Hello ladies and gentleman,
I hope you can help me out somehow. I put it in bitcoin as well despite its ethereum but its about trezor and the btc part is involved. In mid september all my ethereum and ethereum based stuff was cleared from my MEW accounts for roughly 38k USD. Trezor couldnt help me at all and we went through all the topics and questions they had which lead to nothing exept an basic answer “your seeds got compromised in the past“, which doesn’t make any sense and I will explain why.
Lets say, Im a person with some basic tech knowledge and worked as admin and I use common sense to handle my crypto stuff which is part of my business and daily task since 2 years.I check all things again before sending. Adress, amount etc and never had any problems before.I never was on a fake page where I had to give my seed or passphrases inI dont open spam mails nor use my new laptop for something else then work, like visiting porn sites or shady stuff or use cracks etc. I didnt even found a malitous cookie after checking everything. The laptop I used was 3 months old and set up on my own with windows, firwall, antivir and anti malware stuff. Things I am doing form me and my friends since year 2000. No cracks used for programms, everything legal. I use a trezor one since then which is updated accordingly when the tool or page prompts me. I used to use chrome as my default browser (which i learned, over the past months trying to figure out what might have happened, is one oft the worst browsers).
No one has my seedsno one knows my pin to entert the trezorI dont store any of this information onlineI dont know my private keys from trezor
So what happened was that september 9 in the evening, a few hours after I sent some usdt deposit to my adress, I want to check if everything is there, login to my MEW account (online, not offline and url was correct. no addon used, just the shortcut in my browser which i safed there and always used and later checked i fit was linked to something else which wasnt), and the account was empty. Three ethereum adresses where i stored some coins, eth and usdt.
I realised that every transaction below happened while i was standing infront of my laptop (checked time happening), trezor connected cause i did some btc transaction before and chatted to customers on different chat tools like telegram or skype. Obvsly without signing any transaction at all everything was sent to other adresses. It seemed someone got the keys to those adresses before. Now, I dont even know my private keys to those adresses which are stored in trezor right? I wasnt logged into MEW before this incident for about 1.5 days. The btc part on my trezor is MUCH more valuable, but still there. After trezor couldnt help me about what happened and MEW treated me like the standard idiot who gets highjacked and then wonders why his money is gone, I went trough so many possibilities. For the most time I thought some kind of KRACK attack happened.
The only problem is trezor says they dont extract the private keys. Some gurus in this topic ( i read on reddit here) say its possible to get them from the network. Even parts are enough to encrypt the whole key after a while which would underline the timeline that it took 6 days from working in this hotel and having the unusual situation with the sending (down explained) till the accs got cleared.
The hotel incident happened the week before my accounts got cleared. I was visitting friends and coworking agents in Vietnam and stayed in a red doorz hotel in Ho Chi Minh. Using the Hotel Wifi and a nvpn.net VPN I sent some usdt funds via MEW to a befriended customer and something very stranged happened, which I never had before.I sent 4k usdt to a customer and the transaction took 13 min working working working and then failed. I’ve never had something like that. We thought it might be because of eth network or so but we never had that before, me and him sending a lot transactions every day.
Then i copied all details in again and send another 4k and somehow he recieved both!
check the screen. The one transaction processed nearly 13 min then failed. 2min later i sent a new one and without any evidence in this screen he recieved both.
https://s19.directupload.net/images/200121/27e8uyd3.jpg
later
https://s19.directupload.net/images/200121/3todak3u.png
So he sent me back the additional 4k and I shut down everything not thinking about this much anymore. Only when the accounts got cleared I was searching for any unusual happenings which could have let to this because pretty much all other “typical“ mistakes people normally do we could exclude. If somehow my seeds got compromised why only the ETH stuff? The btc parts on the trezor had much much more value. I never searched for trezor page on the web and used a link to access my wallets or to do updates. I always used the trezor bridge and made a shortcut to my wallet in my browser. For MEW i always used the same shortcut in my browser which worked pretty fine for the past years an everytime when setting the browser or pc new i checked it all before.
Because of the unusual thing which happened in Vietnam I flew back there (from philippines) prepared with tools and checking because I couldnt let go and I didnt find any other plausible cause. I even got back my old room. In this hotel there are three hotel wifi network and I remeber 100% that I used the 2nd one before cause it had the strongest signal. Anyway. I switched on wireshark and later on Fiddler, repeated all steps I used to do before. Checking if some rerouting, dns poisening or readressing or so is happening. Nothing unusual happened in the first when entering MEW (I sent some bait funds there).
In the 2nd network I used in september the trezor basically totally freaked out. He didnt let me enter MEW, I had to reenter my pin up to 5 times sometimes, It gave me error messages in MEW or it took 30 fucking seconds to enter it. Trezor writes about this:
“When you enter an invalid PIN a few times, the Trezor adds a forced waiting time between attempts.You can see this feature on the photo where the Trezor is making you wait for 15 seconds before another attempt.This countdown is then multiplied by the factor of two until you reach the 16th invalid PIN entry. After that, the device automatically wipes its memory - deleting all data from it.
The behavior of your Trezor at MEW is undoubtedly not standard or in any form pleasantly functional. Nevertheless, it also isn't anything superbly unusual or unexpected, taking poor internet connection into account.“
The thing is, the pin is 6 digits but pretty basic and I never ever entered it wrong. And I used the strongest wifi and could open webpages very easily .
As well as: “Sadly, this does not tell us anything about how your funds could be compromised. None of this could have ever exposed your private keys or made your device vulnerable in any way.
The Reddit thread you linked discusses cracking BIP-39 passphrases, which is irrelevant to your case. Cracking such passphrases assumes the person trying to break the wallet already has full possession of the recovery seed (recovery words). See, a passphrase is not your recovery seed or some additional password on your device. It is an extension of the seed, and it is also 100% useless without controlling the full seed.
The only threat you are exposed to when using Chrome is using Google itself. When googling "trezor" or "trezor wallet", you might stumble upon a phishing site which will present itself as a genuine Trezor website and force you to go through a fake "recovery" process. There you'd give out your recovery seed, which subsequently grants full access to your wallet and funds.
It's reasonable to assume that malware could guide you to such a website. To this day, we are not aware of any such incident ever happening, and even then, there are protections in place to defend you against phishing attempts.“
Basically, something I never did and all funds would haven been gone then.
I checked the 3rd network as well, and like the 1st nothing special happened. Only in the 2nd.
These are the funds and how the got cleared off the wallets.
I always show last transaction from me to the adress as well on the screens. So adress:
0x253ABB6d747a9404A007f57AaDEc1cA2b80694a1
They withdrew this:
1k USDT and the small amount ETH to send stuff
https://s19.directupload.net/images/200121/sg2lumg8.png
adress:
0x01fd43a713D8F46FF9a7Ed108da2FF74884D8400
They withdrew this:Majority of USDT and small eth for sending stuff
https://s19.directupload.net/images/200121/arycubto.png
adress:
0xf73c8C30072488d932011696436B46005504A7aeThey withdrew this:
Majority of ETh, then all coins from valueable to worthless and then some rest eth
https://s19.directupload.net/images/200121/urbgm2y5.png
https://s19.directupload.net/images/200121/rdkod59h.jpg
So this is what happened at 12th september between 16:49 and 17:15. Sick to see that all happened between 16:49 and 17:00 and its like someone came back checking and saw the 0.014 eth and withdrew it 17:15. Around 10pm i discovered what happened.
So, do you have any ideas? Questions? Feel free to guess or ask Im glad for everything which might lead to what might have happened. I somehow can’t let go off the feeling something inbetween the network, MEW and trezor ist he cause, but what do I know.
No comments:
Post a Comment