Yes — and it’s worth separating the two questions hiding inside this one. “Has the Trezor device been hacked?” and “Have Trezor users lost coins?” have different answers, and conflating them is how the fear spreads. The device has an excellent record. Some users have been phished. Those are not the same thing, and the difference is exactly what you need to understand before you buy.
This is the verify-positioned answer: named incidents, no marketing, and the honest caveats included.
Has Trezor ever been hacked remotely?
No. In Trezor’s entire history — since the original Trezor One in 2014 — there has never been a remote, firmware-level, or mass-scale compromise of the device itself. Despite hundreds of millions of dollars in Bitcoin sitting on Trezor hardware, no attacker has ever drained Trezor users en masse through a flaw in the device. That is the single most important fact, and it’s empirical, not promotional: if a remote break existed, the incentives to use it would be enormous, and it would have happened.
What Trezor has faced is one well-documented physical attack, and that’s a different threat class entirely.
The one real attack: Kraken’s 2020 physical extraction
In 2020, Kraken Security Labs demonstrated that they could physically open an older Trezor (the Trezor One / Model T generation), apply a voltage-glitching attack to the microcontroller, and extract the seed in roughly 15 minutes — with about $75 of equipment and the device in their hands the whole time.
Read the conditions carefully, because they’re the whole story:
- The attacker needs physical possession of your device.
- They need lab equipment and the skill to use it.
- It does not work over the internet, over USB from a compromised computer, or against a device you still hold.
- A passphrase (the “25th word”, never stored on the device) defeats it even with physical access.
Trezor acknowledged the research publicly — the open-source, disclose-and-fix way — and the current generation closes the hole in hardware: the Trezor Safe 3, Safe 5, and Safe 7 all ship with an EAL6+ secure element (the Safe 7 has two). That’s a tamper-resistant chip rated specifically to resist the physical read-out class of attack Kraken used. The old voltage-glitching path is gone on modern hardware.
So why do people lose coins on a Trezor?
Almost always because the user was attacked, not the device:
- Phishing emails and fake “Trezor” messages asking you to “re-validate” or enter your recovery seed on a website. Trezor will never ask for your seed online. Anything that does is a scam, full stop.
- Fake Trezor Suite / fake wallet apps that capture the seed you type in. Your seed is typed into the device, never into a website or app.
- Pre-seeded counterfeit devices bought from Amazon or third-party marketplaces, shipped with a “recovery sheet” already filled in — a trap to get you to fund an address the scammer controls.
None of these is a Trezor hack. They’re the same social-engineering and supply-chain attacks that hit every hardware wallet, and they’re defeated by habits, not firmware: buy direct, never enter your seed anywhere but the device screen, and inspect the anti-tamper packaging on arrival. (More on the marketplace trap: the truth about “Trezor discount codes”.)
What actually makes Trezor safe
Four things, in order of how much they matter:
- Open-source firmware you can verify. Trezor’s complete firmware is public at github.com/trezor/trezor-firmware. Anyone can audit it; nobody can slip in a silent seed-exfiltration path without it being visible. This is the “don’t trust, verify” property — and it’s why a closed-firmware competitor like Ledger isn’t recommended here.
- An EAL6+ secure element (Safe 3 / 5 / 7) that resists the physical-extraction class of attack.
- PIN + passphrase. The PIN stops a casual thief; the passphrase — never stored on the device — defeats even a sophisticated physical attacker who has your hardware.
- An on-device screen. Every send shows the real destination address on the Trezor’s own screen for you to confirm, which is what defeats the most common loss vector of all: malware on your computer rewriting the address.
Where Trezor is not a magic shield
The honest caveats, because pretending they don’t exist is its own kind of insecurity:
- It can’t stop you from typing your seed into a phishing site. No device can.
- It can’t stop a “$5 wrench” coercion attack — that’s what a passphrase + a decoy wallet are for.
- It can’t recover funds you sent to the wrong address yourself. Use the verify-on-screen habit every time.
A hardware wallet lowers your catastrophic-loss odds dramatically; it doesn’t zero them. For the full threat-model breakdown across all devices, see can a hardware wallet be hacked?.
The verdict
Is Trezor safe? For the thing it’s designed to do — keep your keys off an internet-connected computer and make you confirm every spend on a screen malware can’t touch — yes, it’s among the safest options available, with a clean device-security record over a decade. The risks that remain are user-side (phishing, social engineering) and physical-coercion scenarios that no wallet alone solves. Buy direct, set a PIN and passphrase, and you’ve removed essentially every attack that has ever actually drained a Trezor user.
Related reading
- Trezor Safe 5 vs Safe 7 — which should you buy? — picking the right model
- Can a hardware wallet be hacked? — the full six-attack-class breakdown
- The truth about “Trezor discount codes” — how the counterfeit/coupon traps work
- How much Bitcoin before a hardware wallet? — when it’s worth buying
- Wallet installer SHA-256 verifier — catch fake wallet software before it catches you