The Trezor One hardware wallet was commercially launched in 2014. Yet somehow, this 6 year-old electronic device is still the gold standard for Bitcoin security. How can such a dynamic market have this kind of constant? Is there more to Trezor’s success than the first mover advantage? And how can a hardware wallet that many security researchers have physically hacked remain secure for your bitcoins?
Well, the answer to all of these questions lies in the focus on free open source software development. Satoshi Labs, the company that created the Trezor, champions the software side of security and conducts useful research which effectively advances Bitcoin wallet standards.
Satoshi Labs’ Software Research & Development Keeps Trezor on Top
Have you ever used a BIP 39 mnemonic code to generate a deterministic key? In plain English, this is about the random sequence of 12, 15, 18, 21, 24 (or any multiple of 3) words that gets generated each time you create a new Bitcoin wallet. And yes, it’s thanks to Satoshi Labs’ Marek “Slush” Palatinus and Pavol “Stick” Rusnak that we can take our bitcoins across borders with nothing but a few words written down on a piece of paper or memorized in our heads.
Trezor was also the first to introduce multi-coin wallets with BIP44 – which, prior to the invention of contentious forks and greedy shitcoinery, allowed developers and enthusiasts to easily switch between the Bitcoin main net and the test net, while enabling further functionality for sidechain tokens, non-fungible assets, and whatever may get issued on the Bitcoin blockchain or its layers.
And it’s not like the research and development has stopped at any point. More recently, Shamir’s Secret Sharing was introduced as a way of splitting a master secret (key) in multiple pieces that prevent the hegemony of a few stakeholders while also protecting the privacy of the greater operation.
As acknowledged by Slush in S4 E8 of the Bitcoin Takeover Podcast, dozens (if not hundreds) of companies have copied the open-source hardware specifications and/or forked the software to produce and market derivative devices. Some of these “clones” or “alt-hardware wallets” brought various improvements and optimizations, yet none of them has managed to remain as transparent and provably honest about the code running in the background.
Also, in spite of this intensive cloning, Trezor and Satoshi Labs keep the development open source and don’t mind that their competitors use their work and marketing to take part of the market share. As expressed by co-founder Slush, there is no intention to compromise the open source nature through restrictive licences and patents, and the fact that more people use and scrutinize the Trezor code only means that the devices become more tested and secure over time.
Trezor is very open about the times when their hardware wallets got hacked, issues timely software updates to fix the vulnerabilities, and champions bounty programs even if it means that they’re paying the competition (as can be observed on the bounty list, Ledger inventors Nicolas BTChip Bacca and Charles Guillemet are top hackers of the Trezor).
As Slush put it during his Bitcoin Takeover Podcast interview: “The hardware industry is like 20 or maybe 30 years behind the software industry, with all the open source companies and all the open standards, that we see in the software industry”.
Trezor Was Initially Created to Secure Slush Pool’s Hot Wallet
Initially, the Trezor was created by Marek “Slush” Palatinus and his partner Pavol “Stick” Rusnak as an instrument to secure their own operations at Slush Pool. And it took one significant event during which a third party failed to provide the expected security (and bitcoins were lost) to ignite the pursuit for a truly open source mix of hot wallet convenience and cold storage security.
In March 2012, Slush has lost 3094 BTC (approximately $15470 at the time, more than $35.7 million today) after the cloud backup service that they were using got hacked. It was then, when he had to cover the losses from his own pocket, that the pool mining inventor realized that he needed to create a device that can effectively remove the need to trust in third party services.
This is how the Trezor was born: a marriage between simple hardware and the kind of cryptography that’s provably verifiable thanks to its open source nature. Since day one, the main goal for the project has been to provide a degree of transparency which allows researchers and enthusiasts to audit the code just as easily as they check Bitcoin’s.
“We are quite sure that the father of Bitcoin, Satoshi Nakamoto, would be quite satisfied with the Trezor design” – Pavol “Stick” Rusnak
In its initial phase, the Trezor device was only meant to serve its security purpose at Slush Pool. But after some more market research and a Kickstarter campaign, we had our own version of Prometheus who brought us the kind of fire that helps us send bitcoins on infected computers without worrying about potentially exposing the private key.
Trezor One Got It Right The First Time
Hardware wallet manufacturers have a long history of redesigning products and making refinements to their devices. The first Ledger Nano and BitBox had no screens attached, which made them easier to hack due to the uncertainty that the information displayed on the 3rd party screen is real. Naturally, they were replaced by new and improved versions.
More recently, Coinkite’s Coldcard has received three revisions and appears to chase hardware resilience against software attacks.
Well, the Trezor One is still on the market 6 years after its initial launch. Despite being the world’s first hardware wallet, it has had a screen since day one for quick verification and on-device validations that don’t need the involvement of potentially-compromised third parties.
And whenever significant hacks have happened, they were fixed with software updates. Even the Trezor Model T, which was announced in the fall of 2017 and became available for instant purchase a few months later, only brings a few small refinements: a faster processor, touch screen controls, SD card backups, and the ability to use Shamir’s Secret Sharing.
The difference is slight, which only demonstrates that the original Trezor One got it right the first time.
Who do you trust? Cypherpunks or Twitter Influencers?
Unless you’re savvy enough to audit the code yourself and potentially build your own hardware wallet to suit your needs, then you must rely on the opinions of experts who do the work for you. The problem in this situation is that some experts are partisan for reasons that concern their paycheck, and Twitter fame has blurred the line between a true expert and an influencer.
Personally, I am not a security expert and I would be an outright liar if I claimed to understand everything that’s going on when connecting a hardware wallet to your computer. I can’t code the process, I can’t review it, and have my own history of being fooled by marketing departments.
But I wouldn’t publish this article if it wasn’t for the opinions of actual experts who have a very good record for brutal honesty. And their opinions have been recorded during three important episodes of the Bitcoin Takeover Podcast.
If it wasn’t for Peter Todd, LazyNinja, and Eric Voskuil, I would still think that Trezor is obsolete and incapable of keeping up with the competition. Slush has outlined some arguments for transparent and limited security, but it’s safe to assume that everyone roots for their own company and products (so I won’t be using his arguments in this section).
In S4 E3, hardware wallet hacker Lazy Ninja has clearly stated that his hardware wallet of choice is a Trezor: he had a One, then upgraded to a Model T. At the time, I found it strange that somebody who is technical enough to hack the Coldcard and the BitBox chooses to use something more simple. He also pointed out to the Lindy effect, which suggests that the device that has been around for the longest amount of time is also the most tried and tested.
In S4 E7, Peter Todd suggested that hardware wallets aren’t all that great and he’d rather recommend new bitcoiners to buy an old iPhone, wipe it, and only use it as a wallet. Given Todd’s expertise in the field of security, track record of contributing to the Bitcoin project, known integrity (in 2019, he toured conferences talking about the dishonesty of some developers in the space), and ability to actually review the code, this kind of statement can destroy an entire industry. He also referred to most hardware wallets as “anti-tiger rocks” that are sold in places where no tigers are around.
But when asked about the one hardware wallet that he would recommend if he had to, Peter Todd has picked the Trezor with a passphrase. To someone like him, honesty and transparency are much more important than extra features (which he calls “voodoo silliness”).
In S5 E8, Libbitcoin developer and “Cryptoeconomics” author Eric Voskuil has echoed Peter Todd’s opinion about the Trezor and called it “the best security” for being transparent, limited in its scope and easy to understand and supplement if needed. He also praised the initial design which had a screen since day one, and pointed out that Ledger has made a terrible mistake by not including one (they did fix the issue with the launch of the Ledger Nano S).
While Twitter influencers and marketers will tell you that a certain device is superior and adds multiple security improvements, actual security experts and developers whose reputation and track record point out to independent thinking recommend the Trezor.
Yes, I did write a handful of blog posts for Trezor and I may continue doing it if there is demand for my work. And no, this post is not paid by Trezor and was entirely my idea.
After doing multiple interviews with actual experts, I felt a little frustrated knowing that the people who make software innovations and develop open source standards are the punching bags of Twitter trolls and marketing departments. It’s fairly easy to copy someone else’s code, redesign the open-source schematic, and add a few features on top to appear more attractive to newbies. Given the small effort you’ve made to develop the product, you can actually sell it at a lot cheaper than the Trezor – but ironically, you will still rely on Satoshi Labs’ research and development for updates and security fixes.
Most hardware wallets on the market are nothing but Trezor clones (or “alt-Trezors”) that make just as much sense as Verge and Dogecoin next to Bitcoin. They exist just to make some people rich, and not to advance security or deliver a great product.
Unlike competitors like Coldcard that announce that they “regret” choosing a truly open source license and imply that they’re looking into limiting the free open source nature of their development so third parties can no longer sell clones, Trezor embraces open source and is fully aware that competitors that copy are more likely to find and report issues than consumers. To some, open source means collaboration towards a greater goal. To others, it’s a roadblock in the way of making more money.
So to be clear: I wrote this article and I chose to contribute to Trezor’s blog because I want to, not because I enjoy freeloading on companies and products that I can shill to clueless noobs. I can definitely make a lot more money doing something else, and can even simp to all hardware wallet manufacturers and prostitute myself to the extent that I present everything as being great, groundbreaking, and worth your consideration.
Last year I didn’t really “get” Trezor and thought they were obsolete and relied on their old reputation to sell devices. But then again, in 2016 I was also hyped about Ethereum and thought it would completely replace the simpler Bitcoin. You don’t really understand the power of good open source development and well-thought limitations until you have to.
So I’d like to thank LazyNinja, Peter Todd, Eric Voskuil, and Slush for opening my eyes wider and helping me think beyond marketing catchphrases. Open source development doesn’t make much sense in the beginning, but once you understand it’s philosophy, your views take a U-turn.
Donate to the Bitcoin Takeover
This article is the result of hours of research and echoes the opinions of security experts who recommend the Trezor hardware wallets in spite of the social media mobs and marketing efforts. I’m sure it will be received with a degree with hostility and my integrity will be questioned because of it, but I guess nothing great was ever accomplished by working within the intellectual boundaries that others impose on you for their own benefit.
As mentioned in the disclaimer, this article is not paid by anybody and did not get reviewed or approved by any marketing department (or editor for that matter, I might have typos). But if you find it useful and want to reward the time and energy that I invested in this, then please consider making a donation.