diff --git a/modules/hardware-wallets.nix b/modules/hardware-wallets.nix
index d8d2871..905f126 100644
--- a/modules/hardware-wallets.nix
+++ b/modules/hardware-wallets.nix
@@ -62,7 +62,7 @@ in {
       });
     })
     (mkIf cfg.trezor {
-      environment.systemPackages = [ pkgs.python3.pkgs.trezor ];
+      environment.systemPackages = [ config.nix-bitcoin.pkgs.pyPkgs.nbPython3PackagesWithUnlockedEcdsa.trezor ];
       # Don't use rules from nixpkgs because we want to use our own group.
       services.udev.packages = lib.singleton (pkgs.writeTextFile {
         name = "trezord-udev-rules";
diff --git a/pkgs/default.nix b/pkgs/default.nix
index d9be881..4ba0acb 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -26,6 +26,7 @@ let self = {
   trustedcoin = pkgs.callPackage ./trustedcoin { };
 
   bitcoind_29 = pkgs.callPackage ./bitcoind_29 {};
+  inherit (self.pyPkgs.nbPython3PackagesWithUnlockedEcdsa) hwi;
 
   pyPkgs = import ./python-packages self pkgs.python3;
   inherit (self.pyPkgs)
diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix
index 0a3ea7f..dd6a95d 100644
--- a/pkgs/pinned.nix
+++ b/pkgs/pinned.nix
@@ -5,7 +5,6 @@ pkgs: pkgsUnstable:
     elementsd
     extra-container
     fulcrum
-    hwi
     lightning-pool
     lndconnect;
 
diff --git a/pkgs/python-packages/default.nix b/pkgs/python-packages/default.nix
index 96e6247..40266cd 100644
--- a/pkgs/python-packages/default.nix
+++ b/pkgs/python-packages/default.nix
@@ -33,4 +33,22 @@ rec {
   }).pkgs;
 
   nbPython3PackagesJoinmarket = nbPython3Packages;
+
+  # Re-enable pkgs `hwi`, `trezor` that are unaffected by `CVE-2024-23342` because
+  # they don't use python pkg `ecdsa` for signing.
+  # These packages no longer evaluate in nixpkgs after `ecdsa` was tagged with this CVE.
+  nbPython3PackagesWithUnlockedEcdsa = let
+    python3PackagesWithUnlockedEcdsa = (python3.override {
+      packageOverrides = self: super: {
+        ecdsa = super.ecdsa.overrideAttrs (old: {
+          meta = old.meta // {
+            knownVulnerabilities = builtins.filter (x: x != "CVE-2024-23342") old.meta.knownVulnerabilities;
+          };
+        });
+      };
+    }).pkgs;
+  in {
+    hwi = with python3PackagesWithUnlockedEcdsa; toPythonApplication hwi;
+    inherit (python3PackagesWithUnlockedEcdsa) trezor;
+  };
 }