此网页仅供信息参考之用。部分服务和功能可能在您所在的司法辖区不可用。

TRON wallet multisignature scams: what they are and how to avoid them

As blockchain technology becomes more widespread, the security of digital assets is increasingly critical. Towards this end, the multisignature (multisig) mechanism is a security measure that's gaining attention and adoption among users. Through this system, a wallet can be controlled by multiple users, requiring several signatures to complete a transaction. This can be compared to a safe that needs multiple keys to open — only when all keyholders cooperate can the safe be accessed.

TRON wallets adopt multisig transactions to help safeguard user assets. However, the product is inevitably the target of scams as bad actors seek out vulnerabilities in order to steal funds. In this article, we'll delve into the application of multisig in TRON wallets and how you can guard against potential scams.

TL;DR

  • Although TRON ecosystem wallets use multisignatures for robust security, bad actors have found ways to manipulate the technology to commit fraud.

  • Multisignature wallets can be programmed to require more than one private key to be used to complete transactions, adding an additional layer of security.

  • Multisignature wallets are an alternative to single-signature wallets, which allows transactions to be made using a single private key.

  • Common TRON multisignature scams include bad actors claiming to need TRX for transaction fees to convince victims to share TRX tokens. Another scam involves tricking victims into sharing their private keys or seed phrases before changing the signing mechanism to maliciously gain control of assets.

  • You can prevent TRON wallet multisignature scams by protecting private keys, avoiding clicking suspicious links, frequently checking account permissions for unauthorized addresses, and only downloading wallet software from official sources.

Difference between single-signature and multisignature wallets

On cryptocurrency networks, standard transactions are called single-signature transactions because they require only one wallet signature to be completed. Single-signature wallets also need only one private key to authorize transactions, making them user-friendly for individual users or scenarios without complex permission management.

In contrast, blockchains like TRON support multisig mechanisms. A multisig wallet allows an account to be managed by multiple private keys, and transactions need several private key signatures to be executed. Each signer in a multisig setup is given a weight, indicating their importance in the transaction process. The total weight of signatures must reach a predefined threshold to authorize the transaction. For instance, if the threshold is two, it means either one signer with a weight of two or multiple signers with combined weights equal to or exceeding two are required. The number of signatures needed is based on the threshold and can be configured according to specific requirements.

TRON multisig scenarios

Based on user interactions, the following scenarios may lead to multisig setups:

1. User self-initiated multisig setup

  • Some users might accidentally enable multisig while exploring wallet functions. When transferring assets, they find that at least two wallet addresses are required to sign and confirm the transaction, causing a transaction failure.

  • Solution: This issue stems from user error. The assets remain secure, and users only need to meet the multisig requirements or disable the multisig setting to execute transactions with a single signature.

2. Importing private keys or seed phrases from the web

  • Users might import private keys or seed phrases from online sources, unaware that these wallets are already set as multisig. When attempting to transfer assets, they find the wallet requires multiple signatures.

  • Solution: Avoid importing private keys or seed phrases from untrusted sources. Make sure that the source of private keys and seed phrases is reliable.

3. Leaking private keys or seed phrases to scammers

  • Users unknowingly disclose their private keys or seed phrases to scammers, who then set up the wallet as multisig, preventing the user from independently transferring assets.

  • Solution: Never share your private keys or seed phrases with anyone, even if they claim to be technical support or a friend. Keep these details in a secure place that only you can access.

TRON wallets multisignature permissions
You can view the addresses of authorized signers using the TRON block explorer

4. Clicking on third-party malicious links

  • Users click on phishing links that lead to wallet permission changes. Scammers create websites offering discounted gift cards or top-ups, enticing users to click the links and make purchases. These sites execute code to elevate permissions maliciously. Once users confirm and input their password for the transaction, their wallet permissions are altered, granting scammers multisig control.

  • Solution: Avoid clicking on links from unknown sources. Regularly check wallet account permissions to ensure no unauthorized accounts have been added as multisig accounts.

TRON wallet third-party risk 1
TRON wallet third-party risk 2
Be cautious by regularly checking that no authorized accounts have been added as a multisig account

Common multisig scams

Criminals use various tactics to perform multisig scams that you need to be aware of.

1. Shared private key or seed phrase scam

  • Scammers share private keys or seed phrases of wallets with assets, claiming they lack the TRX (the TRON network's token) for transaction fees, and therefore need assistance. Users send TRX to cover transaction fees into the wallet, but discover they can't transfer the wallet assets.

  • Example: Recently, some users on X and Telegram received such requests from scammers: "I have 100-1000 USDT in my wallet, but the wallet doesn't have enough TRX, which is needed for transaction fees. Here are my wallet address, private key, and seed phrase. If you can help me transfer, I'll reward you with a few hundred USDT from the wallet." A user responds, thinking the wallet holder is a new user, and offers help. After importing the private key or seed phrase, they see the balance but can't transfer it. The scammer then asks for TRX for transaction fees, but even after sending it, the transfer still fails, as the wallet was initially set up as a multisig wallet and users won’t have the full authorization to transfer the asset out of the wallet.

2. Private key or seed phrase leak scam

  • Scammers obtain users' private keys or seed phrases and change the signing mechanism without consent. When users attempt to transfer assets, they find the wallet requires multiple signatures, and the scammer can transfer the assets.

  • Example: When scammers get hold of a user's seed phrase or private key, they can modify the account permissions, making the wallet jointly controlled by the user and scammer address. The scammer sets a threshold of three, giving their own address a weight of two and the user address a weight of one. The user can’t perform any transaction alone, as their address weightage is insufficient. However, the scammer, with their higher weightage, can transfer assets out of the wallets. Users might not notice until they try to use the wallet, but by then their assets could already be compromised.

How to Identify a TRON multisig wallet

  1. Using TRON block explorer: Enter the wallet address in the search bar and check if "Owner Permission" or "Active Permission" is authorized to two or more accounts.

TRON block explorer
The TRON block explorer is a useful tool when managing authorized accounts related to a wallet

2. Checking account permissions: In the TRON wallet app, review the account permission settings.

Validating TRON account permissions
You can check account permissions directly in the TRON wallet app

How to prevent multisig scams

  1. Protect private keys and seed phrases: Never share these sensitive details with anyone.

  2. Avoid clicking suspicious links: Don't click on links from unknown sources, especially those disguised as transaction or authorization links.

  3. Regularly check account permissions: Make sure no unauthorized addresses are added to your multisig account. Deactivate any wallets compromised by third-party multisig.

  4. Use official channels only: Download wallet software from official sources and avoid using software from unknown origins.

The final word

The multisig mechanism is an effective security measure, but it's essential you remain alert to security risks and protect your private keys and seed phrases. Understanding the multisig mechanism and common scams can help you to protect your digital assets and avoid falling into traps. Let’s work together to safeguard our digital assets, stay vigilant, and enhance the security of the crypto world.

FAQs

The TRON network supports multiple different wallets built for a variety of user needs. This includes hardware wallets, software wallets, and web-based wallets. These wallets support users in storing and transacting with their TRX tokens, and allow users to also interact with decentralized applications built on the TRON blockchain.

In the context of wallets, multisignature refers to a security measure built into the wallet. Multisignature wallets can be controlled by multiple users and can be programmed to require numerous different keys to complete a transaction. As a result, it's possible that no single user can access the wallet and its assets alone.

Where a multisignature wallet can be accessed and used with multiple private keys, single-signature wallets only require one private key for transactions to be completed. In multisignature wallets, a minimum weighting threshold must be met to authorize a transaction. Each signer is given a weight which demonstrates their importance in the transaction process. For example, if the minimum weightage is three, a transaction can be made using one signer with a weighting of two and one signer with a weighting of one. Alternatively, the same transaction can be made by one signer with a weighting of three.

A multisignature wallet is theoretically more secure than a single-signature wallet because it requires multiple parties to sign off on a transaction. However, that's not to say multisignature wallets aren't without their risk. The technology is still a target for scammers who attempt to manipulate the multisignature process to gain control of a wallet and its assets.

免责声明
本文章可能包含不适用于您所在地区的产品相关内容。本文仅致力于提供一般性信息,不对其中的任何事实错误或遗漏负责任。本文仅代表作者个人观点,不代表欧易的观点。 本文无意提供以下任何建议,包括但不限于:(i) 投资建议或投资推荐;(ii) 购买、出售或持有数字资产的要约或招揽;或 (iii) 财务、会计、法律或税务建议。 持有的数字资产 (包括稳定币和 NFTs) 涉及高风险,可能会大幅波动,甚至变得毫无价值。您应根据自己的财务状况仔细考虑交易或持有数字资产是否适合您。有关您具体情况的问题,请咨询您的法律/税务/投资专业人士。本文中出现的信息 (包括市场数据和统计信息,如果有) 仅供一般参考之用。尽管我们在准备这些数据和图表时已采取了所有合理的谨慎措施,但对于此处表达的任何事实错误或遗漏,我们不承担任何责任。欧易 Web3 功能,包括欧易 Web3 钱包和欧易 NFT 市场都受 www.okx.com 单独的服务条款约束。
© 2024 OKX。本文可以全文复制或分发,也可以使用本文 100 字或更少的摘录,前提是此类使用是非商业性的。整篇文章的任何复制或分发亦必须突出说明:“本文版权所有 © 2024 OKX,经许可使用。”允许的摘录必须引用文章名称并包含出处,例如“文章名称,[作者姓名 (如适用)],© 2024 OKX”。不允许对本文进行衍生作品或其他用途。
展开
相关推荐
查看更多
查看更多