Account hacked - sophisticated attack

Hacker moved 0.5 ETH from my cold wallet managed by Trezor to an address that looked very similar to my hot wallet (same first 4 digits, same last 4 digits so if you looked in metamask the two addresses look the same).

My seed phrase is written down and stored securely and not on my computer. I did not use a passphrase.

Hacker tried to disguise the transaction by: 1) sending the normal amount of ETH I usually send between my cold and hot wallet; 2) making it appear that the ETH was being sent to a wallet with an address similar to my hot wallet.

So this is a sophisticated hack, not a scam, not phishing. Appears that hacker cracked my seed phrase but not sure how that could have happened.

I have since moved my ETH and NFTs to a different hardware wallet.

I reported this to Trezor support but no response so far.

I think what happened to you is similar to this:

1 Like

Hi @ckeene,

I can confirm that from your description, it looks like you are a target of address poisoning attack.

Please, find more information in this thread: Has my trezor been hacked ?

You can find more information on address poisoning attack in this article:

Your recovery seed hasn’t been cracked and attackers do not have your private keys. If you will not send funds to the fake address yourself, they cannot steal your funds.


Thank you this is exactly what happened. All funds are SAFU!

The hacker created a phony transaction which appeared to send 0.5ETH from my Trezor cold wallet to my Metamask hot wallet. In fact, the transaction sent fake tokens (“ETH…” not Ether) to a real wallet address engineered to look like my own wallet.

Effectively, the hackers are exploiting the fact that a hacker can execute fraudulent transaction which then show up in the wallet transaction log. In this case, the Trezor Suite lists the fraudulent transaction as if it were 0.5ETH when it is a transaction with a phony “ETH…” token.

Very scary!