Trezor released official statement on SegWit2x

The developers of popular hardware wallet does not guarantee the successful coins splitting; continue reading to learn more
07 November 2017   647

The team of the hardware wallet Trezor issued a statement in which it expressed its position regarding the expected in the middle of November SegWit2x hardfork and gave the necessary recommendations to users who are worried about the safety of their funds.

Despite the fact that Trezor does not go into details of which chain it will give preference in the case of the division of bitcoin, the statement says that after the split on block 494784 there will be two blockchains: Bitcoin (BTC) and SegWit2X (B2X).

The developers confirm that if, at this point, the user had bitcoins in Trezor's wallet, he will have the same number of BTC and B2X coins.

With TREZOR, you own your private keys (in the form of the seed), therefore you have control over all of your coins, including forked coins.
 

Trezor's statement

Further it is noted that the Trezor wallet will support both new and legacy addresses for BTC and B2X. However, since B2X developers do not plan to implement protection against replaying transactions, users need to take certain actions to safely use coins of both chains.

  • If user is only interested in BTC, and he does not need B2X, he does not need to do anything.
  • If user is only interested in B2X, and he do not need BTC, he do not need to do anything. 
  • However, if the user is interested in both coins, he will have to go through the manual process of dividing the coins, and because of the lack of protection against replaying the transactions, no guarantees of a successful completion of the process are provided by Trezor developers.

Additional details on how to conduct a manual division of coins, Trezor promises to publish soon.

For those who wonder why the situation is not the same as last year with Bitcoin Cash fork, the developers remind that there the protection against replay was realized, and therefore the whole process was much easier.

Regarding the device interface, B2X will be present as a separate wallet, but in order for coins to appear there, it will be necessary to separate. It is important to remember that B2X will use the same address format as bitcoin, but they will be generated via another derivation path (m / 44 '/ 157' /). Therefore, before making transactions, users will need to make sure that they send the correct coins to the correct chain.

Trezor to Undergo Fishing Attack

Trezor wallet team asks users to be exteme caution
02 July 2018   143

According to the blog of developers of the hardware wllet Trezor, their service has recently undergone a phishing attack. The project team stated that it received many complaints about the incorrect Secure Sockets Layer (SSL) certificate.

The number of warnings about the incorrect certificate has increased due to the increasing number of phishing attacks on the site. The vectors of the attack are reportedly the so-called "poisoning of the DNS server" and "BGP-interception".

Poisoning a DNS server is an attack that uses some DNS vulnerabilities. It allows the attacker to redirect traffic from legitimate servers to fake ones. This exploit was used, for example, to attack the "Great Chinese Firewall" in 2010.

BGP interception (also known as "prefix intercept") is an attack that consumes IP address groups and is performed by corrupting the routing Internet tables that the BGP protocol operates on.

As a result of the attack, the fake Trezor wallet site showed a warning message asking the user to restore the seed-phrase (an access key consisting of 12-24 "simple and memorable" words). According to Trezor, this was already the "second alarm bell", because the warning message was written with errors.

The third red flag was the method of recovery (seed check) — the fake site forced users to enter both the order number as well as the seed word into the computer.
 

Trezor's Blog

Next, the team warned users about the security measures that must be taken to protect themselves from this attack. It stressed that users should never enter their seed-phrases into the computer - this should be done only in the Trezor device. In addition, according to Trezor, the user should make sure that there is a "Protected" in the address bar of his browser.

They also noted that the fake wallet had already been blocked by the hosting provider, but they asked users to remain vigilant and inform the Trezor team about suspicious sites.