🚨 Trezor Safe 3 vulnerability
Ledger Donjon demonstrated they could bypass firmware checks and run malicious code — enabling remote recovery of user funds.
Why? Critical ops still run on the MCU, not the Secure Element.
NVK (nprofile…d5uv) & Rob1Ham (nprofile…3jrs) break it down in BR094.
BitcoinReview / Bitcoin.Review
npub1qd…pzclt
2025-04-08 15:19:04
Author Public Key
npub1qdcakl75gd7wv0nqmmwrz09ddm5tzl7xj8lq2gclng2qzd8up5yqjpzcltPublished at
2025-04-08 15:19:04Event JSON
{
"id": "ae72ad54f2fa87132e71d86b448998b9d2b4eedf27b507a30422b2239826cc8d",
"pubkey": "0371db7fd4437ce63e60dedc313cad6ee8b17fc691fe05231f9a140134fc0d08",
"created_at": 1744125544,
"kind": 1,
"tags": [
[
"p",
"e88a691e98d9987c964521dff60025f60700378a4879180dcbbb4a5027850411",
"wss://nostr.mutinywallet.com",
"mention"
],
[
"p",
"cedab81be42ef47dbde653f4ba7ab25ac3aa32cfc2b672ee0f89c0faf882f13e",
"wss://puravida.nostr.land/",
"mention"
]
],
"content": "🚨 Trezor Safe 3 vulnerability\n\nLedger Donjon demonstrated they could bypass firmware checks and run malicious code — enabling remote recovery of user funds.\n\nWhy? Critical ops still run on the MCU, not the Secure Element.\n\nnostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgpzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6ggdd5uv \u0026 nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0sprfmhxue69uhhqatjv9mxjerp9ehx7um5wghxcctwvshszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7nh3jrs break it down in BR094.\nhttps://m.primal.net/QIgN.mp4",
"sig": "786da1039a98b2abcf30cd7c0a8d6fe91f8bd93c92359f6a6d521f43bb6a78ad92fa5a98ce7e9e764f5a2ff88fb83b76b32449ccf7664177c76f48a92c68ca54"
}