Compromised wallet

I would like to ask if someone can help me about an issue I faced . I have to inform you that I use a trezor hardware wallet connected to metamask wallet. And all the transaction that I make they have to be confirmed from my trezor wallet. My seed phrase is written in a paper and stored securely. Neither in my phone nor in my laptop or other electronic devices. Although all the above precautions I observed when I logged in that someone withdraw 1632 usdt from my wallet. I was mining usdt from dappusd miner site. All the other coins that I have in my wallet are still there. I wanted to ask you how is this possible to happen? Are my rest coins and projects that I own are secure? Is any possibility to return the funds back to me?

Hi @Kostasrigos,

I’m sorry to hear that you have lost money. There are only two possibilities for this to happen:

1. Someone authorized a transaction on your Trezor to send the USDT someplace.
2. Your seed (and Passphrase, if used) was compomized somehow and a scammer withdrew the funds directly from the blockchain. This would not need a confirmation on your Trezor, since the owner of the seed has full access to your funds in the Standard wallet.

No. Until you know more about what happened, your funds are not safe. You should move your funds out of your wallet and into another wallet, then do a Factory reset on your device and reinitialize it with a new seed. Then you can move funds back to your new Trezor wallet.

In case someone got their hands on your seed they can mirror your wallet on another device and withdraw/transfer everything to another wallet. Unless you have your funds stored in a Hidden wallet, then they’d need your Passphrase too for accessing that wallet. But for the Standard wallet, only your seed is required for access.

since your other coins are still there, then most likely it this was the issue, some shady smart contract that allowed withdrawal

Thank you for your reply.

I don’t think they have my seed phrase because i haven’t store it into any electronic device. It’s security hidden in hard copy. Also today I checked and nothing else is missing. I revoke from etherscan this usdt miner site to eliminate any other connection with unknown sites.