Jumar Macato wrote a piece in Medium that’s essentially a public service announcement:
If you’re a Wasabi Wallet user with a Trezor device, please don’t update your current Wasabi Wallet installation and Trezor devices to version 2.3.1 (Trezor Model T) and version 1.9.1 (Trezor One) yet or you may get locked out of your bitcoins until we fix the issue. Please update both when we’ve published a new version of Wasabi Wallet through our official channels.
Last Wednesday, SatoshiLabs s.r.o., the makers of the popular Trezor hardware wallet, has disclosed a security vulnerability in the Partially-Signed Bitcoin Transaction specification (BIP-174) that can potentially exfiltrate a victim’s bitcoins by paying too high mining fees, if the vulnerability is exploited.
The vulnerability was fixed on Trezor devices but it broke the compatibility with HWI and other 3rd party software, like Wasabi and BTCPay server. As a result, Trezor devices updated with the newest firmware version 2.3.1 (Trezor Model T) and version 1.9.1 (Trezor One) are not working with Wasabi and other software wallets.
How does this affect Wasabi Wallet users with a Trezor device?
First, before we go into the gory details of the vulnerability, we need to have a primer on how your Wasabi Wallet interacts with your Trezor hardware wallet.
In a nutshell, a Hardware Wallet’s primary function is to hide all the necessary Bitcoin secrets like your private keys away from systems that is inherently more insecure like your PC, Laptop or Smartphone while also allowing the user to receive and spend the coins as they see fit.
It does that by utilizing a Software Wallet that can communicate with the Bitcoin network. Whenever a user wants to spend their coin, Wasabi Wallet will construct a Partially-Signed Bitcoin Transaction (PSBT) and it sends the request to the Trezor device to be authenticated by the user.
After authentication, it sends back a fully signed PSBT to Wasabi Wallet, which in turn broadcasts it to the Bitcoin network, effectively completing the spending transaction.
The latest firmware upgrade of Trezor has deviated from the normal implementation of the PSBT specification in BIP-174. The hardware wallet now expects that all inputs of a PSBT include its prior transaction data. This information is then used to verify the fees paid to the miner, and thus eliminates the attack.
However, this poses a multitude of problems:
- Because the original specification did not specifically allow for additional prior transaction data; The interface layer between Wasabi and Trezor devices strips down that prior transaction data from the PSBT, which in turn makes the Trezor wallet think that the PSBT it received is invalid because of the missing data, hence rejecting its authentication and effectively preventing the user in spending their bitcoin.
- The software wallet may also not have the required previous transaction data from the Bitcoin blockchain and thus it may need to acquire that whilst preserving the privacy of the user. This may be impossible or resource-intensive.
- The PSBT file size might increase significantly in case the input coins was from a CoinJoin or any other large transaction. Imagine if you’ve included 2 coins from your recent Wasabi CoinJoin, the wallet will then need to include the large CoinJoin transaction data twice. The enlarged PSBT could cause problems in transmission to the Trezor device or other hardware wallets that may not necessarily support the large PSBT sizes.
In light of the aforementioned problems, we at Wasabi Wallet are urging our users with Trezor hardware wallets to hold off updating their devices to firmware version 2.3.1 (Trezor Model T) and version 1.9.1 (Trezor One) and also avoid updating their Wasabi Wallet installation until the team can make a proper fix to this issue.
Until then, we hope for your continued patience amidst this issue. Thank you.
Addendum: We are advising users to not update Wasabi Wallet until the fixes are out due to the potential of bad actors distributing a malicious copy of Wasabi Wallet and exploiting the vulnerability.