Audit log

Every state-changing event for Trezor: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-19 16:33:23Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 420,806,354

   sig

   A6qMi4ZkVkGq…ETu6zZfwcopyexplorer ↗

   hash

   3DMx2gypvr2g…ve8o5AFHcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (21486 B) ▸

   {"actor":"system:backfill","investigation_id":"3f8ad1aa-b016-4d23-bc55-23c6bfeee1c4","kind":"publish","page_slug":"trezor","published_at":"2026-05-19T16:33:22.953Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Trezor","sections":[{"content":"Trezor is a hardware cryptocurrency wallet brand produced by SatoshiLabs, a company headquartered in Prague, Czech Republic. Launched in 2014, Trezor is widely regarded as one of the first commercially available hardware wallets. Its product line includes the Trezor Model One, Trezor Model T, Trezor Safe 3, and Trezor Safe 5. The devices are designed to store private keys offline, isolating them from internet-connected systems. SatoshiLabs markets Trezor as open-source hardware and firmware, which has been a point of both competitive differentiation and security scrutiny.","heading":"Company Background","severity":"low","sources":[{"credibility":1,"name":"Trezor Official Website","type":"official","url":"https://trezor.io"}]},{"content":"On January 17, 2024, Trezor disclosed unauthorized access to its third-party support ticketing portal. The breach exposed names, usernames, and email addresses of approximately 66,000 users who had contacted Trezor support since December 2021. Trezor stated that postal addresses and phone numbers were also stored on the affected system but characterized the risk of their exposure as low. The company secured the breach at 20:20 CET on January 17 and directly notified all potentially affected accounts. In 41 confirmed cases, attackers followed up by contacting users via email and attempting to extract 24-word recovery seeds. Trezor confirmed that no user funds were directly compromised as a result of the breach itself. The third-party vendor hosting the support portal was not publicly named in Trezor's disclosure. The breach has since been identified as a source of targeting data used in subsequent phishing campaigns including physical mail attacks reported in early 2026.","heading":"January 2024 Support Portal Data Breach","severity":"high","sources":[{"credibility":1,"name":"Trezor support site breach exposes personal data of 66,000 customers — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/trezor-support-site-breach-exposes-personal-data-of-66-000-customers/"},{"credibility":2,"name":"Trezor Data Breach Exposes Email and Names of 66,000 Users — HackRead","type":"news_article","url":"https://hackread.com/trezor-data-breach-users-email-names-exposed/"},{"credibility":1,"name":"Trezor security alert: Stay vigilant against a potential phishing attack — Trezor Blog","type":"official","url":"https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8"}]},{"content":"Multiple large-scale phishing campaigns have impersonated Trezor with the goal of stealing recovery seed phrases. In October 2023, on-chain investigator ZachXBT alerted users via Telegram to a phishing campaign targeting Trezor customers; ZachXBT linked the attack to a possible data breach at Trezor or at Evri, the UK-based delivery company used to ship devices, based on reports from users receiving phishing emails sent only to addresses used to purchase Trezor hardware. In February 2023, a separate mass phishing campaign sent fraudulent emails and SMS messages directing users to fake Trezor pages. A notable abuse vector involved Trezor's own support system: attackers submitted support tickets with phishing messages in the subject line, causing emails appearing to originate from help@trezor.io to be delivered to targeted users. These emails directed victims to a cloned Trezor Suite application that prompted entry of the recovery phrase, after which funds were immediately transferred. Trezor has acknowledged these campaigns and maintains a public advisory on scam types.","heading":"Phishing Campaigns Exploiting Trezor's Brand","severity":"high","sources":[{"credibility":1,"name":"Trezor's support platform abused in crypto theft phishing attacks — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/trezors-support-platform-abused-in-crypto-theft-phishing-attacks/"},{"credibility":2,"name":"Crypto wallet Trezor looks into phishing campaign, exec says — FX Street","type":"news_article","url":"https://www.fxstreet.com/cryptocurrencies/news/crypto-wallet-trezor-looks-into-phishing-campaign-exec-says-202310271217"},{"credibility":1,"name":"Ongoing phishing attacks on Trezor users — Trezor Blog","type":"official","url":"https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304"},{"credibility":1,"name":"Common scams and phishing affecting Trezor users — Trezor.io","type":"official","url":"https://trezor.io/learn/security-privacy/personal-security-standards/scams-and-phishing"}]},{"content":"Multiple fraudulent mobile applications impersonating Trezor have appeared in both the Apple App Store and Google Play Store. In early 2021, a fake Trezor app available in the App Store was downloaded approximately 1,000 times before removal. One victim, Phillipe Christodoulou, lost 17.1 Bitcoin (valued at approximately $600,000 at the time, exceeding $1 million USD by the time of reporting) after entering his recovery phrase into the fake app. A separate victim lost $14,000 worth of Bitcoin and Ethereum through the same scam. The fake apps used Trezor's branding and displayed hundreds of fabricated five-star reviews to appear legitimate. A similar counterfeit app subsequently appeared on Google Play. Trezor's official hardware wallet does not require a companion mobile app that requests recovery phrases; Trezor Suite is the official desktop interface. Users entering recovery phrases into any mobile app claiming to be Trezor are at severe risk of total fund loss.","heading":"Fake Trezor Applications (App Store and Google Play)","severity":"critical","sources":[{"credibility":1,"name":"Fake Trezor app steals more than $1 million worth of crypto coins — Malwarebytes","type":"news_article","url":"https://www.malwarebytes.com/blog/news/2021/04/fake-trezor-app-steals-more-that-1-million-worth-of-crypto-coins"},{"credibility":2,"name":"Fake Trezor iPhone App Scams User Out of $600,000 in Bitcoin — Decrypt","type":"news_article","url":"https://decrypt.co/63508/fake-trezor-iphone-app-scams-user-out-of-600000-in-bitcoin"},{"credibility":2,"name":"Trezor crypto wallet warns users of doppelganger scam app on Google Play — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/trezor-crypto-wallet-warns-users-of-doppelgaenger-scam-app-on-google-play"},{"credibility":2,"name":"Fake Trezor App in Google Play Scams Users — Infosecurity Magazine","type":"news_article","url":"https://www.infosecurity-magazine.com/news/fake-trezor-app-in-google-play-1/"}]},{"content":"In February 2026, BleepingComputer reported a physical mail phishing campaign targeting Trezor and Ledger hardware wallet users. Letters sent in Trezor's name claimed recipients must complete a mandatory 'Transaction Check' to avoid losing access to their wallets, with a stated deadline of February 15, 2026. The letters directed recipients to scan a QR code linking to a fraudulent domain (trezor.authentication-check[.]io) that prompted users to enter their 24-word recovery phrase. The backend API endpoint transmitted entered phrases directly to attackers. The attackers' ability to send physical mail to targeted individuals indicates they possessed customer mailing address data, consistent with the January 2024 support portal breach or with data sourced from previous Ledger breach leaks (which affected hundreds of thousands of users). No specific financial loss figures were reported at the time of publication.","heading":"Physical Mail (Snail Mail) Phishing Campaign — 2026","severity":"high","sources":[{"credibility":1,"name":"Snail mail letters target Trezor and Ledger users in crypto-theft attacks — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/"},{"credibility":2,"name":"Trezor and Ledger Users Targeted by Sophisticated Snail Mail Phishing Attacks — Rescana","type":"news_article","url":"https://www.rescana.com/post/trezor-and-ledger-users-targeted-by-sophisticated-snail-mail-phishing-attacks-cryptocurrency-wallet/"}]},{"content":"On or around March 19, 2024, Trezor's official X account was compromised. Attackers posted fraudulent messages promoting a fake '$TRZR' token presale on the Solana network and directing followers to send funds to a malicious wallet address. The breach was initially suspected to be a SIM swap attack, but Trezor subsequently confirmed it resulted from a sophisticated phishing campaign. The attackers, posing as a credible entity from the crypto space beginning February 29, 2024, eventually engaged a Trezor PR employee with what appeared to be a Calendly meeting invite link that redirected to a spoofed Twitter login page capturing their credentials. Approximately $8,100 was stolen from Trezor's associated Zapper account during the incident. The fraudulent posts were removed swiftly after the breach was identified.","heading":"Official X (Twitter) Account Compromise — March 2024","severity":"medium","sources":[{"credibility":2,"name":"Trezor X Account Compromised in Suspected Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2024/03/20/trezor-x-account-compromised-in-suspected-hack/"},{"credibility":2,"name":"Trezor's Twitter account hijacked by cryptocurrency scammers via bogus Calendly invite — Bitdefender","type":"news_article","url":"https://www.bitdefender.com/en-us/blog/hotforsecurity/trezors-twitter-account-hijacked-by-cryptocurrency-scammers-via-bogus-calendly-invite"},{"credibility":1,"name":"Update: Addressing concerns around our recent X (Twitter) account breach — Trezor Blog","type":"official","url":"https://blog.trezor.io/update-addressing-concerns-around-our-recent-x-twitter-account-breach-a888bc349007"},{"credibility":2,"name":"Trezor X account compromised as hackers push phony Solana token — Crypto.news","type":"news_article","url":"https://crypto.news/trezor-x-account-compromised-as-hackers-push-phony-solana-token/"}]},{"content":"Trezor hardware devices have been subject to multiple disclosed physical attack vectors. In May 2023, cybersecurity firm Unciphered publicly claimed the ability to physically extract the seed phrase and PIN from a Trezor Model T by exploiting what it described as an 'unpatchable hardware vulnerability' in the STM32 microcontroller, using a technique called RDP (readout protection) downgrade combined with flash memory dumping. Unciphered co-founder Eric Michaud stated the exploit could not be patched via firmware and would require a hardware recall. Trezor responded that exploiting the vulnerability requires physical theft of the device and 'extremely sophisticated technological knowledge and advanced equipment,' and noted that users with a strong BIP39 passphrase are protected even if the device seed is extracted. In March 2025, Ledger's security research team (Ledger Donjon) disclosed additional vulnerabilities in the Trezor Safe 3 model, identifying that the pre-shared secret linking the Secure Element and the microcontroller (a custom-packaged STM32F429 chip) was stored in flash memory susceptible to voltage glitching attacks. Ledger researchers demonstrated extraction of this secret, bypassing the authentication process. The Trezor Safe 5, which uses an upgraded STM32U5 microcontroller with resistance to voltage glitching, was reported to be less affected. Trezor subsequently patched the vulnerability in the Safe 3 and Safe 5 firmware. All identified hardware attacks require physical possession of the device and sophisticated laboratory equipment; they do not represent remote attack vectors.","heading":"Hardware Device Vulnerabilities","severity":"medium","sources":[{"credibility":1,"name":"Crypto Security Firm Unciphered Claims Ability to Physically Hack Trezor T Wallet — CoinDesk","type":"research","url":"https://www.coindesk.com/tech/2023/05/24/crypto-security-firm-unciphered-claims-ability-to-physically-hack-trezor-t-wallet"},{"credibility":1,"name":"Trezor discloses vulnerability in Safe 3 crypto wallet following Ledger white hat research — The Block","type":"news_article","url":"https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger"},{"credibility":2,"name":"Ledger finds security flaws in Trezor Safe 3 and Safe 5 models — Mitrade","type":"news_article","url":"https://www.mitrade.com/insights/news/live-news/article-3-694391-20250313"},{"credibility":2,"name":"Trezor Patches Vulnerability in Safe 3 and 5 Models — ICOHolder","type":"news_article","url":"https://icoholder.com/en/news/trezor-patches-vulnerability-in-safe-3-and-5-models"}]},{"content":"The primary risk to Trezor users is not the hardware device itself but rather the dense ecosystem of impersonation attacks that exploits Trezor's trusted brand. Key risk indicators include: (1) any request to enter a 24-word recovery seed into a website, app, or in response to a letter or email — Trezor will never request this; (2) mobile apps claiming to be Trezor that prompt for seed phrases; (3) emails from addresses resembling help@trezor.io that create urgency around wallet security; (4) physical letters citing mandatory wallet checks with QR codes; (5) social media posts from @Trezor promoting token presales or giveaways, which are consistently the result of account compromise. Users who purchased a Trezor Model T or older Safe 3 devices from non-official sources face elevated risk of having received a tampered device, given disclosed physical attack capabilities. Use of a strong BIP39 passphrase is recommended by Trezor and independent security researchers as a mitigation against physical extraction attacks.","heading":"User Risk Assessment and Safety Guidance","severity":"high","sources":[{"credibility":1,"name":"Common scams and phishing affecting Trezor users — Trezor.io","type":"official","url":"https://trezor.io/learn/security-privacy/personal-security-standards/scams-and-phishing"},{"credibility":1,"name":"Common Security Threats — Trezor.io","type":"official","url":"https://trezor.io/learn/security-privacy/personal-security-standards/common-security-threats"}]}],"sources_used":[{"credibility":1,"name":"Trezor support site breach exposes personal data of 66,000 customers — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/trezor-support-site-breach-exposes-personal-data-of-66-000-customers/"},{"credibility":1,"name":"Trezor's support platform abused in crypto theft phishing attacks — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/trezors-support-platform-abused-in-crypto-theft-phishing-attacks/"},{"credibility":1,"name":"Crypto Security Firm Unciphered Claims Ability to Physically Hack Trezor T Wallet — CoinDesk","type":"research","url":"https://www.coindesk.com/tech/2023/05/24/crypto-security-firm-unciphered-claims-ability-to-physically-hack-trezor-t-wallet"},{"credibility":1,"name":"Trezor discloses vulnerability in Safe 3 — The Block","type":"news_article","url":"https://www.theblock.co/post/346018/trezor-discloses-vulnerability-safe-3-crypto-wallet-rival-ledger"},{"credibility":1,"name":"Fake Trezor app steals more than $1 million worth of crypto — Malwarebytes","type":"news_article","url":"https://www.malwarebytes.com/blog/news/2021/04/fake-trezor-app-steals-more-that-1-million-worth-of-crypto-coins"},{"credibility":2,"name":"Fake Trezor iPhone App Scams User Out of $600,000 in Bitcoin — Decrypt","type":"news_article","url":"https://decrypt.co/63508/fake-trezor-iphone-app-scams-user-out-of-600000-in-bitcoin"},{"credibility":2,"name":"Trezor X Account Compromised in Suspected Hack — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2024/03/20/trezor-x-account-compromised-in-suspected-hack/"},{"credibility":2,"name":"Trezor's Twitter account hijacked via bogus Calendly invite — Bitdefender","type":"news_article","url":"https://www.bitdefender.com/en-us/blog/hotforsecurity/trezors-twitter-account-hijacked-by-cryptocurrency-scammers-via-bogus-calendly-invite"},{"credibility":1,"name":"Snail mail letters target Trezor and Ledger users — BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/"},{"credibility":2,"name":"Crypto wallet Trezor looks into phishing campaign, exec says — FX Street","type":"news_article","url":"https://www.fxstreet.com/cryptocurrencies/news/crypto-wallet-trezor-looks-into-phishing-campaign-exec-says-202310271217"},{"credibility":1,"name":"Trezor security alert: Stay vigilant against phishing — Trezor Blog","type":"official","url":"https://blog.trezor.io/trezor-security-update-stay-vigilant-against-potential-phishing-attack-bb05015a21f8"},{"credibility":1,"name":"Update: X (Twitter) account breach — Trezor Blog","type":"official","url":"https://blog.trezor.io/update-addressing-concerns-around-our-recent-x-twitter-account-breach-a888bc349007"},{"credibility":2,"name":"Trezor Patches Vulnerability in Safe 3 and 5 Models — ICOHolder","type":"news_article","url":"https://icoholder.com/en/news/trezor-patches-vulnerability-in-safe-3-and-5-models"},{"credibility":2,"name":"Ledger finds security flaws in Trezor Safe 3 and Safe 5 — Mitrade","type":"news_article","url":"https://www.mitrade.com/insights/news/live-news/article-3-694391-20250313"},{"credibility":1,"name":"Common scams and phishing affecting Trezor users — Trezor.io","type":"official","url":"https://trezor.io/learn/security-privacy/personal-security-standards/scams-and-phishing"}],"summary":"Trezor is a legitimate Prague-based hardware wallet manufacturer (SatoshiLabs) and one of the oldest in the industry, but it has accumulated a significant threat ecosystem around its brand. A January 2024 breach of its third-party support portal exposed contact data for approximately 66,000 users, which subsequently fueled targeted phishing campaigns delivered via email, physical mail, and fake apps. Trezor hardware devices have also been subject to disclosed physical attack vectors, including an alleged unpatchable flaw in the STM32 microcontroller used in the Trezor T model.","timeline":[{"date":"2021-04-01","event":"Fake Trezor application found in Apple App Store and Google Play. One victim loses 17.1 BTC (~$600,000 at time). Total reported losses exceed $1 million USD.","source":"Malwarebytes / Decrypt","source_url":"https://www.malwarebytes.com/blog/news/2021/04/fake-trezor-app-steals-more-that-1-million-worth-of-crypto-coins"},{"date":"2023-02-01","event":"Mass phishing campaign via email and SMS impersonates Trezor, directing users to fake pages to enter seed phrases.","source":"Trezor Blog","source_url":"https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304"},{"date":"2023-05-24","event":"Cybersecurity firm Unciphered publicly discloses alleged unpatchable physical vulnerability in Trezor Model T's STM32 microcontroller, enabling seed and PIN extraction with physical access.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2023/05/24/crypto-security-firm-unciphered-claims-ability-to-physically-hack-trezor-t-wallet"},{"date":"2023-10-26","event":"ZachXBT alerts users via Telegram to ongoing phishing campaign targeting Trezor customers, citing potential breach at Trezor or its shipping partner Evri.","source":"FX Street / CryptoNews","source_url":"https://www.fxstreet.com/cryptocurrencies/news/crypto-wallet-trezor-looks-into-phishing-campaign-exec-says-202310271217"},{"date":"2024-01-17","event":"Unauthorized access to Trezor's third-party support ticketing portal. Contact data of ~66,000 users (names, emails, usernames) exposed. 41 users subsequently contacted by attackers seeking recovery seeds.","source":"BleepingComputer","source_url":"https://www.bleepingcomputer.com/news/security/trezor-support-site-breach-exposes-personal-data-of-66-000-customers/"},{"date":"2024-03-19","event":"Trezor's official X (Twitter) account compromised via phishing attack using a spoofed Calendly link. Attackers post fake '$TRZR' Solana token presale. Approximately $8,100 stolen from Trezor's Zapper account.","source":"CryptoTimes / Trezor Blog","source_url":"https://www.cryptotimes.io/2024/03/20/trezor-x-account-compromised-in-suspected-hack/"},{"date":"2025-03-05","event":"Ledger Donjon discloses voltage glitching vulnerability in Trezor Safe 3's STM32F429 microcontroller enabling pre-shared secret extraction. Trezor subsequently patches Safe 3 and Safe 5 firmware.","source":"The Block / ICOHolder","source_url":"https://icoholder.com/en/news/trezor-patches-vulnerability-in-safe-3-and-5-models"},{"date":"2026-02-14","event":"BleepingComputer reports physical mail (snail mail) phishing campaign targeting Trezor and Ledger users, directing them via QR codes to fake authentication sites to harvest recovery phrases.","source":"BleepingComputer","source_url":"https://www.bleepingcomputer.com/news/security/snail-mail-letters-target-trezor-and-ledger-users-in-crypto-theft-attacks/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision a81b4efc-811e-4681-bf7e-9e9c78959072copy
2. #2reviewby reviewerreviewer

   2026-06-04 20:39:55Z
   Score: 62 → 62 (no score change)
   The investigation is substantially accurate and well-sourced; 17 of 24 discrete claims are fully confirmed by independent sources. The single disputed finding — that Trezor patched the Ledger Donjon Safe 3 vulnerability via firmware — is a material error contradicted by Trezor's own explicit statement. The five partially-supported claims involve minor attribution discrepancies (Eric Michaud quote not in the primary cited source, Calendly attack mechanism mischaracterized as credential-harvesting rather than app-authorization), and one omission (product line does not list Safe 7). No link rot was detected across checked URLs.
   anchoranchored

   chain

   ●mainnet-betaslot 424,317,588

   sig

   2vfEmnm8L1An…NRhHFDS4copyexplorer ↗

   hash

   Rb9AKCmtneVT…8sNJWWeCcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (974 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-04T20:39:55.669Z","decision":"review","investigation_id":"3f8ad1aa-b016-4d23-bc55-23c6bfeee1c4","new_score":62,"page_slug":"trezor","prev_score":62,"reason":"The investigation is substantially accurate and well-sourced; 17 of 24 discrete claims are fully confirmed by independent sources. The single disputed finding — that Trezor patched the Ledger Donjon Safe 3 vulnerability via firmware — is a material error contradicted by Trezor's own explicit statement. The five partially-supported claims involve minor attribution discrepancies (Eric Michaud quote not in the primary cited source, Calendly attack mechanism mischaracterized as credential-harvesting rather than app-authorization), and one omission (product line does not list Safe 7). No link rot was detected across checked URLs.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 8f847e23-f3ba-452f-8407-0962a9fecd0acopy
3. #3review approveby judgejudge

   2026-06-04 20:39:55Z
   Score: 62 → 57 (-5)
   17 of 24 claims are fully confirmed by independent Tier 1 sources, and no link rot was detected. The page is approved with a minor score penalty for one disputed finding and four partially-supported findings. The single disputed claim (claim_findings[22]) states that Trezor patched the Ledger Donjon Safe 3 vulnerability via firmware update; Trezor's own official vulnerability disclosure (Tier 1) explicitly states the flaw was not patchable via firmware. Additionally, claim_findings[18] mischaracterizes the March 2024 X account compromise mechanism as a spoofed Twitter login page capturing credentials, when Trezor's Tier 1 blog confirms it was a malicious Calendly app authorization — a meaningful technical distinction. These errors are correctable without affecting the page's overall integrity or core conclusions.
   anchoranchored

   chain

   ●mainnet-betaslot 424,317,591

   sig

   2nA4PrGJd2fr…21dEsUCRcopyexplorer ↗

   hash

   2YWGBx4evUGD…BhM9pmcBcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1172 B) ▸

   {"actor":"judge","decided_at":"2026-06-04T20:39:55.669Z","decision":"review_approve","investigation_id":"3f8ad1aa-b016-4d23-bc55-23c6bfeee1c4","new_score":57,"page_slug":"trezor","prev_score":62,"reason":"17 of 24 claims are fully confirmed by independent Tier 1 sources, and no link rot was detected. The page is approved with a minor score penalty for one disputed finding and four partially-supported findings. The single disputed claim (claim_findings[22]) states that Trezor patched the Ledger Donjon Safe 3 vulnerability via firmware update; Trezor's own official vulnerability disclosure (Tier 1) explicitly states the flaw was not patchable via firmware. Additionally, claim_findings[18] mischaracterizes the March 2024 X account compromise mechanism as a spoofed Twitter login page capturing credentials, when Trezor's Tier 1 blog confirms it was a malicious Calendly app authorization — a meaningful technical distinction. These errors are correctable without affecting the page's overall integrity or core conclusions.","score_delta":-5,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 3d36f439-35ef-4988-b613-a7a643ffcb5bcopy