pull down to refresh

0 sats \ 1 reply \ @psitadel OP 15 Apr \ parent \ on: It's @DecrimNat, AMA on Psychedelics & Bitcoin AMA
Yes, it was an old Trezor hardware wallet that was compromised. Luckily it was divided into three wallets, legacy, segwit, and taproot, and the active taproot wallet I was withdrawing from was drained in two txs. I was able to move the other wallets by shear luck of a softfork firewall.
I am not a coder or a bitcoin developer, so I am still unsure how it was compromised but I believe that it was possibly due to using an address twice? Anybody that can enlighten me on this is welcome so we do not repeat the mistake.
write
preview
this territory is moderated
0 sats \ 0 replies \ @utxoclub 16 Apr
Thanks for the info!
Did you perhaps buy a trezor from a 3rd party? There have been fake ones going around.
Or maybe more likely, perhaps your computer was infected with malware that: i) Sent a malicious signing request instead of the transaction you were intending to sign. ii) When you copied the address, clipboard malware replaced it with the attackers address, so when you pasted it in, the money is destined for them - this happened to a friend of mine :(.
Reusing addresses will not cause a disaster like this, and trezor would(/should) prevent secret leaking (via nonce reuse attacks).
reply