Key Points
Multi-signature wallets require multiple private keys to sign and authorize transactions, providing users and businesses with additional security.
There are many types of scams related to multi-signature wallets, with the scams on the Tron network being the most common.
In a common multi-signature scam, the scammer grants the user partial access to their wallet and tricks the user into transferring funds to pay so-called transaction fees.
To prevent multi-signature scams, users should keep personal information strictly confidential, avoid using strangers' mnemonic phrases or private keys, and be wary of fraudulent apps, emails, and websites.
Introduction
Multi-signature wallets are ideal for users who require teamwork or seek additional security. However, it should be noted that scammers sometimes also exploit multi-signature wallets to deceive users and steal their cryptocurrencies. Next, we will take a detailed look at how multi-signature wallets operate and some common multi-signature scams.
What is a multi-signature wallet?
In the cryptocurrency field, a multi-signature wallet is a wallet that requires multiple private keys to authorize a transaction. This mechanism is similar to a digital version of two-factor authentication (2FA), requiring two or more authorizations (signatures) to conduct a transaction.
Multi-signature wallets can have different authorization requirements set, such as '3 keys require 2 authorizations' or '5 keys require 3 authorizations', etc. This design is similar to a vault's multi-key system, where no one can open it alone without obtaining others' authorizations.
Multi-signature wallets are commonly used in business collaborations, decentralized autonomous organizations (DAO), and joint ventures. For family funds or users looking to further enhance the security of their digital assets, multi-signature wallets are also a good choice.
Multi-signature wallets are designed to enhance security, so how do criminals utilize their mechanism to design scams?
What is a multi-signature scam?
The logic behind this scam is not complex: scammers make victims believe they can completely control a certain cryptocurrency wallet, when in fact they cannot. Here’s an example of a comment from a scammer below a YouTube video:
You may encounter various forms of this scam on social media platforms like YouTube, X, or Telegram, but the essence remains the same. These messages usually contain private keys or mnemonic phrases. If you are encountering this type of information for the first time, you might mistakenly think that a new user is seeking help, but be sure to stay vigilant and do not fall for the scam.
How do multi-signature scams work?
There are many types of multi-signature scams, and due to the unique operation mechanism of Tron multi-signature wallets, such scams are particularly common on the Tron network.
Some complex multi-signature scams entice users to set up multi-signatures for their wallets and add the scammer as a co-owner. Once the scammer gains this permission, they can control the flow of funds and even directly steal users' assets in some cases.
Such scams are often combined with phishing or impersonation schemes. Scammers may pose as trusted customer service representatives to gain the victim's trust.
However, the most common multi-signature scams are much simpler. These scams usually do not require victims to disclose mnemonic phrases or private keys but rather lure victims into transferring cryptocurrency to the scammer through their multi-signature wallet to defraud funds. Here’s a typical case.
SafePal multi-signature scam bait
To illustrate how such scams work, we will use the mnemonic phrase provided in the aforementioned YouTube comment as an example. First, the user needs to install the SafePal wallet plugin and import their wallet using the mnemonic phrase provided by the scammer.
After opening the wallet, we can see that the scammer holds 2,022 USDT (TRC-20 tokens) on the Tron network. At this point, most victims will attempt to transfer these USDT out of the scammer's wallet.
However, there are not enough TRX in the wallet to pay for the transaction fees. At this time, the victim may believe that by transferring a small amount of TRX to the scammer's wallet, they will be able to smoothly withdraw these USDT.
The scammer's target is to lure greedy victims trying to steal funds. These victims are usually eager to act and quickly send cryptocurrency to the scammer's wallet to pay for fees. However, after the victim transfers the funds, they will soon discover that they cannot complete the transaction because this is a multi-signature wallet.
In a multi-signature wallet, completing a transfer requires the joint authorization of multiple private keys (signatures). Even if the victim has one key, they cannot complete the transaction signature alone.
Fortunately, victims of such scams usually only lose a small amount of cryptocurrency used to pay for Gas fees. However, the more complex multi-signature scams mentioned earlier may directly target your cryptocurrency wallet, leading to more severe losses.
Verify the scammer's wallet address
If we search for the scammer's wallet address (ending in Kk78Z) on TronScan blockchain explorer, we find that this account is actually controlled by another address (ending in bHCoc). This is characteristic of multi-signature wallets on the Tron network.
Tron multi-signature wallets can be set up in various ways. The permissions of the wallet can be customized based on the weight assigned to each multi-signature account.
In the example above, the scammer's account (ending in bHCoc) has full access to the multi-signature wallet (i.e., 'owner permissions'), while the wallet account used to lure victims (ending in Kk78Z) only has limited functions.
How to prevent multi-signature scams
To prevent multi-signature scams and other types of fraud, you should keep personal information strictly confidential, avoid using strangers' mnemonic phrases or private keys, and be wary of phishing emails and websites.
1. Keep private keys and mnemonic phrases secure
No legitimate company, wallet provider, or cryptocurrency exchange will ask you for your private keys or mnemonic phrases. Be sure to keep this information secure and never share it with others.
2. Only use official wallet apps and software
Ensure that you only use wallet software and apps from trusted official sources. Many counterfeit cryptocurrency wallets and trading platforms exist on the market, so make sure to verify the website and validate the authenticity of the app before use.
3. Regularly review wallet permissions
For users of multi-signature wallets, it is recommended to regularly check who has access to your wallet. You can view permissions in the settings of most wallets. If you find unauthorized signatures, delete them immediately. You should also revoke permissions for DeFi apps that you no longer use.
4. Use hardware wallets to enhance security
Hardware wallets are physical devices that can store cryptocurrency offline. Even if your multi-signature setup is compromised, attackers cannot transfer your funds without physical confirmation through the hardware wallet.
5. Enable two-factor authentication (2FA)
Most wallet providers and trading platforms offer two-factor authentication (2FA). Enabling this feature can effectively enhance security and prevent unauthorized access to your wallet.
6. Stay updated with the latest information
The cryptocurrency security field is rapidly evolving, with new scams and attack methods emerging continuously. It is crucial to stay informed about the latest threats and best security practices.
7. Wallet warnings
Unfortunately, it is not easy to determine whether a wallet is a multi-signature wallet. However, as scams become more rampant, some wallet providers have added security features to alert users to wallets that may pose potential risks.
Here are warning examples from SafePal and Trust Wallet that inform users that their funds have been frozen.
Conclusion
Multi-signature wallets can enhance the security of cryptocurrency transactions, but scammers have also found opportunities within them. From phishing to transaction fee traps, various scam methods abound, and understanding these tactics can effectively protect your asset security.
Developing good security habits is crucial. Please keep your private keys secure, regularly check wallet permissions, and carefully assess any links or transfers for potential scam risks before clicking. Staying vigilant and aware of the latest information will allow you to use multi-signature wallets with greater peace of mind, away from scam threats.
Further Reading
Disclaimer: The content of this article is provided 'as is' for general informational and educational purposes and does not constitute any representation or warranty. This article does not constitute financial, legal, or other professional advice and is not intended to suggest the purchase of any specific products or services. You should seek advice from appropriate professional consultants. If this article is submitted by a third party, please note that the views expressed belong to the third-party contributor and do not necessarily reflect the views of Binance Academy. For details, please click here to read the full disclaimer. The prices of digital assets may fluctuate. The value of your investment may go down or up, and you may not be able to recover your principal investment. You are solely responsible for your investment decisions, and Binance Academy is not responsible for any losses you may incur. This article does not constitute financial, legal, or other professional advice. For details, please refer to our (Terms of Use) and (Risk Warning).