Wow! Just wow. A huge kudos to this man, imagine if it was held by malicious actor and never shares to this to trezor.

I wonder if he get bounty bug reward from trezor considering this is a great find. I see their bounty bug page ^[1] but seems still outdated https://trezor.io/security/