I had purchased Trezor One on marketplace and since I got it not from official shop, I extra cautiously made sure packaging and seal is fine, then I installed firmware (as shown on thezor display) with suite from trezor-io-start and set up a wallet from first attempt and used it for a month. It is out of the question that seed phrase was not seen by anyone.
Wallet worked just fine until I noticed outgoing tx from my wallet.
interesting detail that gas limit set to 25000, instead of 21000, leaving me with $2 kek. Then I found that my BTC was also lost:
Is it possible that seller pre-generated seed and when I set trezor up I got keys that hacker already knew?
Some additional info
Time difference of ~5 min between two txs does not help to conclude which address was drained first.
At the time of attack (and before) trezor was with me.
Also while inspecting package after the hack I noticed that the box cannot be opened through the top without tearing paper up (glue is strong), but when I opened it for the first time from bottom, it opened easy without damage to paper (glue was apparently weak). Besides, is I said before, holographic seals seemed untouched.
Finally, I’d like to ask, how was I hacked?