How do I know that my TREZOR has not been broken into?

In order to exploit this issue, an attacker would have to break into the device, destroying the case in the process. They would also need to flash the device with a specially-crafted firmware. If your device is intact, your seed is safe, and you should update your firmware to 1.5.2 as soon as possible.

With firmware 1.5.2, this attack vector is eliminated and your device is safe.

If you use a passphrase, even if the attacker broke into your TREZOR and extracted your seed, your coins would still be safe.

I bought a TREZOR yesterday, is it also affected?

If you initialize your TREZOR for the first time after the new firmware is released, your TREZOR will have the newest firmware, and therefore it will not be affected. If you have an up-to-date firmware, no notification will be shown in TREZOR Wallet.

Do I really need to update?

Most likely, yes.

Go to TREZOR Wallet. If the Wallet tells you your firmware is outdated, please do update your device.

What if an attacker downgrades the firmware to versions lower than 1.5.2?

TREZOR storage will be wiped — the seed is erased.

Are other hardware wallets affected?

All hardware wallets based on TREZOR’s design are potentially vulnerable to this attack vector. We have reached out to other producers of hardware wallets and informed them about the issue.