TRON wallet multisignature scams: what they are and how to avoid them

As blockchain technology becomes more widespread, the security of digital assets is increasingly critical. Towards this end, the multisignature (multisig) mechanism is a security measure that's gaining attention and adoption among users. Through this system, a wallet can be controlled by multiple users, requiring several signatures to complete a transaction. This can be compared to a safe that needs multiple keys to open — only when all keyholders cooperate can the safe be accessed.

TRON wallets adopt multisig transactions to help safeguard user assets. However, the product is inevitably the target of scams as bad actors seek out vulnerabilities in order to steal funds. In this article, we'll delve into the application of multisig in TRON wallets and how you can guard against potential scams.

TL;DR

  • Although TRON ecosystem wallets use multisignatures for robust security, bad actors have found ways to manipulate the technology to commit fraud.

  • Multisignature wallets can be programmed to require more than one private key to be used to complete transactions, adding an additional layer of security.

  • Multisignature wallets are an alternative to single-signature wallets, which allows transactions to be made using a single private key.

  • Common TRON multisignature scams include bad actors claiming to need TRX for transaction fees to convince victims to share TRX tokens. Another scam involves tricking victims into sharing their private keys or seed phrases before changing the signing mechanism to maliciously gain control of assets.

  • You can prevent TRON wallet multisignature scams by protecting private keys, avoiding clicking suspicious links, frequently checking account permissions for unauthorized addresses, and only downloading wallet software from official sources.

Difference between single-signature and multisignature wallets

On cryptocurrency networks, standard transactions are called single-signature transactions because they require only one wallet signature to be completed. Single-signature wallets also need only one private key to authorize transactions, making them user-friendly for individual users or scenarios without complex permission management.

In contrast, blockchains like TRON support multisig mechanisms. A multisig wallet allows an account to be managed by multiple private keys, and transactions need several private key signatures to be executed. Each signer in a multisig setup is given a weight, indicating their importance in the transaction process. The total weight of signatures must reach a predefined threshold to authorize the transaction. For instance, if the threshold is two, it means either one signer with a weight of two or multiple signers with combined weights equal to or exceeding two are required. The number of signatures needed is based on the threshold and can be configured according to specific requirements.

TRON multisig scenarios

Based on user interactions, the following scenarios may lead to multisig setups:

1. User self-initiated multisig setup

  • Some users might accidentally enable multisig while exploring wallet functions. When transferring assets, they find that at least two wallet addresses are required to sign and confirm the transaction, causing a transaction failure.

  • Solution: This issue stems from user error. The assets remain secure, and users only need to meet the multisig requirements or disable the multisig setting to execute transactions with a single signature.

2. Importing private keys or seed phrases from the web

  • Users might import private keys or seed phrases from online sources, unaware that these wallets are already set as multisig. When attempting to transfer assets, they find the wallet requires multiple signatures.

  • Solution: Avoid importing private keys or seed phrases from untrusted sources. Make sure that the source of private keys and seed phrases is reliable.

3. Leaking private keys or seed phrases to scammers

  • Users unknowingly disclose their private keys or seed phrases to scammers, who then set up the wallet as multisig, preventing the user from independently transferring assets.

  • Solution: Never share your private keys or seed phrases with anyone, even if they claim to be technical support or a friend. Keep these details in a secure place that only you can access.

TRON wallets multisignature permissions
You can view the addresses of authorized signers using the TRON block explorer

4. Clicking on third-party malicious links

  • Users click on phishing links that lead to wallet permission changes. Scammers create websites offering discounted gift cards or top-ups, enticing users to click the links and make purchases. These sites execute code to elevate permissions maliciously. Once users confirm and input their password for the transaction, their wallet permissions are altered, granting scammers multisig control.

  • Solution: Avoid clicking on links from unknown sources. Regularly check wallet account permissions to ensure no unauthorized accounts have been added as multisig accounts.

TRON wallet third-party risk 1
TRON wallet third-party risk 2
Be cautious by regularly checking that no authorized accounts have been added as a multisig account

Common multisig scams

Criminals use various tactics to perform multisig scams that you need to be aware of.

1. Shared private key or seed phrase scam

  • Scammers share private keys or seed phrases of wallets with assets, claiming they lack the TRX (the TRON network's token) for transaction fees, and therefore need assistance. Users send TRX to cover transaction fees into the wallet, but discover they can't transfer the wallet assets.

  • Example: Recently, some users on X and Telegram received such requests from scammers: "I have 100-1000 USDT in my wallet, but the wallet doesn't have enough TRX, which is needed for transaction fees. Here are my wallet address, private key, and seed phrase. If you can help me transfer, I'll reward you with a few hundred USDT from the wallet." A user responds, thinking the wallet holder is a new user, and offers help. After importing the private key or seed phrase, they see the balance but can't transfer it. The scammer then asks for TRX for transaction fees, but even after sending it, the transfer still fails, as the wallet was initially set up as a multisig wallet and users won’t have the full authorization to transfer the asset out of the wallet.

2. Private key or seed phrase leak scam

  • Scammers obtain users' private keys or seed phrases and change the signing mechanism without consent. When users attempt to transfer assets, they find the wallet requires multiple signatures, and the scammer can transfer the assets.

  • Example: When scammers get hold of a user's seed phrase or private key, they can modify the account permissions, making the wallet jointly controlled by the user and scammer address. The scammer sets a threshold of three, giving their own address a weight of two and the user address a weight of one. The user can’t perform any transaction alone, as their address weightage is insufficient. However, the scammer, with their higher weightage, can transfer assets out of the wallets. Users might not notice until they try to use the wallet, but by then their assets could already be compromised.

How to Identify a TRON multisig wallet

  1. Using TRON block explorer: Enter the wallet address in the search bar and check if "Owner Permission" or "Active Permission" is authorized to two or more accounts.

TRON block explorer
The TRON block explorer is a useful tool when managing authorized accounts related to a wallet

2. Checking account permissions: In the TRON wallet app, review the account permission settings.

Validating TRON account permissions
You can check account permissions directly in the TRON wallet app

How to prevent multisig scams

  1. Protect private keys and seed phrases: Never share these sensitive details with anyone.

  2. Avoid clicking suspicious links: Don't click on links from unknown sources, especially those disguised as transaction or authorization links.

  3. Regularly check account permissions: Make sure no unauthorized addresses are added to your multisig account. Deactivate any wallets compromised by third-party multisig.

  4. Use official channels only: Download wallet software from official sources and avoid using software from unknown origins.

The final word

The multisig mechanism is an effective security measure, but it's essential you remain alert to security risks and protect your private keys and seed phrases. Understanding the multisig mechanism and common scams can help you to protect your digital assets and avoid falling into traps. Let’s work together to safeguard our digital assets, stay vigilant, and enhance the security of the crypto world.

FAQs

The TRON network supports multiple different wallets built for a variety of user needs. This includes hardware wallets, software wallets, and web-based wallets. These wallets support users in storing and transacting with their TRX tokens, and allow users to also interact with decentralized applications built on the TRON blockchain.

In the context of wallets, multisignature refers to a security measure built into the wallet. Multisignature wallets can be controlled by multiple users and can be programmed to require numerous different keys to complete a transaction. As a result, it's possible that no single user can access the wallet and its assets alone.

Where a multisignature wallet can be accessed and used with multiple private keys, single-signature wallets only require one private key for transactions to be completed. In multisignature wallets, a minimum weighting threshold must be met to authorize a transaction. Each signer is given a weight which demonstrates their importance in the transaction process. For example, if the minimum weightage is three, a transaction can be made using one signer with a weighting of two and one signer with a weighting of one. Alternatively, the same transaction can be made by one signer with a weighting of three.

A multisignature wallet is theoretically more secure than a single-signature wallet because it requires multiple parties to sign off on a transaction. However, that's not to say multisignature wallets aren't without their risk. The technology is still a target for scammers who attempt to manipulate the multisignature process to gain control of a wallet and its assets.

免責聲明
本文章可能包含不適用於您所在地區的產品相關內容。本文僅致力於提供一般性信息,不對其中的任何事實錯誤或遺漏負責任。本文僅代表作者個人觀點,不代表 OKX 的觀點。 本文無意提供以下任何建議,包括但不限於:(i) 投資建議或投資推薦;(ii) 購買、出售或持有數字資產的要約或招攬;或 (iii) 財務、會計、法律或稅務建議。 持有的數字資產 (包括穩定幣和 NFTs) 涉及高風險,可能會大幅波動,甚至變得毫無價值。您應根據自己的財務狀況仔細考慮交易或持有數字資產是否適合您。有關您具體情況的問題,請諮詢您的法律/稅務/投資專業人士。本文中出現的信息 (包括市場數據和統計信息,如果有) 僅供一般參考之用。儘管我們在準備這些數據和圖表時已採取了所有合理的謹慎措施,但對於此處表達的任何事實錯誤或遺漏,我們不承擔任何責任。OKX Web3 功能,包括 OKX Web3 錢包和 OKX NFT 市場都受 www.okx.com 單獨的服務條款約束。
© 2024 OKX。本文可以全文複製或分發,也可以使用本文 100 字或更少的摘錄,前提是此類使用是非商業性的。整篇文章的任何複製或分發亦必須突出說明:“本文版權所有 © 2024 OKX,經許可使用。”允許的摘錄必須引用文章名稱並包含出處,例如“文章名稱,[作者姓名 (如適用)],© 2024 OKX”。不允許對本文進行衍生作品或其他用途。
展開
相關推薦
查看更多
查看更多