Is it safe to use a second-hand Trezor (like from ebay)?

14

I just got a good price from eBay on a supposedly never-used Trezor hardware wallet. I have no specific reason to think this would be dangerous to use, but I'm being cautious and ask here first:

  • Are there any reasons why it would be unsafe to use a second-hand Trezor to store my BTC?

  • Is there any way the previous owner could retain access to it and get at my coins?

  • Any other risks to a used hardware wallet I should be aware of?

JVC

Posted 2016-06-18T17:58:27.987

Reputation: 299

Answers

14

If you update the firmware you are probably safe, but why take the chance? The Trezor itself (or even the included USB cable https://www.wired.com/2014/07/usb-security/) could have been corrupted/replaced by a sophisticated actor.

If someone gave me a used Trezor for free, I would throw it in the garbage. No discount would be sufficient enough for me to justify buying a used Trezor:

https://www.reddit.com/r/Bitcoin/comments/2dbjd9/trezor_tamper_proof_seal_doesnt_help_much_against/

Nicole Olsen

Posted 2016-06-18T17:58:27.987

Reputation: 331

3Hmmmm but from reading that thread, even a Trezor shipped directly from the company can not be ensured to be un-molested. If taken seriously, this makes me think that absolutely no hardware device could ever be trusted... not a USB stick, not a router, nor anything that has ever been shipped via any means whatsoever. Seems like unless you build your own chips, code your own software by hand, and assemble your own computer... one can never be certain of its security... – JVC – 2016-06-18T22:57:57.893

It's honesty easier to just mug/rob you and take your belongings than to corrupt your USB cable, either when reselling on eBay or by intervening in a package from the manufacturer. Don't nail the door shut and leave the windows open in your quest for security. – simpleuser – 2016-06-19T00:02:21.027

That was kinda my thinking as well, but I wanted to get some outside, hopefully educated, alternate points of view. – JVC – 2016-06-19T00:43:19.777