Thanks for the info!

Did you perhaps buy a trezor from a 3rd party? There have been fake ones going around.

Or maybe more likely, perhaps your computer was infected with malware that: i) Sent a malicious signing request instead of the transaction you were intending to sign. ii) When you copied the address, clipboard malware replaced it with the attackers address, so when you pasted it in, the money is destined for them - this happened to a friend of mine :(.

Reusing addresses will not cause a disaster like this, and trezor would(/should) prevent secret leaking (via nonce reuse attacks).