Trezor hacked remotely after month since initiation

I had purchased Trezor One on marketplace and since I got it not from official shop, I extra cautiously made sure packaging and seal is fine, then I installed firmware (as shown on thezor display) with suite from trezor-io-start and set up a wallet from first attempt and used it for a month. It is out of the question that seed phrase was not seen by anyone.
Wallet worked just fine until I noticed outgoing tx from my wallet.
https://etherscan.io/tx/0x044455690e5194285f60a60e263566c4348096e5ce78e1d863e1950c60e1877f
interesting detail that gas limit set to 25000, instead of 21000, leaving me with $2 kek. Then I found that my BTC was also lost:
https://btc3.trezor.io/tx/b45909fb8d1a83471dc22f28a81ec373a735b6b0ac0e228c44e467dceb01c76d
Is it possible that seller pre-generated seed and when I set trezor up I got keys that hacker already knew?

Some additional info
Time difference of ~5 min between two txs does not help to conclude which address was drained first.
At the time of attack (and before) trezor was with me.
Also while inspecting package after the hack I noticed that the box cannot be opened through the top without tearing paper up (glue is strong), but when I opened it for the first time from bottom, it opened easy without damage to paper (glue was apparently weak). Besides, is I said before, holographic seals seemed untouched.

Finally, I’d like to ask, how was I hacked?

I don’t know how you were hacked.
But I think you shouldn’t do what I did when I got the equipment.

  1. After installing the firmware, I create a wallet and record the seed phrase
  2. I wip trezor, recreate the wallet, record the new seed phrase
  3. I wip trezor again, recreate the wallet, record the seed phrase
  4. wip trezor, use the third seed phrase to restore the wallet.
    Three sets of seed phrase words are produced each time. I feel that it should not be the kind of dangerous equipment that has been assigned seed phrase words.

I got the same problem on 10/28/2021.
my BTC is gone
Hope the manufacture can notice of that and take some security action to stop the incident going on for losing confident to use Trezor to storage the coins