diff --git a/firmware/fsm.c b/firmware/fsm.c
index 9f6237d1fd..532ec14f8d 100644
--- a/firmware/fsm.c
+++ b/firmware/fsm.c
@@ -318,10 +318,7 @@ void fsm_msgWipeDevice(WipeDevice *msg)
 		layoutHome();
 		return;
 	}
-	storage_reset();
-	storage_reset_uuid();
-	storage_commit();
-	storage_clearPinArea();
+	storage_wipe();
 	// the following does not work on Mac anyway :-/ Linux/Windows are fine, so it is not needed
 	// usbReconnect(); // force re-enumeration because of the serial number change
 	fsm_sendSuccess(_("Device wiped"));
diff --git a/firmware/protect.c b/firmware/protect.c
index 53f5791a9b..205b91c798 100644
--- a/firmware/protect.c
+++ b/firmware/protect.c
@@ -30,6 +30,8 @@
 #include "debug.h"
 #include "gettext.h"
 
+#define MAX_WRONG_PINS 15
+
 bool protectAbortedByInitialize = false;
 
 bool protectButton(ButtonRequestType type, bool confirm_only)
@@ -183,14 +185,23 @@ bool protectPin(bool use_cached)
 		fsm_sendFailure(FailureType_Failure_PinCancelled, NULL);
 		return false;
 	}
-	if (storage_increasePinFails(fails) && storage_containsPin(pin)) {
+	if (!storage_increasePinFails(fails)) {
+		fsm_sendFailure(FailureType_Failure_PinInvalid, NULL);
+		return false;
+	}
+	if (storage_containsPin(pin)) {
 		session_cachePin();
 		storage_resetPinFails(fails);
 		return true;
 	} else {
-		fsm_sendFailure(FailureType_Failure_PinInvalid, NULL);
-		return false;
+		if (~*fails > MAX_WRONG_PINS) {
+			layoutDialog(&bmp_icon_error, NULL, NULL, NULL, _("Too many wrong PINs"), _("entered. Storage has"), _("been wiped."), NULL, _("Please unplug"), _("the device."));
+			storage_wipe();
+			for (;;) {} // loop forever
+		}
 	}
+	fsm_sendFailure(FailureType_Failure_PinInvalid, NULL);
+	return false;
 }
 
 bool protectChangePin(void)
diff --git a/firmware/storage.c b/firmware/storage.c
index 35e6fc0634..6eba0806ef 100644
--- a/firmware/storage.c
+++ b/firmware/storage.c
@@ -622,3 +622,11 @@ void storage_setU2FCounter(uint32_t u2fcounter)
 	storage.u2f_counter = u2fcounter - storage_u2f_offset;
 	storage_commit();
 }
+
+void storage_wipe(void)
+{
+	storage_reset();
+	storage_reset_uuid();
+	storage_commit();
+	storage_clearPinArea();
+}
diff --git a/firmware/storage.h b/firmware/storage.h
index 18f85d4947..0b27f3f200 100644
--- a/firmware/storage.h
+++ b/firmware/storage.h
@@ -73,6 +73,8 @@ bool storage_needsBackup(void);
 void storage_applyFlags(uint32_t flags);
 uint32_t storage_getFlags(void);
 
+void storage_wipe(void);
+
 extern Storage storage;
 
 extern char storage_uuid_str[25];