Local-only Transport

Bridge runs on your machine and only listens on a local interface. Requests must originate from applications running on the same computer, reducing remote attack surfaces.

Cross-platform

Installable on Windows, macOS, and Linux. Distributions include installers and packages suited to each platform, and common instructions for permission configuration.

On-device Verification

Every sensitive action — address generation, transaction signing, or firmware updates — is confirmed on the Trezor device. The device display is the single source of truth.

Developer-Friendly

Bridge exposes a simple JSON-RPC style interface together with client SDKs that make it easy for Web3 apps to interact with hardware safely and consistently.

Safe by Design

Bridge performs origin checks, operates locally, and delegates cryptographic authority to the hardware — it never exposes private keys to the host environment.

Easy Troubleshooting

Common issues (permissions, udev rules on Linux, or port conflicts) are straightforward to resolve with simple checks: restart, reconnect, and verify permissions.

Download & Install

Choose the package for your operating system. The installer is lightweight and places a small daemon on your machine that will start when needed. On first run you may be asked to accept USB permissions — allow them only when you trust the host environment.

Quick installation notes

  1. Windows — run the installer and follow prompts; you may need administrative rights.
  2. macOS — open the package and copy to Applications; grant USB access if requested.
  3. Linux — install the .deb/.rpm or extract the tarball; add udev rules for non-root access and reload the rules.

After installing, plug your Trezor in and verify that your chosen application (Trezor Suite or another trusted client) can see the device. If the app prompts, approve the connection, then verify actions on the device screen.

Using Bridge safely

Only grant Bridge access when using trusted applications. Do not install Bridge or accept prompts on unfamiliar machines. Bridge is intended for local use; it is not a remote gateway — treat it as a tool that helps applications talk securely to your hardware wallet.

Frequently Asked Questions

Do I need Bridge for browser wallets?

Bridge provides a consistent, secure connection method for browsers to talk to a hardware wallet. Many dApps and wallet interfaces expect Bridge or an equivalent local connector.

Can Bridge access my private keys?

No. Bridge only forwards structured requests and responses. The hardware wallet keeps private keys on the device and requires physical confirmation to sign anything.

What should I do if the device is not detected?

Try a different USB cable and port, avoid USB hubs, restart Bridge and the client application, and on Linux ensure udev rules are installed for device access.

Is Bridge open to the network?

By default Bridge listens on localhost only. It is not exposed to the wider network unless explicitly configured otherwise — keep it that way for safety.

Best practices

  • Always verify transaction details on the physical device screen before approving.
  • Keep Bridge and your wallet application updated to the latest official releases.
  • Avoid public or untrusted machines for signing or initialization.
  • Back up your recovery seed offline using durable, non-digital media.
  • For developers: implement strict origin checks and minimal logging of sensitive payloads.