What Are Multisig Scams and How to Avoid Them?
Key Takeaways
Multisig wallets require multiple private keys to sign and authorize a transaction, offering an added layer of security for users and businesses.
There are different types of scams related to multisig wallets, but they are particularly common on the Tron network.
A common multisig scam involves deceiving users by giving them partial access to a scammer’s wallet and tricking them into sending funds to pay transaction fees.
To avoid multisig scams, users should keep their personal information private, avoid using strangers’ seed phrases or keys, and watch out for fraudulent apps, emails, and websites.
Introduction
Multisig wallets are especially useful for people working in teams or those who want an extra layer of security. But here’s the catch: scammers can also use multisig wallets to trick users and steal their cryptocurrencies. Let’s take a closer look at how multisig wallets work and some of the most common multisig scams.
What Is a Multisig Wallet?
In the cryptocurrency world, a multisig (multi-signature) wallet is a type of wallet that requires more than one private key to authorize a transaction. They are like the digital equivalent of two-factor authentication (2FA), requiring two or more approvals (signatures) before a transaction can happen.
You can set up a multisig wallet with different requirements, such as needing two out of three keys or three out of five, and so on. It’s like having multiple keys to a vault, where no one person can unlock it without the others.
Multisig wallets are commonly used in business collaborations, DAOs (decentralized autonomous organizations), and joint ventures. They can also be useful for family funds or anyone who wants a bit of added security for their digital assets.
Multisig wallets are often used to increase security, so how exactly are these wallets being used to scam people?
What Is a Multisig Scam?
The logic behind the scam is quite simple: scammers make victims believe they have full access to a crypto wallet when, in reality, they don’t. Below is an example of a scammer comment on a YouTube video:
You might come across many variations of this scam on YouTube, Twitter, Telegram, and other social media platforms, but their message will always include a private key or a seed phrase. If it’s your first time seeing it, you might be tricked into thinking it’s a new user asking for help, but don’t get fooled.
How Does a Multisig Scam Work?
There are different types of multisig scams, and they are particularly common on the Tron network due to the way Tron multisig wallets work.
Some of the more elaborate multisig scams focus on tricking users into making their wallets multisig and adding the scammer as a co-owner. Once the scammers gain this level of control, they can effectively trap the funds or, in some cases, steal them directly.
These scams are usually related to phishing or impersonation fraud, where scammers pretend to be from a reliable customer support team.
However, one of the most common multisig scams is much simpler and doesn’t require users to share their seed phrase or private keys. Instead, it’s designed to trick users into sending crypto to the scammer in an attempt to get funds from their multisig wallet. Let’s go through a common example.
Multisig scam bait using SafePal
To illustrate how the scam works, we will use the seed phrase shared in the YouTube comment we discussed above. First, we installed the SafePal wallet extension and imported the scammer’s wallet using the seed phrase provided.
With the wallet open, we can see that the scammer has 2,022 USDT as a TRC-20 token in the Tron network. At this point, most victims will try to transfer the USDT out of the scammer’s wallet.
However, the wallet doesn’t have enough TRX to pay for transaction fees. This is where the victim is tricked into sending TRX to the scammer’s wallet.
The scammer preys on greedy victims who rush to open the wallet in an attempt to take the funds. They quickly send crypto to the wallet to pay for fees but soon realize they can’t make any transactions because it’s a multisig wallet.
Remember, these wallets require multiple private keys (signatures) to approve a transfer. So, even if you have one of the keys, you won’t be able to sign transactions.
The good news is that if you fall victim to such a scam, you are probably losing a relatively small amount of crypto (whatever value you sent to pay for gas fees). However, the more sophisticated multisig scams we mentioned earlier can target your crypto wallet directly, potentially leading to much bigger losses.
Checking the scammer’s wallet address
If we search for the scammer’s wallet address (ending in Kk78Z) on the TronScan blockchain explorer, we will notice that the account is controlled by another address (ending in bHCoc). This is what a multisig wallet looks like on the Tron network.
Tron multisig wallets can be set up in many different ways. The wallet’s permission can be customized according to the weight given to each multisig account.
In the example above, the scammer’s account (ending in bHCoc) has full access to the multisig wallet (“Owner Permission”), while the account used to bait victims (ending in Kk78Z) has only limited functionality.
How to Avoid Multisig Scams
To avoid multisig scams and other types of fraud, you should keep your personal information private, avoid using stranger’s seed phrases or private keys, and watch out for phishing emails and websites.
1. Keep your private keys and seed phrases private
No legitimate company, wallet provider, or crypto exchange will ever ask for your private keys or seed phrases. Keep them in a secure location and never share them with anyone.
2. Stick to official wallet apps and software
Only use wallet software and apps that come from trusted, official sources. There are many fake crypto wallets and exchanges, so double-check the URL and verify app authenticity before using them.
3. Regularly audit your wallet permissions
A good habit for multisig users is to check who has access to your wallet on a regular basis. Most wallets will let you review permissions in the settings. If you spot any unauthorized signatories, remove them immediately. You should also remove permissions of DeFi apps you no longer use.
4. Use hardware wallets for added security
Hardware wallets are physical devices that store your crypto offline. Even if someone compromises your multisig setup, they won’t be able to move funds without the hardware wallet's physical confirmation.
5. Enable two-factor authentication (2FA)
Most wallet providers and exchanges offer 2FA. Enabling it can add an extra layer of security, preventing unauthorized access to your wallet.
6. Stay informed
Cryptocurrency security is an ever-evolving field. New scams and tactics appear regularly, so it’s important to stay informed and keep learning about the latest threats and best security practices.
7. Wallet warnings
Unfortunately, it’s not always easy to tell if a wallet is multisig or not. However, due to the growing number of scams, some wallet providers have added security features that warn users about potentially dangerous wallets.
Below are examples from SafePal and Trust Wallet, warning users that funds are blocked.
Closing Thoughts
Multisig wallets add extra security to crypto transactions, but scammers have found ways to exploit this feature to trick users. From phishing attempts to transaction fee traps, knowing how these scams work can keep you safe.
Make a habit of securing private keys, auditing wallet permissions, and double-checking for scams before clicking any link or transferring funds. By staying aware and informed, you can use multisig wallets confidently and avoid getting caught in a scam.
Further Reading
5 Ways to Improve Your Binance Account Security
What Is a Multisig Wallet?
How Binance Fights Financial Crime
Disclaimer: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial, legal or other professional advice, nor is it intended to recommend the purchase of any specific product or service. You should seek your own advice from appropriate professional advisors. Where the article is contributed by a third party contributor, please note that those views expressed belong to the third party contributor, and do not necessarily reflect those of Binance Academy. Please read our full disclaimer here for further details. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance Academy is not liable for any losses you may incur. This material should not be construed as financial, legal or other professional advice. For more information, see our Terms of Use and Risk Warning.