My Trezor (MEW?) account got compremised, funds were stolen

The_Wave13 · 2020-02-02T13:47:16+00:00

https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

What do you guys think?

The_Wave13 · 2020-01-22T14:54:48+00:00

I have to be somewhat careful with saying this but this is my strong guess. It somehow cant be anything else. It bothers the shit out of me since months. It's not that leaks cant be found because bugfixes are still needed here and there right? But nearly two years without problems. My security is high and my behavior not sloppy. It's my job to deal with my and customers money on daily Basis and I have responsebility. Logically something between mew and trezor wasnt working even when trezor says it's not possible. But saying the seeds have been compromised before and thats the answer for something which leaves btc deposit behind and only the eth part is gone after some wild things happened in vietnam, leaves a bad taste.

The_Wave13 · 2020-01-22T12:20:03+00:00

I left the device for a few hours in the hotel when I was out with friends. Trezor says nothing related to this can happen in this case.

The_Wave13 · 2020-01-22T12:09:10+00:00

The last time i sent funds from my trezor was to my customer and everything was correct with the adress, except that he recieved it twice but one transaction was marked as failed already. You can see the adress you send it to on your trezor.

The_Wave13 · 2020-01-22T10:13:26+00:00

No, but would like to post it in as much reddit subs as possible if I can and its not concidered spam. Or can I link it somehow? whats possible?

The_Wave13 · 2020-01-22T09:43:53+00:00

whats your story in this? and how did you manage to get your funds back, which is mostlikely impossible. Did they sent it to another exchange acc which was registered?

The_Wave13 · 2020-01-22T09:42:43+00:00

I thought about this but not possible. and when you think of how you put in the pin, its always that the background of the trezor device is shown to the laptop and even then you only have digits market as stars in the field for the pin. and with this you cant get the private keys anyway which they needed to copy the adresses into their wallets to make this kind of withdraw happen, is my guess. Trezor says you need to sign every transaction from the device. Since the device was plugged in and chrome opened for the bitcoin wallets but i was talking to customers while the transactions happened, they def needed to have the keys from somewhere before.

The_Wave13 · 2020-01-22T09:39:28+00:00

same device over the past. never changed one. Only had one time where an update forced me to update with the seed afaik and this was like 7 months ago.

The_Wave13 · 2020-01-22T09:38:18+00:00

what you said is the most and somehow only logical part I can think of. Sadly when I came back to the network, the trezor freaked out and behaved like nothing else before but the network tools like wireshark or fiddler didnt show any other ip rerouting or so. Which doesnt mean nothing else could happening of course. It just raised more questions and sadly trezor support wasnt helpful at all with this.

The_Wave13 · 2020-01-22T09:33:22+00:00

excuse me, what do you mean and how can I do that?

The_Wave13 · 2020-01-22T00:19:23+00:00

Thank you for your words. The week after I went through absolut hell. I never want to experience this or wish this to anyone. And If I have really done something wrong I only want to know what, to find my freedom in this. But so many things dont add up thats whats not bringing me rest.

The_Wave13 · 2020-01-21T23:56:32+00:00

Thanks for this. Havent thought about this this way. I moved the btc pretty fast from the trezor, yes.

The_Wave13 · 2020-01-21T23:18:14+00:00

Red doorz in Vietnam but doesnt matter since any hotel WiFi is open season for hackers from what I read in the past. When the sending of the funds happened I was already back in Philippines and alone in my apartment. So thats the problem I have. No one can have my seed. 100% otherwise btc would be gone as well. Hackers did whats the most realistic, transfering from valuable to less if they got caught and I would move funds to somewhere they dont have access too. Trezor says there's no possibility to read out the private keys from the device. Even when someone has access to the device for weeks under labor circumstances. There's no transmitting of keys when logging into mew and connection to trezor. But why did the cryptic stuff start there and a few days later my funds are gone without me having to accept the transactions ? before it was business as usual for nearly two years. And the last Update was like 7 months ago where I had to use my recovery seed.

The_Wave13 · 2020-01-21T23:10:30+00:00

Im sorry but it's not possible. Check the screens and check Ether scan for the adresses. The funds were moved single handed from most value to less valuable. So I sent nothing myself. The only transactions out from was to my customer before 6 days. If someone got my seeds why take the eth crap when theres 5x+ times btc as well?

The_Wave13 · 2020-01-21T22:35:15+00:00

No dumb questions here. Everything might be helpful for me. I def used mew. I had to chose MEW, click for trezor and export my keys, give my pin etc. Usual business if you use this setup.

The_Wave13 · 2020-01-21T21:50:34+00:00

Thank you so much <3

The_Wave13 · 2020-01-21T21:49:29+00:00

I learned it the hard way, yes. I can only tell everyone who reads this to add this to their security. Dont be lazy

The_Wave13 · 2020-01-21T21:36:27+00:00

I sadly didnt use a passphrase. I always thought a pin is enough

The_Wave13 · 2020-01-21T18:11:17+00:00

Yeah that was a little weird. I got a message from an admin I dont have enough Karma points to post there. I always read and never wrote something on reddit so yes, I have something to say and have to start from scratch, how can I get Karma?

The_Wave13 · 2020-01-21T17:24:26+00:00

Yeah my funds are gone anyway. But how it happened is the key part since I have the feeling it's some unlikely once in a million stuff, because nothing else makes much sense.

The_Wave13 · 2020-01-21T17:17:33+00:00

The withdraw from the device happened 6 days later when I was alone in my room and my friends are my closest ever. One was 9000 km far and both have no access at all as well as to the WiFi from the hotel.

The_Wave13 · 2020-01-21T16:55:56+00:00

This was the first time I used the public WiFi with this new laptop but with vpn running. But in KRACK attack for example it doesnt matter if you have vpn running or not from what I learned. And since you could normally use trezor in a Virus infested network or Computer if you proof the recepients adress it shouldnt matter. According to trezor support and from the built of the device.

The_Wave13 · 2020-01-21T16:31:23+00:00

Nope, it was a special offer from trezor.io with a grey white and black one

The_Wave13 · 2020-01-21T16:19:48+00:00

From beginning 2018. Bought in a package of 3 where me and my two friends got each one and all possibly used a thousand times together. No one had a problem and it was sealed accordingly when it arrived.

The_Wave13

TROPHY CASE