My all tokens were stolen

Disturbing news @jooliver. It’s the first time I’ve heard of such a recent hack and I don’t know if it’s still a valid method or not, but as far as I can see this method requires that the hacker need physical access to the device. Typically someone who buy a device (new or used) and then sell it again as used after they’ve written their own code to the device. You should therefore never buy used hardware wallets like Trezor.

I think I’ll leave this to Developer @matejcik to answer further. I don’t know much about how Trezor works internally.

This is a year old news item, based on a security flaw in the Trezor One that was fixed in a firmware update five years ago.
Apart from requiring a Trezor One that has not been updated since early 2018, this hack requires taking the Trezor apart, soldering things to it, and generally having the skills of a pro hardware hacker.

It has absolutely nothing to do with the topic here, unfortunately.


What do you think may have happened here?

1 Like

where did you buy the hardware wallet?
what model?
what firmware version?
who had physical access to the Trezor wallet?
where and how did you save the seed phrase yourself?

in my case it was firmware 2.5.3,
even after the update, bootloader 2.0.5 did not give me the opportunity to install the original firmware and made it possible for a hacker to steal my tokens.

approximately 3 feb 2023
approximately my loss was 33000$

The manufacturer could not make a secure wallet(

I find it extraordinary that Trezor when contacted about my unauthorized transactions first advice was, ‘get whatever is left in the cold wallet out’. Too late advice however also interesting is that Trezor did not ask for the transaction data, not their problem obviously. The more I visit the community the more cases of unauthorized transactions shows up. I bought the cold wallet from the Trezor site, the seal was intact when I received it, my seed words were not compromised, no one else had access to my physical device. It was hacked plain and simple yet Trezor continues to sell their product unchallenged. I guess $21,000 Canadian is small potatoes to them.


Hi @forgi you seem to be well informed. Do you have a view on this? worrying for the community to read this. Thank you

we are not an authority that can investigate this, you need to contact the police.

The OP in this topic bought a counterfeit device from unauthorized seller, and in general only way for funds to be transferred is that the seed was compromised.

The hack posted above is years old and issue fixed.

Thanks for clarification

Looks like two different complaints here, no? Thanks

yes, they are two different ones, I mentioned both.

1 Like

Not true I bought the device from Trezor’s authorized site. The device was sealed when it arrived. I would imagine this thief is very familiar with Trezor code.

@jooliver I was referring to the first post in this topic, not yours. You posted in an topic that is not related.

So is there a view on the causes of the above complaint? Than you

Lots of people watching both threads and likely to need reassurance. A view would be appreciated. Thanks

1 Like

@Soprano What exactly is your question?

Since each transaction must be signed by using private keys of the respective address and considering the fact that Trezor has never been hacked remotely and it’s designed not to reveal private keys (essential for creating a transaction) to anyone, not even to you even if it’s needed (this statement can be verified and audited by anyone since our device is fully open-sourced), there basically 2 scenarios of what can happen:

  1. Either some 3rd person used your Trezor physically for confirming the transaction

  2. Your private keys (represented by your recovery seed) were compromised and the attacker used them to sign the transaction. This is possible since you can recover your wallet including your private keys by performing a recovery with a compatible wallet.

The rest I answered in previous posts.

As for the original question in this topic see here: Stay safe shopping for hardware wallets | by SatoshiLabs | Trezor Blog



I was trying to understand what had happened to Jooliver who seems to be suggesting that he was hacked remotely.

I just logged in to the suite and realized that there has been 2 unauthorized transactions. Balance is now $0.
Bought device from Trezor’s site
Seal was intact.
Have not share my seed w anyone.
Trezor is store at home.
I need help!

Then open a support ticket, please.