All articles

Funds sent without your authorization

If you notice a transaction you don’t recognize, it’s important to investigate right away. If you haven’t shared access to your wallet with anyone, act quickly. If there are still funds in your wallet, consider moving them to a secure wallet or exchange immediately. Also, be sure to carefully review all your accounts in Trezor Suite.


Cryptocurrency transactions cannot be reversed - even if you didn’t authorize the transaction yourself.

A key feature of blockchain technology is that funds cannot be spent twice. To guarantee this, cryptocurrency transactions are irreversible once confirmed.

While this ensures a high level of security for the blockchain itself, it also places significant responsibility on those who self-custody their crypto, since there is no authority that can reverse transactions.

In short, once a transaction is confirmed, it cannot be undone.

Anyone who has access to your wallet backup or your Trezor and it’s PIN has the ability to send funds from your wallet.

Unfortunately, this also means that if someone gains access to your wallet and sends the funds elsewhere, there is no way to reverse the transaction.
 

I don’t recognize a transaction. What do I do?


First, stay calm and double-check whether the transaction is truly unfamiliar. Avoid making quick decisions out of panic. There is a good chance that you may just have misinterpreted something. If you go through the following steps, ensure that you are focused and proceeding with care.

If you see that funds have been sent from your wallet and you didn’t approve the transaction, you need to act right away.

If the transaction is a Bitcoin transaction, there is a chance you may be able to cancel the transaction if you act quickly enough due to Bitcoin’s 10 minute block time. For more information, please read our article called Can I cancel or reverse a transaction?

If you still have funds in your wallet, move them to a secure exchange or another wallet immediately. If you don’t have an exchange account, you can create a temporary wallet using a third-party app.

After securing your funds, stop using this wallet. Make sure all accounts are empty, then wipe your device.

After wiping your device, set up a new wallet and transfer your funds back.

For a detailed explanation of this process, please read our article called Move crypto to a wallet with a new wallet backup.
 

What happened?


If you see that your wallet has been drained, there are a few things that could have happened. These are the most likely reasons:
 

Wallet compromised


Scammers are always developing new tactics to trick users into revealing their wallet backups or gain access to users’ funds through technical workarounds.

This can happen in different ways, but the most common are exposing your 12-, 20-, or 24-word wallet backup online or signing a malicious smart contract/using a compromised dApp.

Scammers use various tactics to steal wallet backups. They may impersonate Trezor support via phone or email to create a sense of urgency, or they might create a fake website that tricks you into entering your wallet backup.
 

Trezor will never contact you via phone. If anyone contacts you claiming to work for Trezor, do not engage with them, and instead contact our chatbot Hal immediately.


If someone gains access to your physical wallet backup, they can take full control of your wallet. That’s why it’s crucial to keep it safe and never share it with anyone.

Malicious smart contracts and dApps work differently but follow a similar principle. When you sign a transaction with your Trezor device, you might unknowingly authorize a token approval, granting the smart contract owner full access to your funds.

If this happened to you, don’t blame yourself. Scammers are becoming more sophisticated every day. With AI-driven scams on the rise, staying ahead is a challenge for everyone.

That’s why Trezor prioritizes security first. Never share your wallet backup under any circumstances, and avoid signing smart contracts that haven’t been audited or that you don’t fully understand.
 

Device + PIN compromised


The second possibility is that someone had physical access to your Trezor device and also knew your PIN. For this to happen, the person would need to be aware that you own a Trezor, have direct access to the device, and successfully enter the correct PIN.

Since Trezor devices are designed to protect against unauthorized access, multiple incorrect PIN attempts will trigger a security delay, making it increasingly difficult for an attacker to guess the correct code.

You should be extremely aware of where your Trezor devices and their wallet backups are.
 

Finding the transaction


If you see a transaction you don’t recognize, you can investigate it using a block explorer. A block explorer is a tool that lets you view all transactions on a blockchain.

Trezor has several native block explorers which you can find here.

To trace the transaction, enter the transaction hash or receiving address into the block explorer’s search bar.

This may help you determine where the funds were sent. For example, if they were sent to an exchange, you can contact the exchange’s customer support, explain the situation, and provide the transaction ID. While recovery is not guaranteed, the exchange may be able to assist in some way.