All Crypto Stolen From Phishing Scam Within Trezor Wallet

I just had over $29,000 in crypto stolen from my Trezor Wallet. I believed it would be extremely secure there. Today, when I updated the wallet, I noticed a message: “Visit GALATOKEN dot ORG to claim rewards.” It was under the Etherium ECR-20 tokens section (I can provide a screen shot). I assumed it was some kind of token distribution, I thought, “Trezor is highly secure; there’s no way there could be a phishing scam on the device itself.” I reasoned, “If it’s stated on the Trezor wallet, it must be legitimate.” Regrettably, I visited the website that was stated on the Trezor wallet. When the website prompted me for my passcode (seed phrases) to connect, I provided it. Within a minute, all my cryptocurrency was gone. They had my seed phrases and stole everything.

I was naive. I believed Trezor wallets were infallibly secure. Never did I imagine there could be a phishing scam within the wallet itself. I’ve just submitted a ticket (Ticket ID: 210315).

1 Like

I got same problem february 6th everything was stolen and I have much more that you have… I’m very disappointed for that and it change alo my life in woirst of course. I neve imagine that trezor wallet was so easy to break…

1 Like

I feel sorry for you. Really sorry…
I know it’s easy for me to say this now after the event…

But, the golden rule with any wallet is:
never type your seed phrase into a website, or anything like that.

Once you initially setup your hardware wallet and it gives you the seed on screen to write down, you never use the seed again, unless you break the hardware wallet and need to recover your funds onto another wallet. There are NO exceptions to that rule. (well at least none I know of)

If people want to send (airdrop) stuff to you, they only need the public address. If they want more, probably they are going to steal from you.

2 Likes

You are right. I own that. However, I naively trusted the Trezor wallet. I would never have thought there could be scams that would exist in the app itself. It just never crossed my mind. I knew not to do that online in general. How could anyone trust the Trezor app if they could allow phishing links in the wallet itself? Now I know that Trezor can’t be trusted in that way. Now I know they could allow phishing scams to be on the app itself. And, I will make this fact known.

1 Like

The trezor app just pulls down the same blockchain data as blockscan and others do, so the issue is with the data against your account on the blockchain itself. Not sure they could do much about this.