§ Q & A · Self-Custody

Is Trezor safe? Has it ever been hacked?

Short answer

Yes. No Trezor has ever been remotely hacked or had a firmware breach, and hundreds of millions in BTC sit on them safely. The one real attack (2020) needed physical possession of the old Trezor One plus lab gear — the current Safe 3, 5, and 7 add an EAL6+ secure element that closes it.

Last updated · June 21, 2026

Yes — and it’s worth separating the two questions hiding inside this one. “Has the Trezor device been hacked?” and “Have Trezor users lost coins?” have different answers, and conflating them is how the fear spreads. The device has an excellent record. Some users have been phished. Those are not the same thing, and the difference is exactly what you need to understand before you buy.

This is the verify-positioned answer: named incidents, no marketing, and the honest caveats included.

Has Trezor ever been hacked remotely?

No. In Trezor’s entire history — since the original Trezor One in 2014 — there has never been a remote, firmware-level, or mass-scale compromise of the device itself. Despite hundreds of millions of dollars in Bitcoin sitting on Trezor hardware, no attacker has ever drained Trezor users en masse through a flaw in the device. That is the single most important fact, and it’s empirical, not promotional: if a remote break existed, the incentives to use it would be enormous, and it would have happened.

What Trezor has faced is one well-documented physical attack, and that’s a different threat class entirely.

The one real attack: Kraken’s 2020 physical extraction

In 2020, Kraken Security Labs demonstrated that they could physically open an older Trezor (the Trezor One / Model T generation), apply a voltage-glitching attack to the microcontroller, and extract the seed in roughly 15 minutes — with about $75 of equipment and the device in their hands the whole time.

Read the conditions carefully, because they’re the whole story:

Trezor acknowledged the research publicly — the open-source, disclose-and-fix way — and the current generation closes the hole in hardware: the Trezor Safe 3, Safe 5, and Safe 7 all ship with an EAL6+ secure element (the Safe 7 has two). That’s a tamper-resistant chip rated specifically to resist the physical read-out class of attack Kraken used. The old voltage-glitching path is gone on modern hardware.

So why do people lose coins on a Trezor?

Almost always because the user was attacked, not the device:

None of these is a Trezor hack. They’re the same social-engineering and supply-chain attacks that hit every hardware wallet, and they’re defeated by habits, not firmware: buy direct, never enter your seed anywhere but the device screen, and inspect the anti-tamper packaging on arrival. (More on the marketplace trap: the truth about “Trezor discount codes”.)

What actually makes Trezor safe

Four things, in order of how much they matter:

  1. Open-source firmware you can verify. Trezor’s complete firmware is public at github.com/trezor/trezor-firmware. Anyone can audit it; nobody can slip in a silent seed-exfiltration path without it being visible. This is the “don’t trust, verify” property — and it’s why a closed-firmware competitor like Ledger isn’t recommended here.
  2. An EAL6+ secure element (Safe 3 / 5 / 7) that resists the physical-extraction class of attack.
  3. PIN + passphrase. The PIN stops a casual thief; the passphrase — never stored on the device — defeats even a sophisticated physical attacker who has your hardware.
  4. An on-device screen. Every send shows the real destination address on the Trezor’s own screen for you to confirm, which is what defeats the most common loss vector of all: malware on your computer rewriting the address.

Where Trezor is not a magic shield

The honest caveats, because pretending they don’t exist is its own kind of insecurity:

A hardware wallet lowers your catastrophic-loss odds dramatically; it doesn’t zero them. For the full threat-model breakdown across all devices, see can a hardware wallet be hacked?.

The verdict

Is Trezor safe? For the thing it’s designed to do — keep your keys off an internet-connected computer and make you confirm every spend on a screen malware can’t touch — yes, it’s among the safest options available, with a clean device-security record over a decade. The risks that remain are user-side (phishing, social engineering) and physical-coercion scenarios that no wallet alone solves. Buy direct, set a PIN and passphrase, and you’ve removed essentially every attack that has ever actually drained a Trezor user.

Primary sources

  1. Kraken Security Labs — critical flaw in Trezor hardware wallets (physical, 2020) [1]
  2. Trezor — Wallet security overview [2]
  3. Trezor firmware — full open source (auditable) [3]
  4. Trezor Safe 5 — EAL6+ secure element product page [4]
  5. Infineon Optiga Trust M — CC EAL6+ secure element [5]