All coins gone from Model T

Zedster · March 27, 2023, 12:28pm

Is there anyone that can help me figure out how someone stolen my entire portfolio from my Trezor?

Petosiris · March 27, 2023, 12:57pm

Sorry to hear about your loss of funds!

There are only two possibilites.

Either someone got hold of your Trezor device and signed an outgoing transaction, or
Someone got hold of your Recovery seed (and Passphrase, if used) and emptied your assets directly from the blockchain.

Please search this forum, there are many similar questions – and good answers to them.

Edit: There are a few possibilities you’re not seeing your assets in Trezor Suite, even if they are in the blockchain:

You haven’t added the coin’s Account to your wallet in Trezor Suite yet,
You have the Remember function turned ON so the Discovery procedure don’t search the blockchain(s) for your coins,
You look in the wrong wallet. If you have stored your coins in a Hidden wallet, then you must enter the correct Passphrase or otherwise a new and empty Hidden wallet will be created for you instead.

ffvddfed3 · March 27, 2023, 1:22pm

3rd way

BAD smart contract can drained an wallet without device or seed

Zedster · March 27, 2023, 1:23pm

Nope none of those things happened. My Trezor has not left the place it was and the recovery phrase is only on a piece of paper in my house that no one has touched.

And I can see that all my assets have been moved to new addresses in block explorers. I have been in crypto for over a decade. The BTC lost is from 2012.

Zedster · March 27, 2023, 1:28pm

Can someone tell what the current version of firmware is for the Model T?

ffvddfed3 · March 27, 2023, 4:11pm

Looks like Trezor Model T firmware 2.5.3(November)

Post a screenshot of the transactions. Let’s see if I can help you get to the bottom of this. Can you tell us what tokens or stolen obviously bitcoin was there any ETH stolen?

Zedster · March 28, 2023, 4:31am

Yeah both a BTC addy and an ETH addy.

What do you want to see, the addys?

Zedster · March 28, 2023, 5:32am

Here is the ETH addy 0xe55d58E98DD3abb41c4Faa82Ba106a7d80464EF4

ffvddfed3 · March 28, 2023, 8:24am

Ok I will have a look later tonight

First question, were funds in a standard Wallet or a Wallet also protected by passphrase?

ffvddfed3 · March 28, 2023, 8:46am

2nd question, can you list the last known date of your known transactions

before the problem started also, I see you was interacting with uni swap (what is this you?)

ffvddfed3 · March 28, 2023, 10:10am

Think I found the problem

BAD SMART CONTRACT(these do not need your seed pin code or device. I can literally bypass all that.)

pal, go onto revoke website

Pasting your address there’s a unlimited spending limit on the 1 inch coin.

If this was you and you signed it what you’ve actually done is basically given somebody the ability to move and spend they wish your Ethereum ADDRESS and everything links that wallet address

Zedster · March 28, 2023, 10:13am

Yeah that is very old but from what Trezor support has begin to tell me this shouldn’t affect my BTC addy. So it seems maybe this was done by someone I know.

ffvddfed3 · March 28, 2023, 10:49am

I believe they are correct, however, the unlimited spend is always extremely dangerous. Was you doing Any kind of steaking with your BTC

What’s you Bitcoin address?

ffvddfed3 · March 28, 2023, 10:52am

Yes, in that case, there are 2x options.

1)Somebody had your device and pin code. (manually, moved funds)

2)they have got a copy of your SEED and pass phrase(if used)

ffvddfed3 · March 28, 2023, 6:47pm

your 4 ETH IS in 0xcDd37Ada79F589c15bD4f8fD2083dc88E34A2af2

trans id
0xc126f652afccc0c0530db66f751b2edd53c3e4ce45608055e3d7901d8addf3aa

Zedster · March 29, 2023, 1:36pm

4 ETH? I lost a bit over 50

ffvddfed3 · March 29, 2023, 2:35pm

Ok what date was YOU last using the wallet??

Zedster · March 30, 2023, 1:31pm

Whatever the transaction was before the transactions that start on Feb 14. Probably was taking rewards from a Uniswap pool. Or possibly swapping some ETH on Lido or maybe it was 1Inch. It was a while back and this is really doing a number to my head. My retirement future is very bad now. I stopped paying attention to crypto right after the Terra implosion. I got hit hard there. But that was nothing like this. This was my “Don’t touch bag”.

It is looking like someone at my work stole my seed out of my 1Password account. But proving it will be real hard.

forgi · March 30, 2023, 1:36pm

First rule is never to enter your seed anywhere online or digitally.

That is exactly what happened, your seed got stolen from password manager and they stole your coins as other users have already pointed out.

Maybe the ETH was bad smart contract but it does not matter, it is clear that your seed was compromised this way.

ffvddfed3 · March 31, 2023, 5:51am

Because your BTC was removed, I would say it is a compromise seed

1)I would Advise if any crypto connected to the seed remove it because it is not safe/secure

use the passphrase in addition to the seed(check the past phrase is correct multiple times by retyping it & cross checking, wallet, addresses that you see linked to it ect…
there is never wrong past phrase there’s only a missed typed one)
still do not store anything digitally

What I suspect has happened is somebody has got into your password manager found your SEED and wiped you out

Any questions ask away we are here to help as a community