I received a Trezor wallet as a gift in March 2021. My manager sent me around $250 USD worth of Bitcoin that same month. I didn’t touch my Trezor again until May 2021 and noticed all my Bitcoin was sent to another wallet in a transaction that I didn’t approve. I know that I will never see that money again, but I’m just putting this out there because there is obviously an issue here with the wallet’s security.
I tried handling this issue with customer support but was given the same two answers:
Either someone physically used my wallet, or
Someone got a hold of my recovery seed and made the transaction.
Here are the facts:
The Trezor shipped to my house with the security seals intact.
I setup the Trezor alone and stored it (and the recovery seed) in a safe that only I have access to.
The safe is hidden in my home and no one knows I even own a Trezor (let alone what it even is)
The unauthorized transaction happened April 05, 2021 around 2:30 AM EST.
The safe was closed in March 2021 and not opened until May 2021. I would have been alerted if opened at all in April.
I no longer use the Trezor because I feel it has been compromised and any additional funds can be stolen as well.
I tried handling this situation back in 2021 with Trezor customer service but I was not able to email them back and kept receiving an “undeliverable / email cannot be sent to this address” error message.
I confirm that those two scenarios mentioned are the only possible explanation since Trezor has never been hacked remotely.
Since nobody could get the physical access to your Trezor because it was locked in the safe as you stated, then phishing remains the only option.
Here is how this works:
Some malicious actors create an almost identical copy of Trezor Suite or Trezor Wallet site and register a seemingly familiar domain with some variant of “Trezor” in its name.
Then they pay Google ads to promote this domain with the fake site to get it amongst the top search results for “Trezor”.
After, a potential victim (you, in this case) arrives at this fake site, they are presented with some fabricated technical error message and prompted to enter their recovery seed to regain access to their accounts.
After entering the seed words into a prepared form, the seed is forwarded to scammers running the site who, at that point, gain access to all funds of the unfortunate victims falling into this trap and send the funds away.
The fake-site visitor is then typically redirected to our genuine site to minimize the confusion.
This is most likely how your coins got stolen.
Since your seed has already been compromised it is smart not to use that particular wallet.
However please note that you can still wipe the device and create new wallet with newly generated seed.
I was unaware scams like that existed so thank you for the heads up.
Unfortunately, as soon as I wrote down my recovery seed I stored it away and it has not been touched since I setup the wallet in March 2021. I have not entered the seed anywhere and have not even looked at the words since writing them down the initial time.
I was not very active back then in terms of crypto so when I received the wallet I set it up, gave my boss the address to receive funds, and then put it away for months.
I think that this is what happened to me. Lost 4 BTC w 2 unauthorized transactions.
I think that Trezor should really warned everybody in their main page about this type of scenario!
I’m still working w customer support so not all hope is lost…