All my funds being stolen from my wallet TOne!

A month and a half ago i bougth Trezor One wallet. After a couple of days i deposit Ethereum and Bitcoin int it. Today i suddenly try to check my balance and reailesed that it is 0. In one moment (14th of November) someone had an access and make 2 transactions to wipe out all the funds. Seedphrase was written in special list of paper and keeping safe in my ownd house. Please help me to recognize how it can be happened?

1 Like

Hi @Alextall82

I am sorry for your loss.

there are basically 2 scenarios of what could have happened:

  1. Either some other person used your Trezor physically for confirming the transaction

  2. Your private keys (represented by your recovery seed) were compromised and the attacker used them to sign the transaction. This is possible since you can recover your wallet including your private keys by performing a recovery with a compatible wallet.

Do you remember entering you seedphrase on some website (or answering the email where you were asked for your seed) in the days before 14th November ?
I am asking as if you can absolutely rule out first option you were most probably phished.

-Either some other person used your Trezor physically for confirming the transaction

No,only i used my Trezor One two times before that happened

-Your private keys (represented by your recovery seed) were compromised and the attacker used them to sign the transaction. This is possible since you can recover your wallet including your private keys by performing a recovery with a compatible wallet.

Its impossible, because the list with 24 words was never been written or snapshot in any device or physical person. It keeping safe in place which only i know inmy house.Even some member in my family sudddenly find it, they dont know how to manage crypto wallets at all…

For now i have only one version of this hacking - the chipset with seed phrase generator was initialy changed to a fraud microcontroller. This microcontroller made a seed phrase which is known by 3rd parties. They wait for several weeks (to fill the deposit clear) and then make a copy of my wallet with known seed phase (made by wrong chipset)…

if you have purchase the device on https://shop.trezor.io/ or one of our official resellers and it came without any sign of tampering the scenario you have described is impossible.

Generating the mnemonic phrase (your recovery seed) can’t be known by 3rd party as your seed never leaves the device. The onboarding process can actually be done offline as well.

So I am afraid that the only possible scenario would be exposure of a recovery seed to a third party (e.g. on some phishing website).

Unfortunately i bought it from not-authorized reseller, but package was offical without any doubts its authetic.
“So I am afraid that the only possible scenario would be exposure of a recovery seed to a third party (e.g. on some phishing website)” How it can be possible? Because:
“Generating the mnemonic phrase (your recovery seed) can’t be known by 3rd party as your seed never leaves the device.”

In this case how can i check is my device authetical? The firware installed without errors, Trezor Suit initiated it OK…

By saying that I meant that the only possible scenario would be that you exposed your seed on some malicious website.

Here is an example of how this works:
Some malicious actors create an almost identical copy of the Trezor Suite site https://suite.trezor.io/ and register a seemingly familiar domain with some variant of “Trezor” in its name. Then they pay Google ads to promote this domain with the fake site to get it amongst the top search results for “Trezor”.

After a potential victim (you, in this case) arrives at this fake site, they are presented with some fabricated technical error message and prompted to enter their recovery seed to regain access to their accounts.
After entering the seed words into a prepared form, the seed is forwarded to scammers running the site who, at that point, gain access to all funds of the unfortunate victims falling into this trap and send the funds away. The fake-site visitor is then typically redirected to our genuine site to minimize the confusion.

Since each transaction must be signed by using private keys of the respective address and considering the fact that Trezor has never been hacked remotely and it’s designed not to reveal private keys (essential for creating a transaction) to anyone, not even to you even if it’s needed what was mentioned above is most likely how your coins got stolen.

“and prompted to enter their recovery seed to regain access to their accounts”
Excluded.If i would did it, i remember it. I clearly understand that my mnemonic phrase was never entered on any device! And my parer wasn`t dissapeared.

How can i check my devices serial number with your support? Ive cheking my package start suite - its original including the tamper.

Likely your failing here was buying from a non authorised reseller. You cannot guarantee its authenticity since you bought from elsewhere… always buy from an approved source. If your savings a few dollars from your seller, is it really worth it…??