The first one is that the user actively sets up a multi-signature
Some novices mistakenly set up multi-signature when exploring the wallet function. When transferring assets, due to the multi-signature setting, at least two wallet addresses are required to jointly sign and confirm the transaction. At this time, the user's only wallet cannot complete the entire transaction, resulting in transaction obstruction.
This situation is caused by user error, and the user's assets are still safe. This situation is relatively simple to solve. The user only needs to meet the multi-signature requirements when trading, or cancel the multi-signature setting and execute the transaction with a single signature.
The second is that the user's private key is leaked, resulting in multiple signatures by others
The most common scenario is that users download fake wallets from phishing websites. When users use fake wallet software, they will also generate private keys and mnemonics.
However, fake wallets may steal private keys/mnemonics, which means that the control of the user's wallet is lost; at this time, through the multi-signature mechanism, the thief can set his and your addresses to multi-signature, and when the user transfers money alone, he will find that it cannot be done smoothly. The other party has your private key and cooperates with his multi-signature account to transfer your funds.
The third is that others deliberately leak the private key by phishing, resulting in the inability to retrieve the transferred funds
Although this method is old, it is also a disaster area for novices. The scammer directly discloses his wallet private key to you, and there are often other assets in the wallet that are not small. He may lie that he does not know how to operate it, and ask you to help him operate the wallet to transfer a certain amount of TRX, and transfer out an equal amount of stablecoin assets.
The user may think that he has taken advantage of the other party, import the other party's private key or mnemonic, and transfer TRX to the wallet. At this time, the multi-signature trap will be triggered.
The wallet given by the scammer has actually been set up as a multi-signature wallet. Therefore, even if you get his private key at this time, you will not be able to operate the assets in it smoothly, and the assets you transferred will be gone forever.
The fourth type is clicking on a phishing link that causes a change in permissions
This may be caused by the user clicking on a phishing link, which causes the wallet's permissions to be changed. For example, scammers create a website that allows users to purchase various cards or recharge at low prices. When users use the link they provide to recharge, the malicious permission-elevation code will be called. After the user directly confirms and enters the password to sign, the permissions of their wallet address will be changed.
The actual case provided by TP Wallet shows that when a user clicks on a phishing link to transfer money, the wallet will directly give a prompt to inform the user that this operation is not a simple transfer, but a function of "calling to upgrade account permissions". Once the user clicks to confirm, it means authorizing the scammer to sign multiple times. When the user's wallet address is maliciously signed, there will be problems with the transfer at this time, and it is also possible that the other party will use more permissions to transfer funds.