I got a $100 Amazon gift card from work. I see that they have trezor hardware wallets on Amazon and want to buy one. It says it’s sold by Trezor company and ships from Amazon.
I only ask because everyone says to buy from the trezor website, but this looks like their storefront as well and I want to use this gift card.
If the seller on Amazon is trezor then you’re dealing with the legit retailer
There is a very very very small and unlikely chance of an Amazon driver or warehouse worker will guess which box is a trezor and also happen to know a hacker and a hardware tamper guy
I think you’ll be fine as long as the seals are intact and is not 2nd hand
I bought mine from trezor Amazon store. I still sleep like a baby
Perfect, this is what I was hoping to hear. I figured as much as I e had similar experience with other companies and seeing it was sold by them, but always want to ask.
You're probably OK, but the threat is more about supply-chain when Amazon is involved, not someone tampering with a real one at the warehouse or delivery.
I wouldn't buy from Amazon if it's shipping from their warehouse.
When Amazon has multiple stores that sell the same item, they don't necessarily keep the products separate. The items from the official store and other stores get put into the same bin, and then a random one is grabbed when somebody makes a purchase. Or they can all be in the system as the same item, so the picker will just pick from whichever bin is closest to save time.
So even though you purchased from the official Trezor store, there is no guarantee that you received a Trezor that didn't come from another store.
Some people have said that Amazon doesn't do this with every product, and for some things, you will get it from the official store every time. I don't have enough knowledge about the inner workings of an Amazon warehouse to say whether or not this is true. So I'd rather be safe and just not order from Amazon.
Scam Warning! Scammers are particularly active on this sub. They operate via private messages and private chat. If you receive private messages, be extremely careful. Use the report link to report any suspicious private message to Reddit.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
Most likely fine but why take the risk?
Because I have a gift card I want to use. Hence why I was asking.
You can use amz gc for anything but the wallet could literally hold millions why risk it; buy direct
Would you buy an actual wallet with a 0.00000000001% chance of randomly despawning your Benjamin’s? Just bc you had a gift card
I was just simply wondering if there was risk involved with it. It seems that there might be simply because it’s in an Amazon warehouse and not a trezor warehouse.
Does not make much sense to me how or what the difference is, but most people seem to think that there is.
There is some risk even if you order it directly from Trezor. It's all about minimizing risk. You'd probably be OK with Trezor store on Amazon, but this is one of the few times in life where why add any risk to save a bit of time or a few dollar?
This
What if the Trezor employee is disgruntled and has tampered with your Trezor? Better not use it
In reality, there is a tinny microscopic risk buying this product. Everything from employees to supply chain, to delivery
Do your best to minimise the steps but it’s way more risky to not have a cold wallet but the chances of purchasing a tampered wallet from a brand new seals box is like 0.0001%
You’re more likely to fuck up your seed phrase
Yeah, the only reasonable alternatives are sourcing the components and building one of the open-source ones. There are probably more, but I know people have built Blockstream Jades, and then there is the popular Seed Signer (which you can completely DIY, or buy kits or various components partly done).
Then there is the software aspect... several are open-source, but you're ultimately trusting the community a bit unless you can read/understand the code. But, at least if you download it and take all the precautions, you'll have one equivalent to what anyone else in the community is using, and known to be untampered with.
Or, if you have enough Unix knowledge, you can set your own off-line computer system up to essentially do what a hardware wallet does. But, for most people, I think that would introduce quite a bit of risk.
I just say... go as far as you're able, but don't take shortcuts. I've heard people say... 'but the shipping costs more' (to get it directly from the manufacturer), and I'm thinking... you're going to risk large amounts of your value storage and future to save a bit on shipping?!
another option if you didnt want to buy the trezor on amazon, maybe buy the Trezor from the official website and buy a metal keystone from amazon to store your seed phrase on it?
I bought a Model T from that seller on Amazon and it's fine.
It’s fine. I got mine through Amazon. Just make sure all the seals are intact.
Ensure that you're buying from an authorised reseller by following the relevant link on Trezor's list on their own website: https://trezor.io/resellers
Amazon is listed on their own website. Why are people so sketched out about it….
Yes, indeed, my point is just to make sure that you're buying from the right vendor on Amazon.
Even so, some people are concerned about the possibility of supply-chain attacks, and thus choose to only buy directly from the manufacturer.
That is valid and something I will consider. But it’s the same supply chain except one extra warehouse.
To some extent... maybe.
It is possible someone fools Trezor (or whatever hardware wallet maker) and slips in some compromised units into what Trezor is having manufactured for them (as I doubt most of the companies make the wallets themselves).
It's just easier to get some compromised or fake units into the Amazon supply.
The problem isn't that some manufacturer sends 100 units to Trezor and 1000 units to Amazon... and then someone messes with the Amazon batch at or going into their warehouse. That's possible, I suppose, but you've got the tamper stuff to deal with.
The problem is more that you might have the real manufacturer, and then some other maker that can pull off a convincing replica that is compromised... and gets them into Amazon's supply. That would be much harder to do to Trezor directly.
I honestly just wouldn't risk it. Probably OK, but isn't there something else you can use the gift card for on Amazon... and just order the Trezor directly?
I'd never cut-corners with my Bitcoin setup.
Funny thing about Amazon. Many sellers will show the link to the actual manufacturer store and then sell form a different store...
If you are buying the safe 3 its slightly more secure buying directly from trezor due to this
https://blog.trezor.io/trezors-multi-layer-defense-against-supply-chain-attacks-54541f410389#5ba1
But at minimum update the firmware yourself before using all trezor hardware wallets