I have had the impossible happen according to reddit, please help


I will try to get it all in and be concise. Apologies for the long post.

So I tried to post to reddit but got scammers in my inbox and arrogant [email protected] telling me I’m lying and attention seeking!

So this morning I went onto my decoy wallet (non passphrase protected) on my windows7 64 bit AVG protected pc with Tor enabled in suite. I sent a 10usd test then followed with about 12K usd. Immediately after another 10usd transaction posted followed by a 0 value one, then a 3 in one ‘multi token’ transaction sending 3 x 10usd to a single address similar to the one I’d successfully sent the other usd too. So in total as of last time I checked 3 transactions in around 20-30 seconds appeared right in front of my face! No one has ever gotten to my trezor or my seed 100%.

I put the details of my pc as it’s been said on reddit that I’m an idiot for using windows 7 etc. Point is I thought it was safe! I thought if you followed all the advice and kept your seed and device safe you were good regardless.

Also to make things even weirder. I had 5 “scam tokens” as well as my usd on the token page. But right after this happened I went to the page to see if they’d taken any more etc and 2 of the tokens had changed their appearance and value? they now show as USD-Tether USD (USDT) where as the real one doesn’t have the last bit in brackets. They said something like “Tether claims .com” etc before and had an amount of value I’m sure. But now showing as 0. The maddest bit is I haven’t logged in since as I’ve been made paranoid by the reddit crowd and want to get a new dedicated laptop now before connecting again. I’ve updated suite and was going to update the trezor too and try to see if anymore has gone. I can’t even work out of any of my balance is gone as I don’t know exactly what was there before. All the transactions show as USD in the transaction stream. So I don’t know if they are my money or the scam tokens? I’ve deffo not interacted with any scam tokens ever. All I’ve ever done is receive, send and store. Plus update periodically both suite and the devices. But I daren’t even connect my trezor incase they get in again. I have about 40K left of USD a few bitcoins and a good few ether on there. So I can’t afford to loose it all! I need to proceed as carefully as possible. I also can’t wait 4 days for the ticket I’ll loose my mind!

Please help, what should I do?

If you have submitted a Support request and have a Ticket ID, please post the Ticket ID here and wait for Community support to reply to you on email.

your explanation is unfortunately super confusing, but from what I understand, no coins of yours are actually missing?

there are transactions in your history that you didn’t make, but they are either (a) sending things to you (scam tokens) or (b) sending things out, but zero amount.

is that correct?

If yes, then there is nothing for you to worry about. Both the scam tokens and the outbound zero transactions are spam. Last time I checked, Trezor Suite should be able to mark the transactions as appropriate, but I don’t know how well that works in practice.

Scam tokens are the obvious one: you make a transaction, this tells the world that an address exists, so a scammer pays the fees to send you a 100 of a token called “Come to my-totally-legit-and-not-a-scam-domain.club and claim your 100% free tokens”. Hoping that you’ll think “hey free tokens” as opposed to “this smells fishy as hell”.

There should be an ignore-list for these things, but it’s like spam in your mailbox, the spammers are actively combating the filtering.

The outbound ones are more tricky, but basically, for reasons unknown, anyone is allowed to send any token from any address to any other address – as long as they don’t overstep their allowance.

So for instance, my allowance for your tokens is zero.

That means that I am allowed to send zero tokens away from your account!!
(why? beats me.)

So what the scammer does is, they see you’re sending tokens to an exchange.
So they spam you with a couple transactions that are going from your account, to an address that … looks similar to the exchange address, but is in fact under the scammer’s control.

And next time you’re too lazy to log into the exchange and check the full address, you’ll just copy-paste the last one you see.

So don’t do that.

Again, I recall that Suite will show you some yellow exclamation marks next to the transaction and says “this looks fishy, maybe don’t interact”.

(why isn’t the transaction completely hidden? well, another thing you need to know about Ethereum is that it is a massive ecosystem, so in other words, unholy mess. for all we know, there is a legitimate reason to want to send zero token transactions and a legitimate reason to want to see them in your history.)



My ticket id is 166464.

There are transactions for 10usd. But I now suspect they are the scam tokens. The scam tokens changed their name and the balance is now 0. So I think they somehow changed the name of them to USDT and made it look like they had hacked me. When I’ve checked etherscan only my 2 genuine transactions are showing. Yet on my screen it looks as if there are multiple transactions for usdt. So I’m not sure if this is simply a more sophisticated version of the poison address attack? The bottom 2 transactions are me.

yeah, I think you got it right. it’s called “USDT” but it is in fact some zero value token.

I wonder how they managed to indicate the name USDT and whether it would be possible to filter based on that.

Its also crazy how they managed to change the name of their tokens and the amount. There were a few hundred of some scam tokens with names like tether claims. Com or something. Now 2 of them are showing as tether usd (usdt) with balance of 0. But only the 2 value transactions have been spent from what I can tell. The single 10 and the multitoken 3x10. So 40 in total.

So did your 12,000 USD ARRIVE SAFELY?

From what I see this is, it’s called a poison wallet attack(look on YouTube that I will explain it better than me)

Let’s say

ME AS A SCAMER i’m watching your walletsI see you have large amounts in there

1)they generate an address where is similar to one of yours
2)in the hopes that you will just copy from your transaction HISTORY(believing this to be one of your own wallets because it looks so similar, but it is actually mine

  1. Once you send funds to my address, they belong to me you will never get them back.


  1. you always get your address from the receive tab(this means actually going into your wallet that is going to receive the tokens clicking receive and copying the address.)

  2. you do a small test transaction you say land, but then you go back to the wallet that sent the funds and actually confirm that YOUR TRANSACTION landed

points to note
A scammer is hoping you’re going to be lazy and pick an address from your transaction history but the address is their address. Also confirm your transaction has landed they could send a transaction with a real high fee so it lands quicker the transaction wasnt actually yours because it got there first.

Yes the money all arrived safely.

I just can’t believe that scammers can make stuff appear on my wallet!! So not only can they immitate usd wallets, but they can also add tokens without you even recieving them wtf!? I have one that is 0 value which has a warning attached. But the others are for 10 usdt and appear exactly the same as my genuine transactions, so yes this is a very sophisticated and well thought out attack. This is why I originally thought my wallet was being emptied bit by bit in front of my eyes!

Plus side… I have now got a new dedicated laptop with the latest software. It’s deffo given me a kick up the backside.

I think the team deffo need to find a way to rid these fake coins and so on from our wallets.


you have been lucky not to panic and send the funds into a scamers wallet

take this leson for here on NEVER PLUCK AN ADDRESS FROM transaction HISTORY(it might look all but 1 letter diffrent)

you will always do these 3 rules

  1. go into the reciving wallet CLICK RECIVE TAB get the address from there
  2. send a small amount(you did anyway the $10 test)
  3. what happends on the device screen(address its getting sent to) is where its going if its a close but not your address you will lose your FUNDS

YOU WAS VERY LUCKY :slight_smile: