securce seed & split into 2 pieces (if using pass phrase seed & phrase split) bookmark address (but always get it from the receive tab)
buy a second HW wallet for 3rd part apps( serpent seed to keep 1st seed safe from being drained) setup in TS first send tiny amount of funds cross check address & balance
once 1st HW is set up check wallets with https://revoke.cash/(just to make sure no draining can happen)
and you only deposit into HW 1 addresses from with TS
when you want to withdraw and do have a separate solan wallet send out$0.50(READ YOUR HW SCREEN)you could have a fake app which could send all the funds out of the wallet i call this âCLICK OF DEATHâ https://www.youtube.com/watch?v=gwLyvZR1KCI
I also lost all funds in Trezor/Exodus just last week. I have owned the Model T for 3 years now, it has only been out of the safe a handful of times. Seed phrase was also only written down on a piece of paper, and has remained in the safe. No pictures were taken, no files were saved with any information. I also have been in IT since the 80âs and something is not right here. There is absolutely no way I released the seed phrase. I have never entered it into anywhere, other than Exodus when I set it up a couple of years ago. I have rebuilt my laptop a few times in between, but always setup Exodus from their site, and no other place. I have racked my brain for DAYS trying to understand this. The only thing I can come up with is hardware hacked before I received it, which was from the official Trezor store on Amazon. I am examining the physical device very carefully. I need to get a magnifying glass on it, but with my eyes, I almost think I can see indications of the case being apart. I donât dare open it up myself at this stage. When I received it, everything looked legit.
Has anyone ever run Wireshark, either on network OR USBPcap? Iâd like to compare my results with a known good device.
Sorry, no that is not what I meant. I was a bit flustered as I wrote. I meant I only entered the Exodus seedphrase into Exodus with a fresh laptop and fresh Exodus. I have never entered the Trezor seedphrase ANYWHERE, other than once onto the piece of paper, and then into the safe it went. I did a lot of research before jumping into crypto and understanding the security steps that were crucial to keeping it safe. Being in tech and actually programming for decades, I am convinced there is something bigger going on here. The fact that there are apparently MANY others with similar stories tells me there is more to the story.
Thatâs probably not gonna help. The fakes that we have seen in the past have been speaking the Trezor protocol, the problem is that they use one of ~10 pre-defined seed phrases known to the attacker.
âŚof course, itâs also possible that the Trezor rejected the first-time firmware installation, let you set up a wallet with the predefined seed, and then allowed you to overwrite the firmware with the official one. That way youâre still using a compromised seed but you canât detect tampering unless you physically inspect the device.
No.
The easiest way to make a fake Trezor is to buy a legitimate Trezor, carefully cut it open, replace the main chip with the same type and glue it back up.
On the chip, you install a firmware from the official sources, and make small modifications to (1) remove the red âunsafe do not useâ screen and (2) instead of generating the seed, give out a prebuilt one.
Thatâs just one way to build a fake, but itâs the easiest.
With a device like that, everything else still works. So for example, if you restore seed from elsewhere, the fake will not send it out, it will use it as normal.
Also, unless you make a separate modification, itâs gonna be possible to install an official firmware. The official firmware will overwrite the bootloader and the fake firmware, enable all the usual protections that prevent âhackingâ the chip, and from that point on the Trezor will be almost as secure as the original.
(the boardloader is still the bad one, so the attacker could come to your house and reinstall the fake firmware â but not without erasing the seed currently on the Trezor).
More advanced fakes could exist that generate and then exfiltrate the seed, either in cooperation with malware on your PC, or, I dunno, embed a wireless modem into the enclosure. But thatâs significantly more work, and there are no reported cases of devices this advanced, as of yet.
I do believe your scenario of making a fake Trezor is what happened to me. I think I see physical signs of tampering on the case edge. I am searching my memory as it has been 3 years, but I donât think I recall seeing an âunsafe do not useâ screen. Not that I recall!
Current firmware version is 2.6.4, which Suite says is current. I am downloading all the tools to run the test you have mentioned.
C:\Users\Owner\Downloads>trezorctl fw get-hash 8537021E02ACDB00
Please enter PIN on your Trezor device.
10c504aae6ae84c55ca7a937abde15a95df1780a4f65ec9e6c77ceb63e756ad4
Itâs not. The value starting with 10c504... is correct. Not sure why your firmware_hash.py gave the result that you got â are you sure you downloaded the binary file, as opposed to the html page for it?
This means, at minimum, that the firmware currently running on your Trezor is legit. (the hash check is not a 100% thing, but it would take a very determined attacker to subvert it)
You are correct - I looked at the length of the hash and figured something must be wrong with the bin I downloaded. I re-downloaded using âtrezorctl fw downloadâ and now I get the same hash.
So - it is still possible though, as you explained earlier, that it allowed me to download/install the updated firmware, yet behind the scenes still hold the compromised seed.
I still believe this to be the case. But how do I prove it? I will upload pictures of the unit, once I get a magnifying glass on it.
Thank you so much for helping with this, I truly appreciate it.