::
1. No. Unofficial firmware has warnings during installation and during every boot of the device
2. No. Private keys are designed never to leave the device. Likely a malicious contract was signed
3. Malicious contract comes to mind, if the USDT was on ERC-20 token.
