Trezor One question

A warning and a question about Trezor

A few weeks ago I was in a hurry and entered “Trezor” into Google to look for a the Trezor app. (Lesson number 1: Always go to Trezor.io directly). The computer I was on was mine, but didn't previously have the Trezor app on this specific machine. In my haste, I clicked on the first sponsored link and downloaded what I thought was the legit Trezor app (Lesson number 2: Be very cautious of any Google links… I later learned I had clicked on a phishing website that had a dot club suffix but looked exactly like the legit site. They must've paid Alphabet/Google a lot for the keyword.) Subsequently, I stupidly entered my 24-word seed into the site (don't stone me, I'm aware it was a very foolish move on my part; it was late and I was in a hurry/clearly was not thinking… I'm not even sure why I did what I did… maybe thinking seed was needed to activate the app…. Lesson 3: Never, ever, ever enter your seed anywhere) and subsequently a few hours later lost all the BTC from my Trezor cold wallet. I only realized this several days later when I logged into my cold wallet and noticed the transaction. I have since restored my computer to factory settings.

My question: should I consider this Trezor One compromised and throw it away? Or, can I reset it and create new wallets with new seed and still be safe? Is there any way there may be malware/illegit software on it that would compromise its future use?

Thanks so much!

2 thoughts on “Trezor One question”

  1. Please bear in mind that no one from the Trezor team would send you a private message first.
    If you want to discuss a sensitive issue, we suggest contacting our Support team via the Troubleshooter: https://trezor.io/support/

    No one from the Trezor team (Reddit mods, Support agents, etc) would ever ask for your recovery seed!
    Beware of scams and phishings: https://blog.trezor.io/recognize-and-avoid-phishing-ef0948698aec

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. Hey, thanks for sharing, and sorry for your loss. Scammers used the stolen funds to buy AdWords, so it’s a vicious cycle.

    If the phishing site is still online, you can report it to Google. https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

    Now to your question: Your seed is compromised, not your physical Trezor. Reset it, and it generates you a fresh seed.

Comments are closed.