This is an automated archive.
The original was posted on /r/trezor by /u/AvengerDr on 2023-08-14 18:21:07+00:00.
So this morning I bought some ADA on coinbase and wanted to transfer it to the ADA wallet within my Trezor.
I went to the dashboard / ADA and clicked on "reveal address". Differently from usual, this time I didn't press the confirm button on the Trezor, but after confirming visually that it was the same I CTRL+C on the desktop app but pressed the X button to close the window.
I then pasted it in the coinbase dialog on Chrome e went through the process. Yes, of course just this one time that I didn't check it had to go wrong.
The first thought that crossed my mind was that my clipboard has been hijacked. However, before and after this ADA transfer I had completed multiple transfers (from coinbase to other blockchains) successfully. An ADA specific clipboard hack? I tried redoing the steps and pasting it to notepad a hundred times but it seems to be working fine.
This is the transaction.
When you have eliminated the impossible, whatever remains, however improbable, must be the truth.
So IF I have not been hacked (I know, big if), where did this address, that I have never seen, come from? I toured all the exchanges I use and it's nowhere to be found. Koinly didn't pick it up (and auto-matched to somewhere). Coinbase gave me the usual spiel. The ADA seems to be still there, so whoever owns the address hasn't woken up yet and the funds have not been moved. This ADA address doesn't have the same stake key as the rest of my ADA addresses and it's not the next one to be generated. It's not a lot, and a fairly cheap lesson compared to others I have had in the past, but I would still be curious to understand what happened.
So, again, IF I have not been hacked, what other possibilities remain? I am 99% sure that I CTRL+C the text and did not press the button because I am 100% sure that I saw the red "toast" saying Address verification error: Cancelled. Could I have installed an hacked version of Trezor suite? I checked both the passphrase protected account and the non-protected one. It's not there either.