Trezor One wallet emptied

I have been hodling for a couple years. I thought I was doing the right thing by using cold storage. I just logged in and my entire wallet was emptied. How could this happen? I live alone and no one knows where I keep my seed phrases. Also, my device is in a hiding place as well that no one knows. I can see the transaction and it looks like they then spread it out to 9 other accounts. I am sick. What can I do? How could someone have gotten into it?

Hi @ljstx,

I’m sorry to hear about your loss of funds.

  • Have you ever saved your Recovery seed electronically, either locally on your PC or online somewhere (Google disk, Dropbox, Lastpass or similar)?
  • If/when you transferred funds out of your wallet earlier, before the hack/scam, did you reuse earlier addresses or new ones? Search this forum for “poison” and see if you could’ve been a target for addressing poison attack.
  • Any further information you can give us, which may shed light on how this happened, such as which coin(s) was in your wallet, if you use a Standard wallet or a Hidden wallet with a Passphrase, which online exchange you’ve used, if any, or any other clues?
1 Like

Thanks for your help @Petosiris

  • Yes to electronically but embedded and hidden.

  • hmmm- let me look at that

  • I only sent to Coinbase twice, years ago. It was BTC. No passphrase. The wallets are hidden.


1 Like

OK, so I checked and the change address was the sender for each new transaction. So a different address each time.

I am curious if Trezor can tell if a seed phrase has been activated on a new device. I have never done it so if someone has, that would be a clue that I can provide to the FBI. Also, when you activate a new device with the seed phrase, can you still use your existing device as normal?

I answered the second question as I just ordered a new device and activated the recovery seed to see what happens. Weird that the wallet can be on multiple devices. I guess I thought it would shut the other one down. Also, on my original Trezor, the wallet was hidden but on the new Trezor, it shows as standard.

If the Send address was changed to another receiver then you were hacked in some way. To investigate this further you’d need to show us the addresses but don’t do it here in public. You could contact official Support to go further with this case.

No, that’s not possible. Neither can SatoshiLabs, which makes the Trezor device. Your Trezor device is just a key to get access to your funds in the blockchain(s). No funds are in your Trezor, even if it’s called a wallet. Think of your funds as a house and you have the key. If anyone acquires your Recovery seed somehow then they have the key too and can empty everything from your house.

It is possible to see if your funds in the blockchain(s) are gone. If so, it means those who hacked or scammed you has your Recovery seed and has used that to empty your Standard wallet. If so, you should never use that Recovery seed again and when you get your other Trezor device then don’t transfer any more funds to the same wallet with that old seed.

Sure, you then get two identical wallets, both keys to the same funds.

Sorry- I have read over this sentence 10x and it is not clear to me- " If the Send address was changed to another receiver then you were hacked in some way."
When I sent transaction previously, they were always sent from the change address of mine that received the consent funds, right? Same with this fraudulent transaction. It was sent from the leftover coins of mine that I didn’t send last time.
Or are you talking about something that I can’t even see and someone else would have to do it? I made a spreadsheet of the addresses and transactions like a big dork to help me keep it clear. It’s pretty difficult to sit and watch the stolen funds move around- grrrrrrrr.

Looks like software attacking on Trezor Suite output addresses used for sending the rest.

Are you used the latest version of firmware and suite when you make a transations?
Ideally, you should have a separate computer, like NUC especially for crypto wallets, where you will newer install and run pirated games and programs.

Hm… If your device was infected and scaned by stealer then it can easely record your seed, encrypt and send to hacker when the Internet will be available if you enter the seed on flash card, PC or other device.

that is how your seed got leaked, you should never enter the seed anywhere on the computer or online


Curious, what does “embedded and hidden” mean?

Are you willing to post the PUBLIC/RECEIVING address of your account? Would be interesting to see where the funds went.

FYI, the FBI is not going to do anything. Sure, open a case, but there will be no investigation. Might be able to write it off on taxes if the crypto was bought after 2017. The IRS got a law passed that exempts any lost crypto before 2017. Don’t quote me on the details, but I know it exists.

MOD- Don’t combine this with the other “lost funds” threads. They are all different. Create a category if you want to segregate it, but one thread is ridiculous.