Fehlt in der Brieftasche
- Dieses Thema hat 12 Antworten sowie 2 Teilnehmer und wurde zuletzt vor vor 2 Jahren, 10 Monaten von
aktualisiert.
-
Beiträge
-
-
Ich bin beileibe kein Experte für Kryptowährungen, aber ich hatte 0,30 BTC in einer Trezor 1-Wallet in meinem Safe. Der Seed war auch in meinem Safe, nirgendwo sonst. Das letzte Mal war ich im Juni 2021 dort. Wie auch immer, ich beantragte einen Kredit und sie wollten einen Ausdruck meines Krypto-Saldos, also schloss ich die Trezor an den Computer an, rief mein Konto auf und BOOM, 0 $ Saldo, mit einer Transaktion, die am 11. November 2021 stattfand und alle meine BTC von meinem Konto an eine zufällige Adresse transferierte.
Frage: Wie kann das passieren? Niemand war in meinem Haus, niemand war in meinem Safe. Die Trezor war mit nichts verbunden, und sie ist weg.
Bitte helfen Sie mir, ich fürchte, dass ich sie nicht zurückbekomme, aber ich habe das Vertrauen in die Sicherheit völlig verloren, wenn sie irgendwie auf diese Weise entwendet werden kann.
Ich habe mir die Transaktion auf [blockchain.com](https://blockchain.com/) aufgerufen und verstehe es nicht wirklich, da es viel mehr Transaktionen gab als nur meine. Für jede Hilfe wäre ich dankbar.
-
So you didn’t use the oppurtunity to make it even more safe to create a hidden wallet using a passphrase? Ot maybe even multiple.walleta? So all using the same trezor?
That way, even when the recovery seed would have been compromised, also the passphrase(s) would be required to get to any funds.
The trezor gui states this clearly as one one the things to further emhance the security. The pin is only to secure the trezor itself as any recovery into another wallet supporting bip39 seeds, would not require the pin. However if a passphrase is also used, that would make it more secure.
Undoing anything is not possible, however ypu’d have to retrace your steps to find out where you might have gone wrong?
Do you for example use another wallet like metamask to be able to support coins not directly supported by the trezor?
Or did you make a photo/screenshot of the seed during initial trezor setup on your pc for safekeeping before putting it in the safe?
Another attack vector is highjacking your clipboard, changing it into another address, whenever trying to send coins. That seems not the case here.
By the looks of it it seems ypur seed is compromised, unless you confirm alao having linked your yrezor to something else (which would normally require your trezor to confirm transfers). However if you entered your seed into something you shouldn’t have, then that’s what went wrong?
So what do you – in hindsight – consider the likely cause?
Assuming the trezor was empty to begin with when purchased and you installed the firmware yourself and created the wallet on it and wrote down the seed all by yourself?
And do not listen to any DM’s. All scammers.
-
-
If you set it up seven years ago, a remote chance is that computer was compromised back then. (somewhat unlikely – a lot less bitcoin key grabbing malware was around then).
However, the TX you referred to seems to have begun around November 11th 2021?
So… chances are that close to that date, the key was compromised. What happened around that time?
If your firmware was 7 years old, chances are that it was susceptible to various seed exposure attacks. So when updating your Trezor (or using it in its old state) on a compromised machine, it *might* have been when it was cracked.
-
Sorry about this.
I guess if there is a lesson here, is that a strong passphrase should always be used and stored offline separately from where you store your seed phrase. It might not help in every single „hacking“ scenario out there, but it does offer an additional protection.
—
I think we have 3 scenarios here:
1. Hacked device.
I think this is the least likely scenario in general.
I keep reading about people recommending to only buy on Trezor’s shop, which is weird anyway considering [Trezor itself says that it’s fine to buy the device on Satoshi’s lab shop on Amazon](https://wiki.trezor.io/FAQ:Ordering_and_shipping#Where_can_I_buy_a_Trezor_wallet.3F), and also lists other resellers. But anyway, the point I’m trying to make, is that it’s theoretically possible that your device had a dodgy firmware and was only going to generate a few predetermined seed phrases, instead of a random seed phrase. In this case all an attacker should do is check (manually or with some automation) those predetermined seeds and swipe away the coins.
A [strong passphrase](https://wiki.trezor.io/Passphrase) would neutralize this attack even if a seed was compromised. Bruteforcing a strong passphrase with the computing power currently available is a waste of money.
An attacker would need to know your passphrase in order to steal your coins. He would need to use some kind of keylogger.
The nightmare scenario would be if the hacked Trezor was also able to install some kind of keylogger when plugged into your PC. I’m not technically savvy enough to understand if this is doable, but it does seem quite complicated, with the attacker not necessarily knowing which kind of device/OS the victim is using.
2) Online attack
I believe this is the most common scenario.
Some kind of error is made by a Trezor user. Typing his seed phrase with his keyboard (instead of interacting with the device directly) in a fake website or on a compromised (keylogged) device.
Once you make the capital mistake of typing your seed phrase directly on your keyboard on a compromised device or on a compromised website, then even a passphrase most likely is not going to protect you, cause you’re probably going to type that one as well.
Another mistake could be storing a seed phrase online in a compromised cloud storing account. In this case a passphrase could still save the user, unless he also stored the passphrase online in a compromised account.
3) Physical attack
This is probably another common scenario.
We all believe the seed phrase is stored safely until it isn’t. There was recently a similar thread [with a user storing seed phrase and passphrase in a safe](https://www.reddit.com/r/TREZOR/comments/rmowh8/trezor_one_hacked/). Apparently though some cleaning stuff had access to the contents of the safe.
Storing seed phrase and passphrase separately would have prevented this issue.
-
-
-
That is painfull, I feel for you. I am getting real aggravated w/ these hackers.
**“No picture, only time I typed the seed on the computer was connecting trezor to trezor suite“.**
I am not sure, I understand this sentence. Are you referencing to when you generated the seedphrase on the Trezor One? Or?
If not, „keylogging“ might be at play.
-
Assume you did everything correctly, and no seed leaked, because it’s quite strange that they stole your btc after such long time, like from March to November, if they would have your seed earlier they would steal it right away. My quite different look on that matter would be if seed is really that safe as it should be. Assume someone generated almost exact the same seed but put one different word and got your wallet instead of his, so he had access to your wallet. This randomness if still it’s very big number is not infinite, so maybe possible to just do such thing, like generate almost similar seed and then someone lucky typed wrong one word. But for now, no one believes in such things.
-
-
Hardware wallets are said to be safer than keeping your crypto on an exchange. But is that really the case? Threads like this one and others make me wonder. Maybe its safer to keep your cryto on [Crypto.com](https://Crypto.com), Gemeni or Coinbase.
-
-
OP, if you don’t generally delete your browsing history you could do a search for ‚Trezor‘ and see what comes up, you mentioned that you inputted your seed into Trezor Suite via the keyboard which from what I understand is not something you should ever do, if it was from a phishing site, then it would still be present in your history?
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.