🟢 Trust Rating: High
Trezor is the rare hardware wallet where you can read every line of firmware and check the hardware design yourself. SatoshiLabs has shipped open source since 2014, the Safe line now carries certified secure elements, and a passphrase closes the one physical attack that older units were vulnerable to. The catch is not the device. It is that Trezor's customer data has leaked twice, and its owners get phished harder than almost anyone in crypto. The hardware earns the green rating. Your inbox is on its own.
What is Trezor?
Trezor is a line of Bitcoin and crypto hardware wallets made by SatoshiLabs, based in Prague, Czech Republic. It shipped the first commercial hardware wallet in 2014. A hardware wallet keeps your private keys on an offline device and signs transactions there, so the keys never touch your internet-connected computer. Trezor's whole pitch is verifiability: the firmware is open source, the hardware designs are published, and third parties can audit the lot instead of trusting a black box.
As of January 2026, SatoshiLabs pulled the original Model One and the touchscreen Model T from its own store. The current lineup is the Safe 3, the Safe 5, and the flagship Safe 7. All three use certified secure elements, which the older models did not have.
Critical Privacy Concerns
⚠️ Read This Before You Buy
- Trezor's servers see your addresses by default. Trezor Suite checks your balance by querying SatoshiLabs' own Blockbook servers. That means the company can see which addresses and xpub belong to your wallet unless you point Suite at your own node. More on that below.
- Older models leak their seed under physical attack. The Model One and Model T can be opened up and voltage-glitched to dump the seed. A passphrase defeats this completely, but out of the box it is a real weakness.
- You will get phishing emails. Trezor customer contact data has leaked twice (2022 and 2024). Attackers know you own a wallet and know your email. The scams that follow are convincing and relentless.
- CoinJoin is gone. The built-in Bitcoin mixing feature was shut off on June 1, 2024. If on-chain privacy was your reason for buying, that reason no longer ships.
Open Source, All The Way Down
This is where Trezor genuinely leads. The firmware has been open source since the beginning, so anyone can read it, build it, and check that the device running in your hand matches the published code. The hardware schematics are public too. Compare that to competitors that hide their secure element behind an NDA and ask you to trust them. With Trezor you do not have to take a marketing claim on faith, you can go look. For a privacy tool, being auditable is not a nice-to-have. It is the entire point.
The Secure Element Situation
The old models (Model One, Model T) had no secure element. Their seed lived in a general-purpose microcontroller, which is exactly what made the voltage-glitching attack possible. The newer Safe line fixed this. The Safe 3 and Safe 5 pair Trezor's open firmware with an OPTIGA Trust M (V3) secure element certified to Common Criteria EAL6+, a high assurance level for resisting physical tampering. The Safe 7 goes further, stacking three vendors: the TROPIC01 chip (billed as the only independently auditable secure element, so it does not break the open-source promise), an EAL6+ Optiga, and an STM32U5 microcontroller. Layering chips from different makers means one compromised part does not hand over your keys.
The Physical Attack, And Why A Passphrase Kills It
In 2019 Ledger's Donjon research team, and in 2020 Kraken Security Labs, showed that with physical access and a few hundred dollars of gear you can pop open a Model One or Model T, voltage-glitch the STM32 chip, and dump the encrypted seed from flash memory. It takes roughly 15 minutes of hands-on time and real hardware skill, so it is not a remote threat. It is a "someone stole your device" threat.
The fix is the passphrase. It acts as a 25th word that is never written to the device, so there is nothing on the chip to extract. Glitch the wallet all you like: without the passphrase in your head, the dumped seed is useless. Trezor's own guidance is that a strong passphrase fully mitigates the attack. The practical takeaway: on any Trezor, and especially the older ones, turn on a passphrase. On the Safe line the secure element already blocks this class of attack, but the passphrase is still cheap insurance.
The Breaches You Inherit
⚠️ Two Data Leaks, Endless Phishing
2022, the MailChimp leak. An insider at MailChimp exported audience lists from around 100 crypto companies, Trezor among them. Owners got a slick email from a fake "trezor.us" domain (the real one is trezor.io) claiming a breach had hit Trezor Suite and urging them to install "updated" software. The software stole recovery seeds. One Reddit user reported losing £55,000.
2024, the support portal breach. On January 17, 2024, an unauthorized party got into Trezor's third-party support ticketing system. Names or usernames and email addresses for roughly 66,000 users who had contacted support since December 2021 were exposed. The attacker then contacted 41 of those users directly, fishing for their recovery seeds.
Neither breach touched a single private key, because keys never leave the device and are never stored on Trezor's servers. That is the good news. The bad news is that being a Trezor customer puts your email on a list, and that list gets phished forever. The one rule that keeps you safe through all of it: Trezor will never, ever ask for your recovery seed. Anyone who does is stealing from you.
Trezor Suite, Tor, And The Privacy Fine Print
Trezor Suite is the companion app (desktop, web, and mobile). It is open source, supports thousands of coins and tokens, offers coin control, and can route its traffic over Tor to hide your IP from the backend. Useful features, and better than most.
Here is the part the marketing skips. By default, Suite figures out your balance by asking SatoshiLabs' Blockbook servers about your addresses. Those servers run open-source software and SatoshiLabs says they do not log user data, but architecturally the backend still sees which addresses and xpub are yours. If you want real privacy from your own wallet vendor, the desktop version of Suite lets you point it at your own full node through a custom Electrum server address. Do that and your addresses stay between you and your node. Skip it and you are trusting a promise. The web and mobile versions do not support a custom backend at all.
One more subtraction: CoinJoin, the built-in Bitcoin mixing that used to add on-chain privacy, was discontinued on June 1, 2024 after its coordinator (zkSNACKs) shut down under regulatory pressure. Existing funds stayed accessible, but you can no longer start a new mix from Suite.
Technical Specifications
Security Features
- Open Source: Firmware open source since 2014, hardware designs published
- Secure Element: EAL6+ certified OPTIGA Trust M (V3) on Safe 3 and Safe 5; TROPIC01 plus Optiga plus STM32U5 on Safe 7 (older Model One and Model T had none)
- Passphrase: Optional 25th word, never stored on the device, defeats physical seed extraction
- Backup: Standard 12 or 24-word recovery, plus Shamir Backup on the Safe line
- Software: Trezor Suite with coin control and optional Tor routing; custom node support on desktop
Pricing Structure
| Model | Price (USD, from Trezor) | Notes |
|---|---|---|
| Safe 3 | ~$59 | Monochrome OLED, two buttons, EAL6+ secure element. Best value entry point. |
| Safe 5 | ~$129 | Color touchscreen, haptics, EAL6+ secure element. |
| Safe 7 | ~$249 | 2.5" color touchscreen, three-chip security stack including TROPIC01. |
| Model One / Model T | Discontinued | Pulled from Trezor's store in January 2026. No secure element. |
Prices reflect Trezor's own store at time of writing and can differ from third-party retailers. Buy direct or from a listed authorized reseller only (see below).
Trezor vs. Alternatives
Trezor vs. Ledger
- Trezor: Fully open-source firmware you can audit yourself. That is the whole reason to pick it.
- Ledger: Higher-certified secure element, but a closed-source core and a 2023 recovery-service controversy that spooked a lot of users. See our Ledger review.
Trezor vs. Coldcard
- Trezor: Multi-coin, friendly Suite app, easier for beginners.
- Coldcard: Bitcoin-only, air-gapped by design, aimed at people who want maximum paranoia over convenience. See our Coldcard review.
Trezor vs. BitBox02
- Trezor: Longer track record, bigger coin support, larger community.
- BitBox02: Also open source, Swiss-made, with a clever USB-C form factor and a similar security story. A genuine like-for-like rival. See our BitBox02 review.
Weighing several devices at once? Our hardware wallet comparison guide lays them side by side.
Buying Advice: Direct Or Not At All
A hardware wallet bought from a random marketplace seller is a hardware wallet you cannot trust. Supply-chain tampering is real: a middleman can pre-load a device, swap the packaging, or slip in a card with a "starter seed." Never use a Trezor that arrives with a pre-written recovery phrase. That is always a scam. Buy directly from Trezor's own store or a listed authorized reseller, check the tamper-evident packaging, and let the device generate a brand-new seed during setup.
When to Use Trezor
Good Fit
✅ You want a wallet you can actually verify instead of trusting a sealed black box. Nobody does open source better at this price.
✅ You hold more than a few coins. The Safe line's multi-coin support and Suite app make managing a mixed bag painless.
✅ You will set a passphrase and, ideally, run your own node. Do both and Trezor's weak spots mostly close.
Bad Fit
❌ You will not touch the security settings. A Trezor with no passphrase, bought from a sketchy reseller, run against the default backend, is leaving value on the table.
❌ You are Bitcoin-only and want air-gapped paranoia. A Coldcard or Foundation Passport fits that threat model better.
❌ You cannot resist a well-crafted phishing email. Trezor owners are targeted constantly. If "install this urgent update" would get you, learn the one rule first: never type your seed into anything.
The Bottom Line
Consider Trezor if:- Auditable, open-source firmware and hardware matter to you
- You want strong multi-coin support with a usable desktop app
- You will turn on a passphrase and buy direct
- You are willing to run your own node for full address privacy
- You want a closed, air-gapped, Bitcoin-only fortress (look at Coldcard)
- You will never change a default setting
- On-chain mixing was your goal (CoinJoin is discontinued)
⚠️ Final Assessment
Trezor makes one of the most trustworthy pieces of hardware in crypto, precisely because you do not have to trust it. You can read the code. The green rating is for the device. But the company has leaked customer contact data twice, its default backend sees your addresses, and CoinJoin is dead. None of that puts your keys at risk if you follow the basics: passphrase on, buy direct, run your own node when you can, and never, under any circumstances, type your recovery seed into a website or app because someone emailed you. The wallet is excellent. The discipline is on you.
Resources
- BleepingComputer: Trezor support site breach exposes personal data of 66,000 customers (2024)
- BleepingComputer: Trezor's support platform abused in crypto theft phishing attacks
- Infosecurity Magazine: Trezor customers phished after MailChimp compromise (2022)
- Ledger Donjon: Unfixable seed extraction on Trezor (physical attack research)
- Kraken Security Labs: Critical flaw in Trezor hardware wallets (voltage glitching)
- Crypto Briefing: Trezor to end CoinJoin as Wasabi/zkSNACKs steps back
- The Block: Trezor discloses vulnerability in older Safe 3 units after Ledger research