Key Points

  • Multisig wallets require multiple private keys to sign and authorize transactions to offer an additional layer of security for users and businesses.

  • There are different types of scams related to multisig wallets, but these scams are especially common on the Tron network.

  • Multisig scams typically involve tricking users by giving them partial access to the scammer's wallet, then tricking them into sending funds to pay transaction fees.

  • To avoid multisig fraud, users should keep their personal information private, avoid using strangers' seed phrases or keys, and be wary of fraudulent apps, emails, and websites.

spanduk cta penipuan multisig

Introduction

Multisig wallets are especially useful for people who work in teams or who want an extra layer of security. However, the risk is that fraudsters can also use multisig wallets to trick users and steal their cryptocurrency. Let’s take a deeper look at how multisig wallets work and some of the most common multisig scams.

What is a Multisig Wallet?

In the cryptocurrency world, a multisig (multi-signature) wallet is a type of wallet that requires more than one private key to authorize a transaction. It is like the digital equivalent of two-factor authentication (2FA), as it requires two or more approvals (signatures) before a transaction can occur.

You can set up a multisig wallet with different requirements, such as requiring two of three keys or three of five, and so on. It's like having multiple keys to a safe that no one person can open.

Multisig wallets are commonly used in business collaborations, DAOs (decentralized autonomous organizations), and joint ventures. They can also be useful for family funds or anyone who wants a little extra security for their digital assets.

Multisig wallets are often used to increase security, so how exactly are they used to scam people?

What Is Multisig Fraud?

The logic behind this scam is quite simple: The scammer makes the victim believe that they have full access to the crypto wallet, when in fact they do not. Here is an example of a comment from a scammer on a YouTube video:

contoh penipuan multisig youtube

You may come across many variations of this scam on YouTube, Twitter, Telegram, or other social media platforms, but the message will always include a private key or seed phrase. If this is your first time seeing it, you may be fooled into thinking it’s a new user asking for help. However, don’t be fooled.

How Does Multisig Scam Work?

There are different types of multisig scams. These scams are very common on the Tron network because of the way Tron multisig wallets work.

Some more sophisticated multisig scams focus on tricking users into making their wallets multisig, then adding the fraudster as a co-owner. Once the fraudster gains this level of control, they can effectively trap funds or, in some cases, steal them outright.

These scams are usually related to phishing or identity theft scams where scammers pretend to be from a reliable customer support team.

However, one of the most common multisig scams is much simpler and does not require users to share their seed phrase or private keys. Instead, these scams are designed to trick users into sending crypto to the scammer in an attempt to get funds from their multisig wallet. Let’s look at a common example.

Multisig scam bait using SafePal

To illustrate how this scam works, we’ll use the seed phrase shared in the YouTube comment we discussed above. First, we install the SafePal wallet extension and import the scammer’s wallet using the seed phrase provided.

With the wallet open, it is visible that the scammer has 2,022 USDT as TRC-20 tokens on the Tron network. At this point, most victims will try to transfer USDT out of the scammer’s wallet.

penipuan multisig safepal

However, the wallet does not have enough TRX to cover the transaction fee. This is where the victim is tricked into sending TRX to the fraudulent wallet.

Scammers prey on greedy victims who rush to open a wallet in an attempt to withdraw funds. They quickly send crypto to the wallet to pay the fee, but soon realize they can’t make any transactions because the wallet is a multisig wallet.

Remember, this wallet requires multiple private keys (signatures) to approve a transfer. So, even if you have one of the keys, you won't be able to sign the transaction.

The good news is that if you fall victim to such a scam, you may lose a small amount of crypto (i.e., the amount you sent to pay the gas fee). However, the more sophisticated multisig scams we mentioned earlier can target your crypto wallet directly, potentially causing much larger losses.

Checking the fraudster's wallet address

If we search for the fraudulent wallet address (ending with Kk78Z) on the blockchain explorer TronScan, we will see that the account is controlled by another address (ending with bHCoc). Here is what a multisig wallet looks like on the Tron network.

penipuan multisig jaringan tron

Tron multisig wallets can be set up in a variety of ways. Wallet permissions can be adjusted based on the weight given to each multisig account.

In the example above, the scammer account (ending in bHCoc) has full access to the multisig wallet (“Owner Permission”), while the account used to bait the victim (ending in Kk78Z) only has limited functionality.

How to Avoid Multisig Fraud

To avoid multisig fraud and other types of fraud, you should keep your personal information private, avoid using strangers' seed phrases or private keys, and be wary of phishing emails and websites.

1. Keep your private key and seed phrase confidential

No legitimate company, wallet provider, or crypto exchange will ever ask for your private key or seed phrase. Keep it in a safe location and never share it with anyone.

2. Only use official wallet apps and software

Only use wallet software and apps that come from trusted, official sources. There are many fake crypto wallets and exchanges. So, double-check the URL and verify the authenticity of the app before using it.

3. Audit your wallet permissions regularly

A good habit for multisig users is to regularly check who has access to your wallet. Most wallets will allow you to review permissions in the settings. If there are any unauthorized signers, remove them immediately. You should also remove permissions from DeFi apps that you no longer use.

4. Use a hardware wallet for additional security

Hardware wallets are physical devices that store your crypto offline. Even if someone breaks into your multisig setup, they won’t be able to move funds without physical confirmation from the hardware wallet.

5. Enable two-factor authentication (2FA)

Most wallet providers and exchanges offer 2FA. Enabling it can add an extra layer of security, preventing unauthorized access to your wallet.

6. Get the latest information

Cryptocurrency security is an ever-evolving field. New scams and tactics emerge regularly, so it’s important to stay informed and learn about the latest threats and best security practices.

7. Wallet alert

Unfortunately, it’s not always easy to tell whether a wallet is multisig or not. However, due to the rise in fraud, some wallet providers have added security features that warn users about potentially malicious wallets.

Here are examples from SafePal and Trust Wallet warning users that funds are blocked.

peringatan penipuan multisig safepalperingatan penipuan multisig trust wallet

Cover

Multisig wallets add extra security to crypto transactions, but scammers have found ways to exploit this feature to trick users. From phishing attempts to transaction fee traps, knowing how these scams work can help you stay safe.

Make it a habit to secure your private keys, audit your wallet permissions, and double-check for fraud before clicking any links or transferring funds. By staying vigilant and informed, you can use your multisig wallet with confidence and avoid getting scammed.

Further Reading

Disclaimer: This content is provided to you on an “as is” basis for general information and educational purposes only without any representation or warranty of any kind. It should not be construed as financial, legal, or other professional advice or intended to recommend the purchase of any particular product or service. You should seek advice from an appropriate professional advisor. Where the article is contributed by a third party contributor, please note that the views expressed are those of the third party contributor and do not necessarily reflect the views of Binance Academy. Please read our full disclaimer here for more details. Digital asset prices can be volatile. The value of your investment may go down as well as up. You may not get back the amount you invested. You are solely responsible for your investment decisions. Binance Academy is not responsible for any losses that you may incur. This material should not be construed as financial, legal, or other professional advice. For more information, please read our Terms of Use and Risk Warning.