Key points to remember

  • Multisig wallets require multiple private keys to sign and authorize a transaction, allowing individuals and businesses to enjoy an additional layer of security.

  • There are different types of multisig wallet scams, but these are particularly common on the Tron network.

  • A common multisig scam involves tricking users into giving them partial access to a scammer's wallet and tricking them into sending funds there to pay transaction fees.

  • To avoid multisig scams, users should keep their personal data private, avoid using recovery phrases or keys from strangers, and be wary of fraudulent apps, emails, and websites.

BanniĆØre CTA pour les escroqueries multisig

Introduction

Multisig wallets are especially useful for people working in teams or those looking for an extra layer of security. But thereā€™s a catch: Scammers can also use multisig wallets to scam users and steal their cryptocurrencies. Letā€™s take a closer look at how multisig wallets work and some of the most common multisig scams.

What is a multisig wallet?

In the world of cryptocurrencies, a multisig (multi-signature) wallet is a type of wallet that requires more than one private key to authorize a transaction. They are the digital equivalent of two-factor authentication (2FA), requiring two or more approvals (called signatures) before a transaction can take place.

You can set up a multisig wallet with different requirements, such as two out of three keys or three out of five, etc. The process is similar to having multiple keys to a vault, where no one can unlock it without the other parties.

Multisig wallets are commonly used in business collaborations, DAOs (decentralized autonomous organizations), and joint ventures. They can also be useful for family funds or anyone looking to increase the security of their digital assets.

Multisig wallets are often used to increase security, so how are these wallets used to scam people?

What is a multisig scam?

The logic behind these types of scams is quite simple: scammers trick victims into believing that they have full access to a crypto wallet when in reality, thatā€™s not the case. Hereā€™s an example of a scammerā€™s comment on a YouTube video:

Exemple dā€™escroquerie multisig sur YouTube

You may encounter many variations of this scam on YouTube, X (formerly Twitter), Telegram, and other social media platforms, but their message will always include a private key or a recovery phrase (mnemonic phrase). If this is your first time seeing this type of message, you might be led to believe that it is a new user asking for help, but donā€™t be fooled.

How a Multisig Scam Works

There are different types of multisig scams. These are especially common on the Tron network because of the way Tron's multisig wallets work.

Some of the most elaborate multisig scams aim to trick users into switching their wallets to multisig and adding the scammer as a co-owner. Once the scammers gain this level of control, they can effectively trap the funds or, in some cases, steal them outright.

These scams are usually related to phishing or impersonation scams, where scammers pretend to be from a reputable customer service team.

However, one of the most common multisig scams is much simpler and doesnā€™t require users to share their mnemonic phrase or private keys. Instead, itā€™s designed to trick users into sending cryptocurrencies to the scammer in order to get funds from their multisig wallet. Letā€™s take a closer look at a real-world example.

Multisig scam site via SafePal

To illustrate how this scam works, weā€™ll use the mnemonic phrase shared in the YouTube comment cited above. First, we installed the SafePal wallet extension and imported the scammerā€™s wallet using the recovery phrase provided.

Once the wallet is opened, we can see that the scammer has 2,022 USDT in TRC-20 tokens on the Tron network. At this point, most victims will try to transfer the USDT out of the scammerā€™s wallet.

Escroquerie multisig via SafePal

However, the wallet does not have enough TRX to pay the transaction fees. This is when the victim is tricked into sending TRX to the scammerā€™s wallet.

The latter targets greedy victims who rush to open the wallet in order to grab the funds. These people quickly send cryptocurrencies to the wallet to pay the fees, but soon realize that they cannot make any transactions because it is a multisig wallet.

Keep in mind that these wallets require multiple private keys (signatures) to approve a transfer, so even if you have one of the keys, you won't be able to sign transactions.

The good news is that if you fall victim to such a scam, you will likely lose a relatively small amount of crypto (namely the value you sent to pay gas fees). However, the more sophisticated multisig scams we mentioned above can target your crypto wallet directly, which can result in much larger losses.

Verifying the scammer's wallet address

If we look up the scammerā€™s wallet address (ending in Kk78Z) on the blockchain explorer TronScan, we will notice that the account is controlled by another address (ending in bHCoc). This is what a multisig wallet looks like on the Tron network.

Escroquerie multisig sur le rƩseau Tron

Tron multisig wallets can be configured in a variety of ways. Wallet permission can be customized based on the weight assigned to each multisig account.

In the example above, the scammer's account (ending in bHCoc) has full access to the multisig wallet ("Owner Authorization"), while the account used to lure victims (ending in Kk78Z) has only limited functionality.

Protecting yourself from multisig scams

To avoid multisig scams and other types of fraud, you should keep your personal information private, avoid using mnemonic phrases or private keys from strangers, and be careful of phishing emails and websites.

1. Keep your private keys and mnemonic phrases private

No legitimate company, wallet provider, or crypto exchange will ever ask you for your private keys or recovery phrases. Keep them in a safe place and never share them with anyone.

2. Use official wallet apps and software

Only use wallet software and apps from trusted, official sources. There are many fake wallets and crypto exchanges out there, so check the URL and authenticity of the app before using it.

3. Check your wallet permissions regularly

A good habit for multisig users is to regularly check who has access to their wallet. Most wallets will allow you to check permissions in the settings. If you spot unauthorized signers, remove them immediately. You should also remove permissions from DeFi applications that you no longer use.

4. Use hardware wallets for enhanced security

A hardware wallet is a physical device that stores your crypto offline. Even if someone compromises your multisig setup, they wonā€™t be able to transfer funds without physical confirmation from the hardware wallet.

5. Enable Two-Factor Authentication (2FA)

Most wallet providers and exchanges implement 2FA methods. Enabling these methods can add an extra layer of security, preventing unauthorized access to your wallet.

6. Stay informed

Cryptocurrency security is an ever-evolving field. New scams and tactics emerge regularly, so itā€™s important to stay informed and educate yourself on the latest threats and security best practices.

7. Wallet Warnings

Unfortunately, it is not always easy to tell whether a wallet is multisig or not. However, due to the increasing number of scams, some wallet providers have added security features that warn users of potentially dangerous wallets.

Below are examples from SafePal and Trust Wallet, warning users that funds are blocked.

Avertissement dā€™escroquerie multisig sur SafePalAvertissement dā€™escroquerie multisig sur Trust Wallet

Conclusion

Multisig wallets bring added security to crypto transactions, but scammers have found ways to exploit this feature to trick users. From phishing attempts to transaction fee traps, knowing how these scams work can help you stay safe.

Make it a habit to secure your private keys, verify your wallet permissions, and check for scams before clicking on any links or transferring funds. By staying vigilant and informed, you can use multisig wallets with confidence and avoid being scammed.

For more information

Disclaimer and Risk Warning: This content is provided to you ā€œas isā€ for general informational and educational purposes only, without any representation or warranty of any kind. It should not be construed as financial, legal, or professional advice, or as a recommendation to purchase any specific product or service. You should seek appropriate professional advice before making any decision. Where the article has been written by a third-party contributor, please note that the opinions in the article do not necessarily reflect the views of Binance Academy. Please read our full disclaimer here to learn more. Prices of digital assets can be volatile. The value of your investment may go down as well as up, and you may not get back the amount you invested. You are solely responsible for your investment decisions and Binance Academy is not responsible for any losses you may incur. This content should not be construed as financial, legal, or professional advice. For more information, please refer to our Terms of Use and Risk Warning.