::
Three things to understand….
* Blockchain – What chain you are on, ETH, BNB, Poly, etc
* Derivation – Which account your on / ETH / BNB address
* Authorization – Whether or not you’ve accepted / signed an authorization
IFF you’ve signed an authorization, that will only authorize funds on that account / derivation, on that particular chain. BUT, once authorized, they can drain that particular account on that particular chain any time they want, until you revoke the authorization.
BTW, wrapped coins or tokens that show up on whatever account / derivation on whichever specific chain are also available to be drained for a drainer authorized on that specific account on that specific chain.
Authorizations for accounts secured by Trezor can not happen without your Trezor screen prompting for a confirmation, and you mashing the screen / button on the Trezor device.
BTW… there are ways (Rabby) to view the raw TXN before it is sent to Trezor. That TXN can be decoded and examined for malicious code. It’s just complicated enough that few would ever really endeavor to do it.
Here’s a Ledger user (u/Avanchnzel) that does this very process regularly. It should be straightforward to do this on Trezor as well
^(https://www.reddit.com/r/ledgerwallet/comments/18id148/comment/kde0nld/)