Security is of utmost importance in the cryptocurrency space. There is a new scam that has been popping up frequently in the community, the so-called "multi-signature wallet hack" scam. Scammers take advantage of users' lack of understanding of technical details and confuse users with complex operations and terminology in order to steal their funds. This article will explain in detail how this scam works and provide some protection measures to help you avoid being deceived!

Types of Cryptocurrency Wallets?

A cryptocurrency wallet is a digital tool that interacts with a blockchain network and is used to store public and private keys, enabling users to send, receive digital currencies and monitor their balances.

There are different types of cryptocurrency wallets:

  • Hot wallets: These wallets are connected to the internet and are easy to set up and use, but are vulnerable to cyber threats.

  • Cold wallets: They are not connected to the internet and are therefore less vulnerable to cyber threats.

  • Hardware wallet: A physical device that can securely store a user’s private keys offline.

  • Paper wallet: A physical copy or printout of a user's public and private keys.

The security of a cryptocurrency wallet depends largely on how well the private keys are protected, as private keys allow users to access and manage digital assets.

What is a multi-signature wallet?

A multi-signature wallet is a cryptocurrency wallet that requires multiple signatories to authorize transactions. It works similarly to a joint signature account at a bank, which requires the consent of multiple people to perform fund operations. Let's explain the working mechanism of a multi-signature wallet through a simple example.

A and B's multi-signature wallets

Assume that A and B are two partners who decide to use a multi-signature wallet to jointly manage their cryptocurrency assets to improve the security of their funds. Here are the specific steps:

  1. Create a multi-signature wallet
    A and B jointly create a multi-signature wallet and set the rule that any transaction must be signed by at least two of the two people before it can be executed. This setup is often called a "2-of-2" multi-signature wallet.

  2. Generate wallet address
    The system generates a multi-signature wallet address for A and B, and they can deposit funds into this address. Funds can only be transferred out of this address if the signing rules are met.

  3. Deposit Funds
    A and B deposit a portion of their cryptocurrency into a multi-signature wallet address. These funds are now locked in the multi-signature wallet, and any transaction requires the joint signature of A and B.

  4. Initiate a transaction
    Suppose A wants to transfer some funds from the multi-signature wallet. He initiates a transaction request and signs the transaction. At this point, the transaction does not take effect immediately.

  5. Co-sign
    After receiving A's transaction request, B also signs the transaction. Now, the transaction has met the "2-of-2" signing requirement.

  6. Execute a trade
    After the system verifies the signatures of A and B, it confirms that the transaction is valid and transfers the funds from the multi-signature wallet address to the specified receiving address.

Advantages of multi-signature wallets

  1. Improved safety
    Even if the private key of one of A or B is stolen, the transaction cannot be carried out with the signature of one person alone. The transaction can only be executed after the signatures of both parties are jointly authenticated, thus improving the security of funds.

  2. Preventing single points of failure
    Multi-signature wallets can effectively prevent the loss of funds due to the loss or theft of a single private key. Even if the private key of A or B is lost, the other person can still restore control through the multi-signature mechanism.

  3. Wide range of applications
    Multi-signature wallets are particularly suitable for businesses, family finances and decentralized organizations (DAOs) because they require multiple parties to make decisions together, improving the transparency and security of fund management.

I need to talk about this here. Maybe many people have doubts about the second point. Why if one person’s private key is lost, another person can regain control through the multi-signature mechanism. Isn’t this contradictory to the first point?

In fact, the design of multi-signature wallets is essentially to improve security and prevent single points of failure, even when multiple signers are involved. In the example of A and B:

  1. Private key backup
    A and B should each back up their own private keys and store them in a safe place. For example, A can store his private key in a secure offline storage device, and B can do the same. If A's private key is lost, as long as B's private key is still safe, they can take steps to restore access.

  2. Multiple backup and recovery mechanisms
    Multi-signature wallets can also set multiple signature rules, such as "2-of-3" or "3-of-5". In the "2-of-3" setting, A and B can add a trusted third party (such as their lawyer or a secure third-party service). This way, even if A or B loses their private key, the third party can assist in restoring access.

  3. Smart Contracts and Time Locks
    Using smart contracts, a time lock mechanism can be set. For example, if either A or B loses their private key, it can be preset to be restored by a third party or some recovery mechanism after a certain period of time. This mechanism adds an extra layer of security.

Multi-Sig Wallet Scam

Now that we understand what a multi-signature wallet is, let’s talk about how scammers use it to defraud your funds. This scam takes advantage of your lack of knowledge of technical details and security measures to design a seemingly complex but actually fraudulent operation process.

Scam operation steps:

  1. Bait posting: Scammers post their "wallet private key" or "mnemonic phrase" in groups (such as Twitter, QQ groups, Weibo, etc.), claiming that their wallets were locked in a multi-signature wallet because they visited certain websites and mistakenly signed the website's signature, making them unable to operate.

  2. Bait-and-Crack: They further claimed that if anyone could crack the multi-signature mechanism, they could get the tokens in the wallet as a reward.

  3. Gas fee inducement: When someone tries to help crack the system, they will find that they need to transfer some TRON (TRX) or other cryptocurrencies that require gas fees to pay for the gas fees of the transaction before they can transfer the money out.

  4. Automatic transfer: Whenever someone transfers gas fees, the scammers will immediately transfer the transferred gas fees through scripts or smart contracts. They don’t need to watch them and they can automatically transfer the gas fees.

Why is this happening ?

  • Fake private keys and mnemonics: The private key or mnemonic posted is actually fake, or is an address that they fully control.

  • Automated scripts: Scammers may use automated scripts or smart contracts to monitor wallets, and once new feature tokens come in, they will automatically transfer these fees. No matter how fast you transfer, you can never compare with the scripts and smart contracts (their smart contracts may be set up to: whenever any tokens are transferred in, they are immediately transferred to a certain wallet address).

  • Lack of understanding of technical details: Most users do not understand the technical details of multi-signature wallets and are easily confused by complex terminology and operational procedures.

So please don't trust any private keys or mnemonics posted by strangers, especially on social platforms and group chats.