List of all known attacks

I read up on the forums before posting and I wasn’t entirely sure what the right answer is to this question:

Is it possible for someone to take my crypto without me willfully providing my private keys?

If the Trezor is plugged into my computer and unlocked, can malware or something like that just take my crypto?

If I have Trezor Suite open, Device plugged in and unlocked, and go to My Ether Wallet… get distracted for a second and start browsing, am I at risk?

Also, is there some sort of organized quickly readable list of all known attacks and how to avoid them? Something better than skimming through the scams pages of the forums.

Thank you

I’ll try and answer this line by line:

  1. no, but if they get your keys or seed or you sign a wallet draining contract, you funds will be gone.
  2. no because you have to press buttons on the trezor to do the signing, more of an issue if it was left unattended and someone came and got it.
  3. no, you’ll be fine.
  4. uummm not that I know off.

The main risks involve the seed, never enter that on a device EVER or photograph the seed etc. The seed belongs to the trezor and on a piece of paper in a safe… that’s it.

The ONLY POSSIBLE exception to this could be where you think the seed may be compromised and you want to reset the trezor to a new seed. You could then put the seed into MetaMask (or some other hot wallet) to gain access to the funds directly, then reset the trezor to a new seed and then transfer the funds immediately back to the trezor.

Or you could not do the above and just transfer the funds to a hot wallet elsewhere (with it’s own seed).

With ETH and similar chains be careful to NOT sign wallet draining contracts.
For potentially wallet draining contract signing, use a hot wallet with only 1$ of ETH in.