I had my trezor hacked from bisq!

On December 9 I did a transfer of 0.00165790 BTC from my Trezor to a DEX BISQ Wallet as a deposit, I have this transaction registered in my Trezor Suite.

The balance in my Trezor shows, until today, the right BTC quantity, however, I had 0.13498370 BTC from one of my wallets in the Trezor transferred for an unknown wallet, in the same block of the Bisq transfer described above. The unknown transaction was made WITHOUT MY ACKNOWLEDGMENT. Besides, I don’t have this transaction registered in my Trezor.

If those transactions were done from your trezor, it’s your trezor that is doing something wrong.
To receive funds to Bisq, the transaction needs to be created and verified from the Trezor, you only need to copy the address from Bisq and add it to whatever wallet you’re using (electrum, sparrow, trezor suite) but afterwards the hardware always asks you to verify what tx have you created to sign it using the device.
Before thinking that Bisq wallet has something to do with this, I’m more inclined to think that:

  • Your funds are still on the Trezor wallet and address, bc1q2dsjmcf2sj9vp5xejzes3kqlfx673yswzy4xhn looks a lot like a change address. Change - Bitcoin Wiki
  • Someone got access to your wallet. Still, it’s easier to spend it than alterate your software to create fake transactions. Someone with such knowledge would preffer to go after bigger amounts.
2 Likes

To expand on this, either that’s a change output that for some reason trezor is not picking up and not showing in your balance, or you fell victim to a change swap attack, where the intended change address was replaced with the attacker’s address. I would think the latter unlikely though, unless your system is very compromised, and you built the transaction on a hacked software, having the trezor sign it afterwards.

What is true either way, is that Bisq has nothing to do with it, as it will only give you the address where to receive funds to, what you do with that address in your clipboard is out of Bisq’s control

2 Likes

Guys. The Trezor Community answer me. What happened is called “Change Address” and it is a normal procedure from UTXO Bitcoin Protocol. The balance is still in my Trezor but the address is not shown. They advised me to follow my balance using the Xpub address from Trezor. Thanks for all.