Trezor said a remote seed phrase extraction is impossible on its hardware wallets, adding that it would never implemented.
Hardware wallet provider Trezor reported a 900% week-on-week growth in its sales volume, according to May 25 press statement shared with Cryptopurity.
This surge comes in the wake of Ledger’s seed recovery feature that drew stiff opposition from the crypto community.
According to the press statement, Trezor CEO Matěj Žák said:
“In Trezor, we believe that hardware wallets – cold storages that promise 100% self-custody should, at no stage, make the seed phrase accessible to anyone but the user.”
Trezor said it is a fully open-source company, meaning some independent technical experts audit and check all of its processes so that a remote seed phrase extraction is impossible or ever implemented.
Ledger’s controversial Ledger Recover feature has left users concerned about the online storage of their seed phrases and its need for a know-your-customer process.
Ledger’s 2020 data breach has already raised questions about the company’s data handling practices, with users doubting the security of their devices and seeds phrases, even if they opt not to subscribe to Ledger Recover.
In response to users’ concerns, Ledger decided to pause the release while working on refactoring the code and prioritizing transparency and verifiability.
In a recent Twitter space, Ledger’s Chief Technology Officer Charles Guillemet outlined the company’s open-source roadmap, revealing plans to accelerate the process and open-source the white paper of the Ledger Recover protocol and the firmware that implements the feature.
Trezor responds to concern about old vulnerability
Meanwhile, a security firm Unciphered reportedly said it found a way to hack into Trezor T’s hardware wallet, causing concerns about the security levels of the wallet service provider.
In a separate e-mail shared with Cryptopurity on May 25, Trezor’s CTO Tomáš Sušánka said the firm had identified the RDP downgrade attack vulnerability in a 2020 blog post.
According to Sušánka, this attack “requires the physical theft of a device and highly sophisticated technological knowledge and advanced equipment.”
“Even with the above, Trezors can be protected by a strong passphrase, which adds another layer of security that renders an RDP downgrade useless.”
The company executive added that the hardware wallet service provider had taken significant steps to resolve this by developing the world’s first auditable and transparent secure element through sister company Tropic Square.”