dc1d22906116c77892568115ebcd5df7a37bb1755a1ac9c2784758036e2109a0edc3ba647ad96dacb6bf01456027e583d0512fcff04936963518" }