I had purchased Trezor One on marketplace and since I got it not from official shop, I extra cautiously made sure packaging and seal is fine, then I installed firmware (as shown on thezor display) with suite from trezor-io-start and set up a wallet from first attempt and used it for a month. It is out of the question that seed phrase was not seen by anyone.
Wallet worked just fine until I noticed outgoing tx from my wallet. https://etherscan.io/tx/0x044455690e5194285f60a60e263566c4348096e5ce78e1d863e1950c60e1877f
interesting detail that gas limit set to 25000, instead of 21000, leaving me with $2 kek. Then I found that my BTC was also lost:
Is it possible that seller pre-generated seed and when I set trezor up I got keys that hacker already knew?
Some additional info
Time difference of ~5 min between two txs does not help to conclude which address was drained first.
At the time of attack (and before) trezor was with me.
Also while inspecting package after the hack I noticed that the box cannot be opened through the top without tearing paper up (glue is strong), but when I opened it for the first time from bottom, it opened easy without damage to paper (glue was apparently weak). Besides, is I said before, holographic seals seemed untouched.
I don’t know how you were hacked.
But I think you shouldn’t do what I did when I got the equipment.
After installing the firmware, I create a wallet and record the seed phrase
I wip trezor, recreate the wallet, record the new seed phrase
I wip trezor again, recreate the wallet, record the seed phrase
wip trezor, use the third seed phrase to restore the wallet.
Three sets of seed phrase words are produced each time. I feel that it should not be the kind of dangerous equipment that has been assigned seed phrase words.
I got the same problem on 10/28/2021.
my BTC is gone
Hope the manufacture can notice of that and take some security action to stop the incident going on for losing confident to use Trezor to storage the coins
On December 9 I did a transfer of 0.0018579 BTC from my Trezor to a DEX BISQ Wallet, I have this transaction registered in my Trezor Suite. By the way, I always use the Suite.
The balance in my Trezor shows, until today, the right BTC quantity, however, I had 0.16 BTC from one of my wallets in the Trezor transferred for an unknown wallet, in the same block of the Bisq transfer described above. The unknown transaction was made WITHOUT MY ACKNOWLEDGMENT. Besides, I don’t have this transaction registered in my Trezor.
Details:
I bought my Trezor T on Amazon on May 21, 2021, from SatoshiLabs - Order 114-8238880-4664208
I backup my seeds on paper ONLY and it be safe in my safe box.
I only use Trezor SUITE on my Macbook.
I ask for @Satoshilabs. How this is possible? I wasn’t asked to make the Hack transaction in my Trezor. I still with the correct balance in my Trezor. I don’t have the hack transaction on my Trezor Suite and it’s just impossible for a hacker had been accessed to my seeds on paper.
I need to know what happened with the security hard wallet.
It’s called a “change address” and that other address is, weirdly enough, also part of your Trezor account.
I’d love to link you to a learning resource, but can’t find one right now – Trezor’s wiki page about change addresses is currently broken.
Maybe some other forum user can help out?
@wteixeira1969 This is a “Change Address” situation, which means in bitcoin terminology that bitcoins were sent but not completely spent from the specific address.
Let’s demonstrate it in an example, you visit a store and want to buy some goods for 2 EUR. In your wallet is only a 5 Euro note, so you give the seller the 5 Euro note and he will return you 3 Euros in some coins (change). It is similar with Bitcoin.
The address is not visible in Trezor wallet because we want to keep the simplicity of our product, but the balance is correct.
My seeds is in my safe box on paper. anyone had accessed my trezor. The unknown address who receive my BTC is not in trezor. I not confirm the transaction in my trezor.
Unfortunately, the other possibility is my trezor was hacked! and for me is a very deception because I bought a hardware walet to avoid this one.
I’ll send my case for some YouTubers for alert others about this security fail on trezor.
yes, standard transaction with change address not a hack, you confirmed that your balance is correct. You cannot see the address because it is an advanced thing.
OK but, How can I follow my portfolio if I can have the address in my wallet? I use CoinStats. I can put the new address in CoinStats but this is not right if I can see the address in Trezor.
