My all tokens were stolen

Bootloader 2.0.5
Firmware 2.5.3 by
SatoshiLabs

January 31, 2023. I just set up my Trezor Model T. my seed words are well protected I did not use password. All my crypto Bitcoin and Ether has been stolen via unauthorized transactions over several days. Trezor tell me they can do nothing. Cost to me approximately $21,000 Canadian.

John Oliver

Same thing happened to me today, January 31,2023. My Bitcoin and Ether both gone because of unauthorized transaction. Trezor support states they can do nothing sorry… and state your seed must have been compromised which complete horseshit. Goodbye $21,000 Canadian.

I had just finished transferring all my Crytro from my old cold wallet to my new Trazor T. Over a 3 day period all my crypto disappear due to an unauthorized transfer. Trezor fells bad but cannot due anything. Loss appropriately $21,000 Canadian.

John Oliver

1 Like

Hi @jooliver,

I understand your haste but please don’t post about the same issue in multiple forum threads. I moved two of your posts into this one.

Thank you!

2 posts were split to a new topic: All my tokens were stolen

Thanks for moving my responses. I am still in shock over losing my Crypto so quickly after changing cold wallet to the Trezor T. Nothing can be done of course but my seed words were not compromised by me that I know. I wonder how my hacker zoned in on a new wallet so quickly.

At the beginning of 2022, hardware hacker Joe Grand posted a YouTube video explaining how they hacked the Trezor Model One device containing about 2 million. They moved the PIN and key to RAM during the firmware update and installed unauthorized code on the device.

1 Like

Disturbing news @jooliver. It’s the first time I’ve heard of such a recent hack and I don’t know if it’s still a valid method or not, but as far as I can see this method requires that the hacker need physical access to the device. Typically someone who buy a device (new or used) and then sell it again as used after they’ve written their own code to the device. You should therefore never buy used hardware wallets like Trezor.

I think I’ll leave this to Developer @matejcik to answer further. I don’t know much about how Trezor works internally.

This is a year old news item, based on a security flaw in the Trezor One that was fixed in a firmware update five years ago.
Apart from requiring a Trezor One that has not been updated since early 2018, this hack requires taking the Trezor apart, soldering things to it, and generally having the skills of a pro hardware hacker.

It has absolutely nothing to do with the topic here, unfortunately.

2 Likes

What do you think may have happened here?
Thanks

1 Like

where did you buy the hardware wallet?
what model?
what firmware version?
who had physical access to the Trezor wallet?
where and how did you save the seed phrase yourself?

in my case it was firmware 2.5.3,
even after the update, bootloader 2.0.5 did not give me the opportunity to install the original firmware and made it possible for a hacker to steal my tokens.

approximately 3 feb 2023
approximately my loss was 33000$

The manufacturer could not make a secure wallet(

I find it extraordinary that Trezor when contacted about my unauthorized transactions first advice was, ‘get whatever is left in the cold wallet out’. Too late advice however also interesting is that Trezor did not ask for the transaction data, not their problem obviously. The more I visit the community the more cases of unauthorized transactions shows up. I bought the cold wallet from the Trezor site, the seal was intact when I received it, my seed words were not compromised, no one else had access to my physical device. It was hacked plain and simple yet Trezor continues to sell their product unchallenged. I guess $21,000 Canadian is small potatoes to them.

1 Like

@forgi

Hi @forgi you seem to be well informed. Do you have a view on this? worrying for the community to read this. Thank you

1 Like

we are not an authority that can investigate this, you need to contact the police.

The OP in this topic bought a counterfeit device from unauthorized seller, and in general only way for funds to be transferred is that the seed was compromised.

The hack posted above is years old and issue fixed.

Thanks for clarification

Looks like two different complaints here, no? Thanks

yes, they are two different ones, I mentioned both.

1 Like