Trezor uses a secure element (SE) from Infineon, specifically the SLE78, which they implement in their products as the Optiga Trust M. They assure customers that their seed backup is safe, but they fail to mention that the ECDSA private key is the information being stored, which could be seen as misleading to their customers.
My research shows that Ledger, Coldcard, and OneKey use secure elements from different manufacturers.
Coldcard uses two different secure elements from separate manufacturers. One of them is Microchip's ATECC608, and recently, the company was reportedly affected by malware, compromising some internal information. However, there is currently no information regarding the full extent of the impact.
Are there any reports of SEs being hacked and Bitcoin being compromised or stolen because of it?
reply
No, it needs physical access to the device and a very specialist hardware to extract the private key.
The extractions were done on yubikeys, but Trezor has the same component. Then, theoretically it is possible, but it is hard and no one reported about it.
reply
0 sats \ 1 reply \ @OgFOMK 5 Sep
Wack-a-mole.
reply
Wack-a-mole. totally
reply