Crypto stolen without device

Hi there, i see that over usd 50k (full amount in three transactions) was send from my wallet. I did not send it . I have a few questions:
Can someone send crypto without the device? What do they need in this case?
Is it possible that with a so-called trezor update crypto can be stolen
Thanks so much

Please, read the similar topics before creating duplicate:

And open the support ticket, please. if you need further assistance.

In the situation someone has access to the seed words (for me these were stored in a vault) they can generate and authorize transactions without the device. Is this correct, why do you need a hardware wallet in this case?

yes, that is correct, the benefit of HW wallet is that it stores the keys offline and you use the device to sign transactions, as opposed to SW wallets where the keys can be potentially exposed.

there are basically 2 scenarios of what could have happened:

  1. Either some other person used your Trezor physically for confirming the transaction
  2. Your private keys (represented by your recovery seed) were compromised and the attacker used them to sign the transaction. This is possible since you can recover your wallet including your private keys by performing a recovery with a compatible wallet.

Is there any possibility to trace the individual. Clearly someone has had potential access to my vault

Thanks for the clarification. Really my biggest nightmare. I bought a HW to protect myself from platforms, which can be subject to scam.

Is there a possibility to trace the individual since it should be someone living/working in my home

You should contact your local authorities.

Yes sure. Just want to get understanding what data is available, for example log on data on the various devices related to the seed

There is no such data, seed does not work like that.

we have no information about the access logs of your account, the IP addresses or any user data. Also, we don’t have any information about the owner of the addresses where the funds were sent to since this is not publicly available info, we can only see the trace of the fund from the public blockchain, same as everyone else.
Without additional identifying details, the ownership of the address cannot be determined.

Since we are not a legal authority in this case, we cannot even request access to such information, at this moment I would suggest contacting your local authorities i, since they are the only ones with legal authority to request information from internet service providers etc.

A post was merged into an existing topic: My all tokens were stolen