Coins lost from Trezor


Zsofia Elek asked 1 year ago

I have a long time had not checked my trezor wallet, I checked it today, I found my wallet is 0 bitcoin in it, I have a considerable amount of bitcoin in my wallet from last year. I thought it is because I need to update the firmware, so I updated firmware. Horribly, I found my wallet was still 0 when I updated firmware. It is clear, one transition happened at 7:54pm on 9/09/2018, while I was in abroad. on that transition , all my bitcoin has been sent to one address. I googled that address, within one hour, there were another transitions from it, all my bitcoin has gone to different addresses. The most horrible thing is , My trezor device is in my home, nobody touch it and nobody know the password, the recovery seeds still in my real wallet, which I always keep it in my pocket, never been access by anyone.
Here is the address my bitcoin has sent to: 3KEK5rd4LtqV6UXipkLjnvADvXXJDdqj3x
And also I detect this wallet according to address: https://www.walletexplorer.com/wallet/2868982663dfdc38?from_address=3KEK5rd4LtqV6UXipkLjnvADvXXJDdqj3x
Now, what can I do, I desperately need help. any , help pls
Jian Yuan

1 Answers
Steven Hay answered 1 year ago

Hi Zsofia, thanks for sending in this question on Jian Yung’s behalf.
 
This is a very unfortunate situation. There is no way the coins can be recovered unless the thief can be identified, apprehended, and made to send the coins back.
 
To me there are three decreasingly likely possibilities:
 
1) I think the most likely possibility is that someone gained access to the recovery seed in your wallet. With this seed, it would be easy to drain the device, without needing any physical access to the Trezor. Perhaps over the course of your travels, someone had access to your wallet, perhaps during a security search at an airport or border crossing point? Perhaps someone was able to access the wallet while you were sleeping or otherwise occupied with something, and took a picture of the seed phrase?
 
2) Less likely is that while you were away, someone was able to access your Trezor. This seems unlikely as you say you had a password set. I’m not sure if you mean the device’s PIN or an additional custom password as well. Either way, the thief would have had to at least observe you entering the PIN somehow to be able to steal the funds. While it’s possible an additional password could have been spied out by a keylogger, the Trezor’s randomized PIN entry process is specifically designed to defeat such key or screen loggers. This leads me to conclude that the only way the thief could have gotten your PIN was by observing your entering it, either in person or by camera. You will have to consider whether such a thing was possible – perhaps somebody was in the room at some time when you used the Trezor?
 
3) The least likely is that the device was compromised when you first got it. If you bought the Trezor second-hand or from a reseller on a site other than the official Trezor site, then this is more likely. This type of theft has happened before – a Trezor is sent to someone with the private key already generated, meaning the sender has the seed phrase. Once the victim deposits funds to the device, the sender can simply transfer them to their own account. If you got the Trezor from the official Trezor site and the private key was generated by you during the initialization process, then it can only mean that the electronics of the device were compromised at the factory or en route to you. That seems extremely unlikely as the level of technical expertise involved is very, very high and not justified by the amount of BTC taken. In other words, thieves performing this type of side-channel attack would likely lose money relative to the type of reward they could get from employing such specialized technical skills honestly, unless they got very lucky.
 
Perhaps some of the above possibilities will lead you to discovering the thief? If there is someone you suspect, then perhaps hiring a private detective to investigate them would be the best chance of recovery. Unless you can obtain some evidence, I don’t think the police will be of much help.
 
Speaking of evidence, you may be able to find some evidence in the blockchain with the assistance of a blockchain analytics company or expert. It’s possible they may be able to link this account with the thief’s identity by analyzing their transactions and other addresses. Let me know if you want to try this approach and I’ll try to find some suitable options for you.

Bitcoin Video Crash Course 

Dummy-proof explainer videos enjoyed by over 100,000 students. One email a day for 7 days, short and educational, guaranteed.

We hate spam as much as you do. You can unsubscribe with one click.