CryptoPotato
CryptoPotato
  • Crypto News
  • Margin Trading
  • Guides
    • Bitcoin & Crypto Guides 101
    • Bitcoin For Beginners
    • Editorials
  • DeFi & NFT
  • Buy
  • Language
  • Crypto News
  • Bitcoin For Beginners
  • Cryptocurrency Guides 101
  • Editorials
  • Bitcoin & Crypto Margin Trading
  • DeFi & NFT News
  • Bitcoin Price Analysis
  • CryptoPotato Crypto Fund
  • Ethereum (ETH) Price Analysis
  • Ripple (XRP) Price Analysis
  • Market Updates
  • Interviews
  • Buy Bitcoin with Card
  • bitcoin
    BTC$23,322.00
  • ethereum
    ETH$1,665.61
    • Market Updates
    • BTC Analysis
    • ETH Analysis
    • XRP Analysis
    • Interviews
    • Opinions
    CryptoPotato
    CryptoPotato
    • Crypto News
    • Margin Trading
    • Guides
      • Bitcoin & Crypto Guides 101
      • Bitcoin For Beginners
      • Editorials
    • DeFi & NFT
    • Buy
    • Language
    • Crypto News
    • Bitcoin For Beginners
    • Cryptocurrency Guides 101
    • Editorials
    • Bitcoin & Crypto Margin Trading
    • DeFi & NFT News
    • Bitcoin Price Analysis
    • CryptoPotato Crypto Fund
    • Ethereum (ETH) Price Analysis
    • Ripple (XRP) Price Analysis
    • Market Updates
    • Interviews
    • Buy Bitcoin with Card
    Home » Crypto News » Trezor Releases a Firmware Update to Patch a Possible Vulenrability With Segwit Transactions

    Trezor Releases a Firmware Update to Patch a Possible Vulenrability With Segwit Transactions

    Author: Jordan Lyanchev

    Last Updated Jun 3, 2020 @ 16:27

    Trezor, the company offering hardware cryptocurrency wallets, announced a firmware update 1.9.1 for Trezor One and 2.3.1 for Trezor Model T devices. The introduction of the upgrades will fix a security vulnerability regarding SegWit transactions discovered three months ago.

    The Vulnerability In Question

    As today’s blog post from the company explains, Trezor requires the previous transaction for non-SegWit transactions to check the UTXO’s real balance. By doing so, the firm ultimately reassures that the user would not become a victim of manipulation between the differences of input and output amounts and wouldn’t pay a significantly larger fee without even knowing it.

    TREZOR-T-model
    TREZOR-T-model

    Segregated Witness (SegWit) transactions, however, require different data to be signed, as the amount of the UTXO is present there. It simplifies the process, and if an attacker lies about that UTXO amount, the signature will not be valid.

    Yet, a security vulnerability, discovered in March this year, was possible in the following example:

    The victim has two SegWit (BIP-143) UTXOs of 15 BTC and 20 BTC. A malware asks him to confirm a transaction with input 1 as 15 BTC and input 2 as 5.00000001 BTC, with the user’s chosen outputs and a valid change output, if necessary.

    ADVERTISEMENT

    He confirms it, but the malware displays an error and requests another confirmation with input 1 as 0.00000001 BTC and input 2 as 20 BTC, with the same outputs as before. This transaction seems somewhat identical to the first one, and the user confirms it.

    The malware could use the signature of input 1 from the first transaction and the signature of input 2 from the second one to create a transaction that spends 15 BTC from input 1 and 20 BTC from input 2. In this scenario, the user will end up paying a transaction fee of just over 15 BTC.

    Trezor’s Solution

    The implemented fix from Trezor seems rather straightforward. With the recent updates, the firm will treat SegWit transactions in the same manner as non-SegWit ones. More specifically, Trezor will require the validation of the UTXO amounts from the previous transactions.

    The company also said that “applications using Trezor Connect version 8 will continue to work seamlessly.” Trezor will also provide a patch for users of the Electrum wallet. Until the patch implementation, they won’t be able to use it with the newest updates.

    “Unfortunately, some third-party tools do not allow hardware wallets to obtain the previous transaction in case of SegWit inputs, which is why Trezor will not be able to sign transactions using these tools until they are updated to work correctly. Due to the responsible disclosure process, we were not able to inform the maintainers beforehand.” – reads the statement.

    SPECIAL OFFER (Sponsored)
    Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

    PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.

    You Might Also Like:

    • TezosBlockchain
      Tezos Delphi Update Goes Live To Reduce Gas Consumption
    • russia_dark_cover
      Russia Seeks Imprisonment for Undeclared Bitcoin and Cryptocurrency Transactions
    • ChinaCBDC
      People's Bank of China: CBDC Tested on Small Retail Transactions
    Tags: Security Trezor
    Enjoy reading? Share with your friends
    Facebook Twitter LinkedIn Telegram

    About The Author

    Jordan Lyanchev
    More posts by this author

    Jordan got into crypto in 2016 by trading and investing. He began writing about blockchain technology in 2017. He has managed numerous crypto-related projects and is passionate about all things blockchain. Contact Jordan: LinkedIn

  • bitcoin
    BTC$23,322.00
  • ethereum
    ETH$1,665.61
  • Join Our Community

    FacebookTwitter YouTubeTelegram


    Editorials
    2022 Was Crypto’s Dot Com Bust: Let’s Recap Tech Stocks After 2000 (Opinion)

    2022 Was Crypto’s Dot Com Bust: Let’s Recap Tech Stocks After 2000 (Opinion)

    How Long Will the Ethereum LSD Narrative Last? Talking 2023 Trends with Nansen’s Martin Lee

    How Long Will the Ethereum LSD Narrative Last? Talking 2023 Trends with Nansen’s Martin Lee

    Everything That’s Going on With Pi Network: From Start to Latest Controversial Listing

    Everything That’s Going on With Pi Network: From Start to Latest Controversial Listing

    What is Ethereum Liquid Staking and Why It Is Crucial As Shanghai Upgrade Approaches?

    What is Ethereum Liquid Staking and Why It Is Crucial As Shanghai Upgrade Approaches?

    The Lesson in Alameda-FTX About Government Regulation and Crypto (Opinion)

    The Lesson in Alameda-FTX About Government Regulation and Crypto (Opinion)

    5 Bullish and 2 Bearish Cases for DeFi Going Into 2023 (Opinion)

    5 Bullish and 2 Bearish Cases for DeFi Going Into 2023 (Opinion)

    From Google and Microsoft to Binance: Interview with Head of Product Mayur Kamat

    From Google and Microsoft to Binance: Interview with Head of Product Mayur Kamat

    Join Our Newsletter
    Become a CryptoPotato VIP
    One Weekly Email Can Change Your Crypto Life.
    Sign-up FREE to receive our extended weekly market update and coin analysis report
    We NEVER send spam. You can unsubscribe at any time.
    Invalid email address
    Thanks for subscribing!
    Footer Logo
    About
    Advertise on CryptoPotato
    About Us | Contact Us | Careers
    Editorial Policy
    Terms of service | Privacy Policy | GDPR
    More Sections
    IEO List | Evaluations
    Airdrops
    Scholarship
    Disclaimer
    Disclaimer: Information found on CryptoPotato is those of writers quoted. It does not represent the opinions of CryptoPotato on whether to buy, sell, or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk. Full disclaimer
    © Copyright CryptoPotato 2016 - 2021
    Scroll to top
    One Weekly Email Can Change Your Crypto Life.

    Sign-up FREE to receive our extended weekly market update and coin analysis report

    We never send SPAM. You can unsubscribe at any moment
    Invalid email address
    Thanks for subscribing!