Never share backup seed phrase of cryptocurrency wallet with anyone
A user with more than 43000 twitter followers, Crypto Godfather has posted on twitter that one of his friends got his Trezor wallet hacked. Trezor is a hardware wallet where the private keys never leave the wallet yet someone was able to steal funds from it.
He says that the wallet was never used for 133 days prior to the hack. The hacker transferred all the funds to the Uniswap, which is a proper decentralized cryptocurrency exchange with no limits, no KYC and no restrictions.
The wallet was never connected online during this time. However, he does mentions that the seed phrases were backed up on a piece of paper in bank safe. And this is what appears to be the weakest link.
These backed up seed phrases allow anyone to have full access to the funds stored on any hardware wallet, Trezor, Ledger Nano and so on. There is no need to have the physical wallet to get the funds out if one has access to these seed phrases.
These seed phrases contain 12/24/15 words that can used to get the private keys using a BIP39 tool like Ian Coleman tool. Or one can simply import them into something like a Trust wallet to get easy access to all funds.
Had a trezor hack a few months ago as well. Might have been a seed phrase being compromise but not sure. There should be a way to prevent this through the device itself. Device never left my control.
— Frank (@Frank41013422) October 22, 2020
Moral of the story – never share your backup seed phrases with anyone – not even your family members.