Nostr Web Client

learned today that my old Trezor (circa 2014) has had its seed compromised. Haven't used it in a while but spun it up today to see if I could use it in a multisig.

I sent a test transaction and it was immediately swept to the OKX exchange once it confirmed (saw it via mempool dot space).

Luckily it was only a small amount (test transactions are vital folks), but I sincerely have no idea how this happened. Always had a passphrase.

The only thing I can think of is perhaps a malicious Trezor Suite at some point?

Reply to this note

Please Login to reply.

Discussion

Bitter21 1y ago

wow

Trey Walsh 1y ago

Yikes, yeah that’s gotta be the culprit

2868960b... 1y ago

I think you would also have had to have loaded compromised firmware.

Maybe you entered the seed phrase from the Trezor into a hot wallet some time in the last 10 years? Eg to double check it was empty.

Yaël 1y ago

I've had this seed for 10 years now, so I may have entered it elsewhere, but I just don't remember.

The firmware issue is a bit frightening. I usually always verify downloads via gpg, but I believe early on, you couldn't do that with Trezor (back when I had Windows).

SatoshiLabs is a great company and Trezor is a great product. Unfortunately, because it's so popular, there are likely tons of fake suite .exe's out there that have likely snagged a few people...

I remember in the older versions, you had to enter the seed. Maybe this even happened years ago?

I haven't used this one in at least 6+ years so that could make sense.

Yaël 1y ago

I sent another test transaction (relax, 1000 sats) just to see how quickly it will be swept again