TRON wallet multisignature scams: what they are and how to avoid them

As blockchain technology becomes more widespread, the security of digital assets is increasingly critical. Towards this end, the multisignature (multisig) mechanism is a security measure that's gaining attention and adoption among users. Through this system, a wallet can be controlled by multiple users, requiring several signatures to complete a transaction. This can be compared to a safe that needs multiple keys to open — only when all keyholders cooperate can the safe be accessed.

TRON wallets adopt multisig transactions to help safeguard user assets. However, the product is inevitably the target of scams as bad actors seek out vulnerabilities in order to steal funds. In this article, we'll delve into the application of multisig in TRON wallets and how you can guard against potential scams.

TL;DR

  • Although TRON ecosystem wallets use multisignatures for robust security, bad actors have found ways to manipulate the technology to commit fraud.

  • Multisignature wallets can be programmed to require more than one private key to be used to complete transactions, adding an additional layer of security.

  • Multisignature wallets are an alternative to single-signature wallets, which allows transactions to be made using a single private key.

  • Common TRON multisignature scams include bad actors claiming to need TRX for transaction fees to convince victims to share TRX tokens. Another scam involves tricking victims into sharing their private keys or seed phrases before changing the signing mechanism to maliciously gain control of assets.

  • You can prevent TRON wallet multisignature scams by protecting private keys, avoiding clicking suspicious links, frequently checking account permissions for unauthorized addresses, and only downloading wallet software from official sources.

Difference between single-signature and multisignature wallets

On cryptocurrency networks, standard transactions are called single-signature transactions because they require only one wallet signature to be completed. Single-signature wallets also need only one private key to authorize transactions, making them user-friendly for individual users or scenarios without complex permission management.

In contrast, blockchains like TRON support multisig mechanisms. A multisig wallet allows an account to be managed by multiple private keys, and transactions need several private key signatures to be executed. Each signer in a multisig setup is given a weight, indicating their importance in the transaction process. The total weight of signatures must reach a predefined threshold to authorize the transaction. For instance, if the threshold is two, it means either one signer with a weight of two or multiple signers with combined weights equal to or exceeding two are required. The number of signatures needed is based on the threshold and can be configured according to specific requirements.

TRON multisig scenarios

Based on user interactions, the following scenarios may lead to multisig setups:

1. User self-initiated multisig setup

  • Some users might accidentally enable multisig while exploring wallet functions. When transferring assets, they find that at least two wallet addresses are required to sign and confirm the transaction, causing a transaction failure.

  • Solution: This issue stems from user error. The assets remain secure, and users only need to meet the multisig requirements or disable the multisig setting to execute transactions with a single signature.

2. Importing private keys or seed phrases from the web

  • Users might import private keys or seed phrases from online sources, unaware that these wallets are already set as multisig. When attempting to transfer assets, they find the wallet requires multiple signatures.

  • Solution: Avoid importing private keys or seed phrases from untrusted sources. Make sure that the source of private keys and seed phrases is reliable.

3. Leaking private keys or seed phrases to scammers

  • Users unknowingly disclose their private keys or seed phrases to scammers, who then set up the wallet as multisig, preventing the user from independently transferring assets.

  • Solution: Never share your private keys or seed phrases with anyone, even if they claim to be technical support or a friend. Keep these details in a secure place that only you can access.

TRON wallets multisignature permissions
You can view the addresses of authorized signers using the TRON block explorer

4. Clicking on third-party malicious links

  • Users click on phishing links that lead to wallet permission changes. Scammers create websites offering discounted gift cards or top-ups, enticing users to click the links and make purchases. These sites execute code to elevate permissions maliciously. Once users confirm and input their password for the transaction, their wallet permissions are altered, granting scammers multisig control.

  • Solution: Avoid clicking on links from unknown sources. Regularly check wallet account permissions to ensure no unauthorized accounts have been added as multisig accounts.

TRON wallet third-party risk 1
TRON wallet third-party risk 2
Be cautious by regularly checking that no authorized accounts have been added as a multisig account

Common multisig scams

Criminals use various tactics to perform multisig scams that you need to be aware of.

1. Shared private key or seed phrase scam

  • Scammers share private keys or seed phrases of wallets with assets, claiming they lack the TRX (the TRON network's token) for transaction fees, and therefore need assistance. Users send TRX to cover transaction fees into the wallet, but discover they can't transfer the wallet assets.

  • Example: Recently, some users on X and Telegram received such requests from scammers: "I have 100-1000 USDT in my wallet, but the wallet doesn't have enough TRX, which is needed for transaction fees. Here are my wallet address, private key, and seed phrase. If you can help me transfer, I'll reward you with a few hundred USDT from the wallet." A user responds, thinking the wallet holder is a new user, and offers help. After importing the private key or seed phrase, they see the balance but can't transfer it. The scammer then asks for TRX for transaction fees, but even after sending it, the transfer still fails, as the wallet was initially set up as a multisig wallet and users won’t have the full authorization to transfer the asset out of the wallet.

2. Private key or seed phrase leak scam

  • Scammers obtain users' private keys or seed phrases and change the signing mechanism without consent. When users attempt to transfer assets, they find the wallet requires multiple signatures, and the scammer can transfer the assets.

  • Example: When scammers get hold of a user's seed phrase or private key, they can modify the account permissions, making the wallet jointly controlled by the user and scammer address. The scammer sets a threshold of three, giving their own address a weight of two and the user address a weight of one. The user can’t perform any transaction alone, as their address weightage is insufficient. However, the scammer, with their higher weightage, can transfer assets out of the wallets. Users might not notice until they try to use the wallet, but by then their assets could already be compromised.

How to Identify a TRON multisig wallet

  1. Using TRON block explorer: Enter the wallet address in the search bar and check if "Owner Permission" or "Active Permission" is authorized to two or more accounts.

TRON block explorer
The TRON block explorer is a useful tool when managing authorized accounts related to a wallet

2. Checking account permissions: In the TRON wallet app, review the account permission settings.

Validating TRON account permissions
You can check account permissions directly in the TRON wallet app

How to prevent multisig scams

  1. Protect private keys and seed phrases: Never share these sensitive details with anyone.

  2. Avoid clicking suspicious links: Don't click on links from unknown sources, especially those disguised as transaction or authorization links.

  3. Regularly check account permissions: Make sure no unauthorized addresses are added to your multisig account. Deactivate any wallets compromised by third-party multisig.

  4. Use official channels only: Download wallet software from official sources and avoid using software from unknown origins.

The final word

The multisig mechanism is an effective security measure, but it's essential you remain alert to security risks and protect your private keys and seed phrases. Understanding the multisig mechanism and common scams can help you to protect your digital assets and avoid falling into traps. Let’s work together to safeguard our digital assets, stay vigilant, and enhance the security of the crypto world.

FAQs

The TRON network supports multiple different wallets built for a variety of user needs. This includes hardware wallets, software wallets, and web-based wallets. These wallets support users in storing and transacting with their TRX tokens, and allow users to also interact with decentralized applications built on the TRON blockchain.

In the context of wallets, multisignature refers to a security measure built into the wallet. Multisignature wallets can be controlled by multiple users and can be programmed to require numerous different keys to complete a transaction. As a result, it's possible that no single user can access the wallet and its assets alone.

Where a multisignature wallet can be accessed and used with multiple private keys, single-signature wallets only require one private key for transactions to be completed. In multisignature wallets, a minimum weighting threshold must be met to authorize a transaction. Each signer is given a weight which demonstrates their importance in the transaction process. For example, if the minimum weightage is three, a transaction can be made using one signer with a weighting of two and one signer with a weighting of one. Alternatively, the same transaction can be made by one signer with a weighting of three.

A multisignature wallet is theoretically more secure than a single-signature wallet because it requires multiple parties to sign off on a transaction. However, that's not to say multisignature wallets aren't without their risk. The technology is still a target for scammers who attempt to manipulate the multisignature process to gain control of a wallet and its assets.

Limitarea răspunderii
Acest conținut este furnizat doar în scopuri informative și poate acoperi produse care nu sunt disponibile în regiunea dvs. Acesta nu este menit să furnizeze (i) sfaturi sau recomandări de investiții; (ii) o ofertă sau o solicitare de a cumpăra, vinde sau deține active digitale sau (iii) recomandări financiare, contabile, juridice sau fiscale. Deținerile de active digitale, inclusiv criptomonede stabile și NFT-uri, presupun un nivel ridicat de risc și pot fluctua foarte mult. Ar trebui să vă gândiți bine dacă tranzacționarea sau deținerea de active digitale este adecvată pentru dvs., având în vedere situația dvs. financiară. Consultați un specialist în domeniul juridic/fiscal/al investițiilor și adresați-i întrebări cu privire la circumstanțele dvs. specifice. Informațiile (inclusiv datele de piață și informațiile statistice, după caz) care apar în această postare sunt prezentate doar în scop de informare generală. Deși s-au luat toate măsurile rezonabile pentru a pregăti aceste date și grafice, nu acceptăm nicio responsabilitate sau răspundere pentru nicio eroare factuală sau omisiune exprimată aici. Atât OKX Web3 Wallet, cât și OKX NFT Marketplace fac obiectul unor termeni separați privind serviciile, pe care îi puteți consulta la www.okx.com.
© 2024 OKX. Acest articol poate fi reprodus sau distribuit în întregime sau pot fi folosite extrase ale acestui articol de maximum 100 de cuvinte, cu condiția ca respectiva utilizare să nu fie comercială. De asemenea, orice reproducere sau distribuire a întregului articol trebuie să menționeze în mod clar: „Acest articol are drepturi de autor atribuite OKX în anul 2024 și este utilizat cu permisiune.” Extrasele permise trebuie să menționeze denumirea articolului și trebuie să includă atribuirea, de exemplu „Denumirea articolului, [numele autorului, dacă este cazul], © 2024 OKX.” Nu este permisă nicio lucrare derivată sau alte utilizări ale acestui articol.
Extindere
Articole similare
Vizualizați mai mult
Vizualizați mai mult