硬體錢包受關注：Trezor 最新安全修復對你的加密貨幣意味著什麼

Trezor just patched a serious microcontroller vulnerability in its Safe 3 and 5 models—and it’s worth paying attention to. The catch? Competitor Ledger’s research team (Ledger Donjon) found it first.

What Went Wrong

Ledger researchers discovered that cryptographic operations could still execute directly on Trezor’s microcontroller, potentially exposing devices to sophisticated attacks. Even though Trezor had implemented firmware integrity checks to prevent tampering, Ledger showed these could be bypassed by attackers.

The vulnerability centered on Trezor’s two-chip design—while the “Secure Element” chip protects your PIN and private keys, the main microcontroller proved to be a weak link.

The Fix (Sort Of)

Trezor confirmed the vulnerability has been resolved, but here’s the thing: the company says a firmware patch isn’t feasible. That’s notable. Instead, Trezor emphasized multi-layered defenses and strongly recommends buying hardware wallets only from official sources to avoid supply chain risks.

Trezor’s reassurance: “User funds remain secure. No action required.”

The Bigger Picture

This incident reveals the ongoing cat-and-mouse game in hardware wallet security. Ledger itself has faced breaches (like the $484K theft in December 2023 via a compromised connector library), showing that no player in this space is immune to security challenges.

The takeaway? Hardware wallets are still among the safest ways to store crypto, but they’re not unhackable. Layered security and official channels matter.