Hacker moved 0.5 ETH from my cold wallet managed by Trezor to an address that looked very similar to my hot wallet (same first 4 digits, same last 4 digits so if you looked in metamask the two addresses look the same).
My seed phrase is written down and stored securely and not on my computer. I did not use a passphrase.
Hacker tried to disguise the transaction by: 1) sending the normal amount of ETH I usually send between my cold and hot wallet; 2) making it appear that the ETH was being sent to a wallet with an address similar to my hot wallet.
So this is a sophisticated hack, not a scam, not phishing. Appears that hacker cracked my seed phrase but not sure how that could have happened.
I have since moved my ETH and NFTs to a different hardware wallet.
I reported this to Trezor support but no response so far.
Thank you this is exactly what happened. All funds are SAFU!
The hacker created a phony transaction which appeared to send 0.5ETH from my Trezor cold wallet to my Metamask hot wallet. In fact, the transaction sent fake tokens (“ETH…” not Ether) to a real wallet address engineered to look like my own wallet.
Effectively, the hackers are exploiting the fact that a hacker can execute fraudulent transaction which then show up in the wallet transaction log. In this case, the Trezor Suite lists the fraudulent transaction as if it were 0.5ETH when it is a transaction with a phony “ETH…” token.