Due to the demonstration of compromising a Trezor in 15 minutes at Defcon, why is this still recommended as a secure wallet? Inf act it should be replaced ASAP by anyone using one.
Firstly, see Trezor’s rebuttal here:
Secondly, these kind of attacks will likely always be possible for really skilled electronics pros. You can’t reasonably expect a <$100 device to be proof against an electronics expert in a well-equipped laboratory. However, that’s a pretty small threat window compared to the absolutely massive threat of malware attacks.
Consider that the first type of threat requires a very sophisticated attacker to gain physical control over the device without the owner’s knowledge, and compromise it before the owner is alerted and moves their coins. That’s possible in very particular circumstances – like if you take your Trezor to Defcon and pass out after too many beers – but otherwise it’s pretty unlikely. Good physical security and secrecy will prevent such attacks.
Unlike that type of attack, malware is an ever-present threat to anyone connected to the internet (and even to smaller networks). It’s far, far easier and less risky to compromise multiple software wallets through a network than it is to access the hardware wallet of anyone taking reasonable precautions. As such, even if they’re completely broken against physical attacks, hardware wallets are still extremely useful and will protect users against 99%+ of attacks.
Please login or Register to submit your answer