How do we avoid it?
basic ideas
Multi-signature wallets require multiple private keys to sign and authorize a transaction, providing an additional layer of security for users and businesses.
There are different types of scams related to multi-signature wallets, but they are particularly common on the Tron network.
A common multi-signature scam involves tricking users into giving them partial access to the scammer's wallet and tricking them into sending funds to pay transaction fees.
To avoid multi-signature scams, users should keep their personal information private, avoid using strangers' seed phrases or keys, and be wary of fraudulent apps, emails, and websites.
the introduction
Multisignature wallets are especially useful for people who work in teams or who want an extra layer of security. But here’s the catch: scammers can also use multisignature wallets to trick users and steal their cryptocurrency. Let’s take a closer look at how multisignature wallets work and some of the most common multisignature scams.
What is a multi-signature wallet?
In the world of cryptocurrencies, multi-signature wallets are a type of wallet that requires more than one private key to authorize a transaction. They are the digital equivalent of two-factor authentication (2FA), which requires two or more approvals (signatures) before a transaction can take place.
You can set up a multi-signature wallet with different requirements, such as requiring two out of three keys, three out of five keys, etc. It's like having multiple keys to a safe, where one person can't open it without the others.
Multi-signature wallets are commonly used in business collaborations, DAOs, and joint ventures. They can also be useful for family funds or anyone who wants an extra layer of security for their digital assets.
Multi-signature wallets are often used for increased security, so how exactly are these wallets being used to scam people?
What is multi-signature fraud?
The logic behind the scam is quite simple: scammers make victims believe they have full access to their cryptocurrency wallet when in reality they do not. Here is an example of a scammer commenting on a YouTube video:
You may come across many different types of this scam on YouTube, Twitter, Telegram and other social media platforms, but their message will always contain a private key or seed phrase. If this is your first time seeing it, you may fall for the trick and think it is a new user asking for help, but don’t be fooled.
How does multi-signature fraud work?
There are different types of multi-signature scams, and they are especially common on the Tron network because of the way Tron multi-signature wallets work.
Some of the more sophisticated multi-signature scams focus on tricking users into making their wallets multi-signature and adding the scammer as a co-owner. Once the scammers have achieved this level of control, they can effectively hold the funds or, in some cases, steal them outright.
These scams are usually related to phishing or impersonation scams, where scammers pretend to be from a trusted customer support team.
However, one of the most common multi-signature scams is much simpler and does not require users to share their seed phrase or private keys. Instead, it is designed to trick users into sending cryptocurrency to the scammer in an attempt to get funds from their multi-signature wallets. Let’s look at one common example.
Multi-signature fraud lure using SafePal
To illustrate how the scam works, we’ll use the seed phrase shared in the YouTube comment we discussed above. First, we installed the SafePal wallet extension and imported the scammer’s wallet using the seed phrase provided.
With the wallet open, we can see that the scammer has 2,022 USDT in TRC-20 token form on the Tron network. At this point, most victims will try to transfer USDT from the scammer’s wallet.
However, the wallet does not have enough TRX to cover the transaction fees. This is where the victim is tricked into sending TRX to the scammer’s wallet.
The scammer preys on greedy victims who rush to open the wallet in an attempt to grab the funds. They quickly send cryptocurrency to the wallet to pay the fees, but soon realize that they cannot make any transactions because it is a multi-signature wallet.
Remember that these wallets require multiple private keys (signatures) to approve a transfer. So even if you have one of the keys, you won't be able to sign transactions.
The good news is that if you fall victim to such scams, you will likely lose a relatively small amount of cryptocurrency (whatever value you sent to pay the network’s transaction fees). However, the more sophisticated multi-signature scams we mentioned earlier can directly target your cryptocurrency wallet, which can result in much larger losses.
Verify the scammer's wallet address
If we look up the scammer’s wallet address (ending in Kk78Z) on the TronScan blockchain explorer, we will notice that the account is controlled by another address (ending in bHCoc). This is what a multi-signature wallet on the Tron network looks like.
Tron multi-signature wallets can be set up in several different ways. Wallet permissions can be customized according to the amount granted to each multi-signature account.
In the example above, the scammer's account (ending in bHCoc) has full access to the multi-signature wallet ("owner's permission"), while the account used to lure victims (ending in Kk78Z) has only limited functionality.
How to Avoid Multi-Signature Scams
To avoid multi-signature fraud and other types of fraud, you should keep your personal information private, avoid using a stranger's seed phrases or private keys, and be wary of phishing emails and websites.
1. Keep your private keys and seed phrases private.
No legitimate company, wallet provider, or cryptocurrency exchange will ask for your private keys or seed phrases. Keep them in a safe place and don’t share them with anyone.
2. Stick to official wallet apps and programs
Only use wallet software and apps that come from trusted, official sources. There are many fake cryptocurrency wallets and exchanges out there, so double-check the link and verify the authenticity of the app before using it.
3. Audit your wallet permissions regularly.
It is a good habit for multi-signature users to check who has access to your wallet on a regular basis. Most wallets allow you to review permissions in the settings. If you discover any unauthorized sites, you should remove them immediately. You should also remove permissions for DeFi apps that you no longer use.
4. Use hardware wallets for added security
Hardware wallets are physical devices that store your cryptocurrency offline. Even if someone hacks your multi-signature setup, they won’t be able to transfer funds without the physical confirmation of the hardware wallet.
5. Enable 2FA
Most wallet providers and trading platforms offer two-factor authentication. Enabling it can add an extra layer of security, preventing unauthorized access to your wallet.
6. Always be informed
Cryptocurrency security is an ever-evolving field. New scams and tactics emerge regularly, so it’s important to stay informed and up-to-date on the latest threats and security best practices.
7. Wallet Warnings
Unfortunately, it’s not always easy to tell whether a wallet is multi-signature or not. However, due to the increasing number of scams, some wallet providers have added security features that warn users of potentially dangerous wallets.
Below are examples from SafePal and Trust Wallet, to warn users that funds may be blocked.
Closing thoughts
Multi-signature wallets add extra security to cryptocurrency transactions, but scammers have found ways to exploit this feature to trick users. From phishing attempts to transaction fee traps, knowing how these scams work can help you stay safe.
Always secure your private keys, audit wallet permissions, and double-check for scams before clicking on any links or transferring funds. By staying informed, you can use multi-signature wallets with confidence and avoid falling victim to scams.
