Loss of bitcoins from h/w wallet - need help understanding

[hhanh00]

A friend of mine recently got his trezor wallet cleaned out and we are trying to figure out what happened.

He gave me his ypub key and I imported it into Electrum to look at his transaction history.
His last legit transaction was 2 weeks ago but yesterday he got two extra withdrawals.

A test transaction was followed by a complete withdrawal of the entire wallet.

https://www.blocktrail.com/BTC/tx/7a2f637bcd6f30a02c298c64022d4148c58d9587ed6e2191a3a758ad40c6fda2
https://www.blocktrail.com/BTC/tx/7d708a9dc692ce79170a411563ebdcc4110bdfadfdfe1c726b8fb5d3d0bc17bf


IMHO, the fact that there were 2 transactions points towards a compromised seed.
The test tx actually returns most of the wallet amount back into the change address - which is a single use p2sh-p2wpkh address.
Then the change address itself is cleared in the 2nd tx.
The thief knows how to generate private keys for the entire hierarchical wallet. AFAIK, that requires the seed.

So, it looks like a targetted attack. My friend says he never put his seed online, never took a picture of it, etc.
He only kept it on a piece of paper, getting to it would imply someone who knows him.

But the receiving address has activities that I don't understand then.

https://www.blocktrail.com/BTC/address/18abkVcsfwvNHxFM1jN5WLAY9irB91FwTH

The address appear when he lost his funds and was itself cleared one day later.
However, it also sees the transfer of over 1000 btc as if it was the staging area of a large scale attack.

Does anyone know what has happened there?

Thanks,
--h

[1714971140]

1714971140

[Woundur]

Looks like there has been a case of hacking but I am still not sure about it by looking at the logs you provided. It is better if you contact Trezor directly. If the fault is from there end then there might be a chance of getting back the Bitcoins of your friend. But, if it has been due to the fault of your friend, I am afraid no one can do anything about it.

[MilfordGannon]

I guess he is being attacked by a person of his own. Someone has stolen data from his piece of paper, as Crypto-space is decentralized, once you are attacked, it is hard to be recovered. I suggest withdrawing all of the savings if he still has access.

[mk4]

Hey. Might be a late reply but I heavily suggest you post this on the TREZOR subreddit[1] so the subreddit mods will more likely see your post and the other trezor users would be aware of this(if ever this is a vulnerability on trezor's side).

[1] https://www.reddit.com/r/TREZOR/

[mocacinno]

I'm on my phone right now so I didn't look up those transactions, however judging by your op, it does look like somebody got their hands on either his seed phrase or his xprv.

Questions that pop in my mind:
- is he sure he isn't doing this himself? I've seen new users getting confused in the past?
- how secure is he storing that seed? Can the cleaning lady/plumber/family member reach it?
- did he enter the seed phrase in a desktop wallet to try restoring the wallet?

You *should* be able to run a trezor on an infected PC, and the odds of brute forcing a seed are extremely small, so the biggest odds are either somebody got their hands on the seed phrase or he's accidentally creating those tx's.

If he can find the physical person that stole his seed he can go to the police. If he's causing this himself he just needs to figure out whose address he's funding and try to ask the receiver to refund... Otherwise his funds are lost

[merchantofzeny]

So, has the problem been fixed? I feel sorry for him. I've never used a hardware wallet before so I am interested to know what exactly happened to your friend's stash in case I'd eventually buy a Trezor.

Has he already contacted their CS?

I'm on my phone right now so I didn't look up those transactions, however judging by your op, it does look like somebody got their hands on either his seed phrase or his xprv.

Questions that pop in my mind:
- is he sure he isn't doing this himself? I've seen new users getting confused in the past?
- how secure is he storing that seed? Can the cleaning lady/plumber/family member reach it?
- did he enter the seed phrase in a desktop wallet to try restoring the wallet?

You *should* be able to run a trezor on an infected PC, and the odds of brute forcing a seed are extremely small, so the biggest odds are either somebody got their hands on the seed phrase or he's accidentally creating those tx's.

If he can find the physical person that stole his seed he can go to the police. If he's causing this himself he just needs to figure out whose address he's funding and try to ask the receiver to refund... Otherwise his funds are lost

A family member or friend would be the first one I'd suspect. I don't think a random plumber would know what to do with some random words scribbled on a paper. This is why I prefer to also encrypt the seed phrase. Basically not writing down the actual phrase.

[Lucius]

OP is also posted in Bitcoin Technical Support and he/she is obviously forgot on this thread.

Thanks for the help everyone. At this point, all indications point towards an insider job. We have traced the chain of custody and it is unrelated to any technical issue with Trezor.

So it is clear that there is no problem with Trezor, insider job probably means that some of victim family/friends took advantage of the opportunity and wipe out his hardware wallet. Since it is over 35 BTC stolen this is classic case for police, the thief probably left some traces. What we can learn from this that even coins are on hardware wallet and seed written down on paper does not mean we are safe.

[mocacinno]

@op: I see a lot of people suggesting to contact trezor support, even going as far as claiming they'll reimburse you... I just wanted to warn you not to get your hopes up.

AFAIK, I haven't seen a flaw that would cause a remote hacker to gain access to your seed or xprv, odds of a technical flaw within the trezor hardware, firmware or wallet are extremely slim... If it wasn't their fault your friend got robbed, I seriously doubt they'll reimburse +30 btc.
Sending logs to trezor might save future victims of being robbed (emphasis on *might*), however they will probably not be able to get you your btc back, so unless the funded address were in some way generated by the same seed, or if you can prove (without a doubt) it was trezors fault, or find the culprit yourself, I'm afraid the odds of getting your btc back are not good,no matter what anyone in this thread is claiming. I don't like to be the barer of bad news, but that's just the way it is.

PS: I realise op double posted, but I wanted to make sure to set the record straight in this, currently derailing, thread

[iotarocket]

OP is also posted in Bitcoin Technical Support and he/she is obviously forgot on this thread.

Thanks for the help everyone. At this point, all indications point towards an insider job. We have traced the chain of custody and it is unrelated to any technical issue with Trezor.

So it is clear that there is no problem with Trezor, insider job probably means that some of victim family/friends took advantage of the opportunity and wipe out his hardware wallet. Since it is over 35 BTC stolen this is classic case for police, the thief probably left some traces. What we can learn from this that even coins are on hardware wallet and seed written down on paper does not mean we are safe.

Wow. Thanks for the clarification! I am a firm believer that seed phrases should always, always be locked away and made inaccessible to absolutely everyone but you. There are so many cases of friends, acquaintences, or relatives coming across private keys or seed phrases and wiping out accounts.

[Wind_FURY]

I'm on my phone right now so I didn't look up those transactions, however judging by your op, it does look like somebody got their hands on either his seed phrase or his xprv.

Questions that pop in my mind:
- is he sure he isn't doing this himself? I've seen new users getting confused in the past?
- how secure is he storing that seed? Can the cleaning lady/plumber/family member reach it?
- did he enter the seed phrase in a desktop wallet to try restoring the wallet?

You *should* be able to run a trezor on an infected PC, and the odds of brute forcing a seed are extremely small, so the biggest odds are either somebody got their hands on the seed phrase or he's accidentally creating those tx's.

If he can find the physical person that stole his seed he can go to the police. If he's causing this himself he just needs to figure out whose address he's funding and try to ask the receiver to refund... Otherwise his funds are lost

Another important question to ask would be, where did you buy your Trezor? I hope it wasn't from Ebay, or some online store, or from a "friend". Your Trezor should come from Trezor themselves, straight from where it is made in the Czech Republic, and arriving in your doorstep without the package tampered.

[odolvlobo]

Also, it is possible to derive all of the private keys if both the extended public key and a single private key are known.

[swogerino]

I suspect two things:

If the user has really secured the hw as he should and keeping the seed only for himself in a safe place, probably on an old Linux laptop where no one has access except the user and is strongly password protected both in the BIOS both before login to OS.

If the user bought the Trezor used, no matter where he bought it from that must be the reason why his bitcoins are gone. Always buy from the manufacturer.

Before this case is solved we need to know the source where the Trezor comes from. If it is bought from the official website, then it is an inside job. If it is bought used somewhere, it is the work of the person/entity who sold it. No other possible explanation based on the data in this thread.

[bob123]

Also, it is possible to derive all of the private keys if both the extended public key and a single private key are known.

This does only apply to unhardened derivation. BIP44/49 does use hardened derivation.

Unhardened derivation: privKey(n) = k + h(xpub,n)
Hardened derivation: privKey(n) = k + h(xpriv,n)

With h being a hashfunction. This means that with unhardened derivation one private key together with the xpub is enough to calculate all private keys.
But with hardened derivation you would need the xpriv additionally to the private key. And with knowing the xpriv, you could generate all priv keys anyway.

[Spendulus]

I suspect two things:

If the user has really secured the hw as he should and keeping the seed only for himself in a safe place, probably on an old Linux laptop where no one has access except the user and is strongly password protected both in the BIOS both before login to OS.

If the user bought the Trezor used, no matter where he bought it from that must be the reason why his bitcoins are gone. Always buy from the manufacturer.

Before this case is solved we need to know the source where the Trezor comes from. If it is bought from the official website, then it is an inside job. If it is bought used somewhere, it is the work of the person/entity who sold it. No other possible explanation based on the data in this thread.

It's possible to buy a used Trezor, or have one that is compromised, and change the recovery seed. This would make it a new fresh unit, particularly if you added a 25th word - a "passphrase."

As for the possibility of someone close to the victim being the perp, I'd look for the obvious - someone spending more than they were in the past, who had the necessary skills. If the card with the 24 words had been cut in half and the pieces put in separate secure locations, then the suspect list would narrow to those who had access to both those locations.

I'm not sure I agree with Trezor's advise to not move the bitcoins off the Trezor during the process of changing the seed, but that's not at issue here.

There are a variety of attack scenarios which involve prior knowledge of the internal workings and seeds of the Trezor. These should be all thwarted by adding a 25th seed word.

[merchantofzeny]

OP is also posted in Bitcoin Technical Support and he/she is obviously forgot on this thread.

Thanks for the help everyone. At this point, all indications point towards an insider job. We have traced the chain of custody and it is unrelated to any technical issue with Trezor.

So it is clear that there is no problem with Trezor, insider job probably means that some of victim family/friends took advantage of the opportunity and wipe out his hardware wallet. Since it is over 35 BTC stolen this is classic case for police, the thief probably left some traces. What we can learn from this that even coins are on hardware wallet and seed written down on paper does not mean we are safe.

Most people find it hard to believe family and friends would steal from them. 

Anyway, I had a previous thread asking for suggestions on encrypting or storing the passphrase more securely. The method I ended up using is taking a jigsaw puzzle and marking some pieces in the back. I then made a grid with several words on it (unencrypted though) and the words in the phrase correspond to the markings on the jigsaw. The the grid is the cut up.

To get the phrase, the grid need to be assembled correctly and the jigsaw assembled on top. The marked jigsaw are then removed, revealing the word. Which they then need to sort in the correct order. Threw in an extra incorrect word to make that harder. Not as secure as encrypting it but you can break them into even smaller groupings, making it harder for one person to assemble it but still easy enough for the owner to use since he's familiar with the sequence.

I would still like to hear from OP, if ever they'd be able to track who did it and how.

[Spendulus]

....
Another important question to ask would be, where did you buy your Trezor? I hope it wasn't from Ebay, or some online store, or from a "friend". Your Trezor should come from Trezor themselves, straight from where it is made in the Czech Republic, and arriving in your doorstep without the package tampered.

I agree about not buying from Ebay, what about Amazon?

[Spendulus]

Since from post history OP never mentioned where his friend bought the Trezor wallet, i would suggest contact Trezor if his friend bought the HW wallet from 3rd party. Ledger CEO mentioned in past that "we can help you file a formal criminal complaint and bring the eBay seller to justice"[1] and AFAIK it's the only way to recover loss stolen Bitcoin.

[1] https://www.reddit.com/r/ledgerwallet/comments/7obot7/all_my_cryptocurrency_stolen/ds8mbbq

....
Another important question to ask would be, where did you buy your Trezor? I hope it wasn't from Ebay, or some online store, or from a "friend". Your Trezor should come from Trezor themselves, straight from where it is made in the Czech Republic, and arriving in your doorstep without the package tampered.

I agree about not buying from Ebay, what about Amazon?

Amazon should be okay if it's sold by amazon directly and there are many good/detailed review. Even so it's better to buy from official HW wallet website or check the package/content carefully if you buy from amazon.

On thinking about it this, it's incorrect.

Suppose you had a trezor, and for a period of time it was in other peoples' hands. It's compromised, period. You need to wipe it and create a new fresh set of seed phrases, then reload the coins.

When you get a trezor, it's been in someone else's hands, therefore it should be considered compromised. Again, you need to wipe it, not ever use the initial set of seed phrases it comes up with, and generate a new fresh set.

[HCP]

When you get a trezor, it's been in someone else's hands, therefore it should be considered compromised. Again, you need to wipe it, not ever use the initial set of seed phrases it comes up with, and generate a new fresh set.

AFAIK, Trezors from the factory come uninitialised and require you to go through the full setup process on first use (my Trezor "One" did)

If it has already been initialised and there is a note to text a number to get your seed mnemonic (or includes a pre-printed card with the seed mnemonic already on it)... then someone has most likely been "tampering" with it.

[Spendulus]

When you get a trezor, it's been in someone else's hands, therefore it should be considered compromised. Again, you need to wipe it, not ever use the initial set of seed phrases it comes up with, and generate a new fresh set.

AFAIK, Trezors from the factory come uninitialised and require you to go through the full setup process on first use (my Trezor "One" did)

If it has already been initialised and there is a note to text a number to get your seed mnemonic (or includes a pre-printed card with the seed mnemonic already on it)... then someone has most likely been "tampering" with it.

I'm questioning whether that first process truly is secure. Assume there is a Bad Guy at the factory checking units before sealing them in those nice little boxes. He simply notes the seed phrases in a unit, then seals it and ships it out.

Is the initialization process upon receipt of a unit such that this is impossible?

Let's not approach this from the point of view of "what does Trezor say you should do." Let's consider it a blank sheet of paper and start with first principles of security and see where that leads.