All coins gone from Model T

Is there anyone that can help me figure out how someone stolen my entire portfolio from my Trezor?

Sorry to hear about your loss of funds!

There are only two possibilites.

  • Either someone got hold of your Trezor device and signed an outgoing transaction, or
  • Someone got hold of your Recovery seed (and Passphrase, if used) and emptied your assets directly from the blockchain.

Please search this forum, there are many similar questions – and good answers to them.

Edit: There are a few possibilities you’re not seeing your assets in Trezor Suite, even if they are in the blockchain:

  • You haven’t added the coin’s Account to your wallet in Trezor Suite yet,
  • You have the Remember function turned ON so the Discovery procedure don’t search the blockchain(s) for your coins,
  • You look in the wrong wallet. If you have stored your coins in a Hidden wallet, then you must enter the correct Passphrase or otherwise a new and empty Hidden wallet will be created for you instead.
1 Like

3rd way

BAD smart contract can drained an wallet without device or seed

1 Like

Nope none of those things happened. My Trezor has not left the place it was and the recovery phrase is only on a piece of paper in my house that no one has touched.

And I can see that all my assets have been moved to new addresses in block explorers. I have been in crypto for over a decade. The BTC lost is from 2012.

Can someone tell what the current version of firmware is for the Model T?

Looks like Trezor Model T firmware 2.5.3(November)

Post a screenshot of the transactions. Let’s see if I can help you get to the bottom of this. Can you tell us what tokens or stolen obviously bitcoin was there any ETH stolen?

Yeah both a BTC addy and an ETH addy.

What do you want to see, the addys?

Here is the ETH addy 0xe55d58E98DD3abb41c4Faa82Ba106a7d80464EF4

Ok I will have a look later tonight

First question, were funds in a standard Wallet or a Wallet also protected by passphrase?

2nd question, can you list the last known date of your known transactions

before the problem started also, I see you was interacting with uni swap (what is this you?)

Think I found the problem

BAD SMART CONTRACT(these do not need your seed pin code or device. I can literally bypass all that.)

pal, go onto revoke website

Pasting your address there’s a unlimited spending limit on the 1 inch coin.

If this was you and you signed it what you’ve actually done is basically given somebody the ability to move and spend they wish your Ethereum ADDRESS and everything links that wallet address

Yeah that is very old but from what Trezor support has begin to tell me this shouldn’t affect my BTC addy. So it seems maybe this was done by someone I know.

I believe they are correct, however, the unlimited spend is always extremely dangerous. Was you doing Any kind of steaking with your BTC

What’s you Bitcoin address?

Yes, in that case, there are 2x options.

1)Somebody had your device and pin code. (manually, moved funds)

2)they have got a copy of your SEED and pass phrase(if used)

your 4 ETH IS in 0xcDd37Ada79F589c15bD4f8fD2083dc88E34A2af2

trans id

4 ETH? I lost a bit over 50

Ok what date was YOU last using the wallet??

Whatever the transaction was before the transactions that start on Feb 14. Probably was taking rewards from a Uniswap pool. Or possibly swapping some ETH on Lido or maybe it was 1Inch. It was a while back and this is really doing a number to my head. My retirement future is very bad now. I stopped paying attention to crypto right after the Terra implosion. I got hit hard there. But that was nothing like this. This was my “Don’t touch bag”.

It is looking like someone at my work stole my seed out of my 1Password account. But proving it will be real hard.

First rule is never to enter your seed anywhere online or digitally.

That is exactly what happened, your seed got stolen from password manager and they stole your coins as other users have already pointed out.

Maybe the ETH was bad smart contract but it does not matter, it is clear that your seed was compromised this way.


Because your BTC was removed, I would say it is a compromise seed

1)I would Advise if any crypto connected to the seed remove it because it is not safe/secure

  1. use the passphrase in addition to the seed(check the past phrase is correct multiple times by retyping it & cross checking, wallet, addresses that you see linked to it ect…
    there is never wrong past phrase there’s only a missed typed one)

  2. still do not store anything digitally

What I suspect has happened is somebody has got into your password manager found your SEED and wiped you out

Any questions ask away we are here to help as a community