§ Guide · Intermediate

Trezor Safe 5 setup walkthrough — first-person, step by step

Out of the box to first signed transaction on a Trezor Safe 5 — the verify-positioned walkthrough with the steps most guides skip.

By dont-trust-verify Published June 10, 2026

This is the walkthrough I’d hand someone who just got the box. It’s the steps in order, the decisions that matter at each step, and the parts most YouTube setup videos skip — anti-tamper-bag inspection, firmware-signature verification, the address-check habit, and the seed-backup-test protocol that prevents the most common “I lost everything” stories.

If you’re still deciding which model, our hardware wallet 2026 buying guide covers the Safe 5 vs Safe 3 vs Coldcard Mk4 vs BitBox02 question. This page assumes you’ve already chosen the Safe 5 and the box is in front of you.

TL;DR. Inspect the anti-tamper packaging. Boot the device offline. Verify the firmware signature shown on the device matches Trezor’s published value. Generate the seed on the device — never type a seed in from elsewhere on day one. Write the 24 words on the supplied card, then immediately stamp them on steel. Send a tiny test amount in, send it back out, verify the address on the device screen before approving. Set up the passphrase only if you understand the failure modes. Estimated time end-to-end: 45-90 minutes the first time.

Before you open the box

A few decisions to make before you open anything:

Are you using Bitcoin-only firmware? The Safe 5 ships with multi-asset firmware by default. Within the first 10 minutes you’ll be asked whether to flash the Bitcoin-only firmware variant. The verify-positioned answer is yes — Bitcoin-only firmware has a smaller attack surface, no incentive for the vendor to add experimental coin-management features that could leak keys, and a more conservative update cadence focused only on Bitcoin protocol changes. The trade-off is that you’ll have to re-flash later if you ever want to manage a non-Bitcoin asset on the same device (which you shouldn’t, but the option exists).

Where will you store the seed? Decide this now, not after you’ve written the seed on the supplied card and put it in a drawer “temporarily”. The default recommendation is a steel backup plate; the BIP-39 recovery phrase guide walks through the threat ladder if you’re unsure. The Trezor Keep Metal 24-word product is purpose-built for this and ships flat-packed in $50-100 territory.

Are you using a passphrase? This is the BIP-39 “25th word” — a salt that turns your 24-word seed into a different wallet entirely. It’s powerful (plausible deniability, decoy wallet) and it’s how people lose Bitcoin (forgotten passphrases). If you’re not certain you can memorise it AND record it separately AND test the recovery, don’t set one up on day one. You can add one later; you can’t recover one you forgot.

Step 1 — Inspect the anti-tamper packaging

The Safe 5 ships in a sealed cardboard box with a holographic tamper-evident seal on the inner package. Before you do anything else:

Supply-chain attacks on hardware wallets are rare but documented. The anti-tamper inspection is a 30-second step that closes the most realistic supply-chain attack vector.

Step 2 — Boot the device offline

Connect the Safe 5 to a clean USB-C cable. Don’t plug it into the laptop you use for everything. A laptop with browser extensions, random apps installed, and a history of compromised downloads is exactly what the hardware wallet is supposed to defend you against — and on day one, when the seed is being generated, is when the threat model is at its peak.

Ideal: use a freshly-installed laptop, or one you’ve wiped recently. Acceptable: a daily-driver laptop with no browser extensions enabled and no random apps running. Avoid: the same laptop you use for trading on exchanges and clicking links in Discord.

When the device boots, you’ll see Trezor’s logo and a prompt to install firmware. The device ships without firmware, by design — this is so that the firmware path is freshly downloaded at first boot and the vendor can’t pre-install something compromised.

Step 3 — Install and verify firmware

Trezor Suite (the official desktop app) will prompt you to install firmware. Before you click install:

After the firmware installs, the device itself will display a firmware fingerprint — a hash of the firmware that was actually flashed. Compare it to the fingerprint Trezor publishes for that release on trezor.io. If they match, the firmware is genuine. If they don’t, you have a compromised firmware path and should not continue with this device.

This step is the single most-skipped step in setup videos and the single most-important defence against a sophisticated supply-chain attack. It takes 90 seconds.

Step 4 — Choose your firmware variant

After the initial firmware install, Trezor Suite asks whether you want to switch to Bitcoin-only firmware. Choose this.

The Bitcoin-only firmware:

The flash takes about a minute. The device will show a fresh firmware fingerprint after the variant swap — verify this one too.

Step 5 — Generate the seed on the device

The Suite will offer two options: Create new wallet or Recover existing wallet. Choose Create new.

The device generates 24 words using its on-board hardware RNG. This is the only step where physical randomness needs to be good. The seed is computed on the secure element and never leaves it.

The 24 words display on the device screen, one or two at a time. Write them on the supplied recovery card (the cardboard one in the box) as they appear. Write clearly. Number each word. Double-check by reading them back from the card to the device screen before pressing Continue.

The device then asks you to verify by selecting specific words back (e.g., “what was word 7?”). This is the device confirming you wrote the seed correctly. Take the verification seriously — if you wrote the wrong word and it asks you to confirm word 7, you’ll get word 7 wrong and the seed in the device will not match your card. Better to fail this verification step and re-do it than to ship a wrong seed onto your steel plate hours later.

When the verification passes, the seed is set. The device will erase the screen-displayed seed (it’s gone from the device’s display memory — it still exists on the secure element). You now have:

Don’t take a photo of the card. Don’t type the words into anything. Don’t read them aloud. Every one of those actions creates a copy that you can’t control.

Step 6 — Move the seed to steel within 24 hours

The supplied cardboard card is a starting point, not a backup. Cardboard burns, soaks through, and decomposes. The single highest-ROI security upgrade in self-custody is moving the seed to steel before you fund the wallet.

The protocol I follow:

This step is where most self-custody disasters happen — people leave the cardboard in a drawer “temporarily” and three years later realise it’s gone. The 24-hour rule is a forcing function.

Step 7 — Send a tiny test, verify on the device screen

Before you fund the wallet with anything meaningful:

  1. Generate a receive address in Trezor Suite. The device will display the same address on its own screen. Verify the two match, character by character. If they don’t match, your computer is showing you a malicious address — close the Suite, do not continue.
  2. Send a small amount to the address — a few thousand sats is enough. Confirm it arrives.
  3. Send the same amount back out to a wallet you control. When the Suite shows you the destination address, the device screen will also show the destination. Verify they match before approving on the device. Approve only if they match.

You’ve now done the full receive-and-send cycle. You’ve verified that:

This test transaction is the single best protection against the wallet-drainer attack patterns documented in our drainer red flags guide. Once you’ve done it twice, the address-verify-on-device habit is muscle memory. Until you’ve done it, it’s theoretical.

Step 8 — Optional: set up a BIP-39 passphrase

If you understand what a passphrase does, how it can kill you, and how to recover one — set one up now. The relevant section in our BIP-39 security guide goes through the trade-offs.

The short version: the passphrase creates a second wallet from the same 24-word seed. Useful for plausible deniability (decoy wallet at no-passphrase, real stack at passphrase) and for defending against partial seed compromise. Dangerous because forgetting it is irreversible.

If you set one up:

If you don’t set one up: that’s fine. A standard 24-word seed in a steel plate is the right level of paranoia for most self-custody.

Step 9 — Recovery-test before you fund

This is the step nobody does and everyone regrets not doing.

The protocol:

If the addresses match: your seed is correctly written, your passphrase (if any) is correctly recorded, and you can fund the wallet with confidence. If they don’t match: you have a problem you need to find now, with $0 at stake, rather than five years from now when you actually need the recovery and your house has burned down.

I cannot count the number of people I’ve talked to who never did this step and discovered years later that they had a typo in word 9 of their seed phrase.

Step 10 — Now you can fund it

Send Bitcoin to the wallet. The verification habit you built in step 7 is the muscle memory that prevents the most common drainer patterns.

Going forward:

What this walkthrough deliberately doesn’t include

A few things this guide skips on purpose:

A simpler setup that you understand and have recovery-tested is dramatically more secure than a complex setup that you almost-understand and have never recovered from.