Topic: [Warning] Trust wallet tron multi signature scam.. (Read 520 times)
it's just waste of time for the hacker because scammed user will deposit maximum of 1 trx coin to be able to withdraw usdt from the trust wallet. most probably once he understand he has been hacked and deposited trx coins has been sent to another address he will not try the same thing again and again.
Does trust wallet allow two private keys, one for viewing only and other one has full control of the wallet? Why would trust wallet has such an implementation in the first place 
Only one of the seed phrase can be imported on Trustwallet (I mean the two can only be imported on Trustwallet separately). Another wallet is used for the creation of the two seed phrases, Trustwallet do not support multisig. Only one can be imported on Trustwallet. The scammer will give you the watch-only one which you can not spend from. But the scammer will import his own also into another Trustwallet or use the wallet he used to create the multisig wallet which is actually the one you can use to spend the coin. The problem is not about Trustwallet but about Tron making its multisig wallet to be like that, in a way scammers can use it to scam people. But just little amount of money is used as fee to make transaction on Tron network, but som people can fall victim to even send high amount and all leading to scam. 
I am absolutely confused with the explanation.
Quote
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
Or the scammer has the two private keys or seed phrases, but give only one to the victim to be scammed while the multisig wallet is 2-of-2 or 2-of-N.Does trust wallet allow two private keys, one for viewing only and other one has full control of the wallet? Why would trust wallet has such an implementation in the first place
When someone finds a wallet with big amount of funds and gets the details of that wallet, he will want to take a chance if he is greedy. Those who are like me, when they come across something like this, try to know the details about it to take any kind of step. But it is true that there are many crypto users in the crypto world who are looking for ways to make quick profits. Basically they are the victims of these scams easily.
This scam is not easy to detect, and even if i had not read it, perhaps I could have become a victim of it. The best we can do is to identify and create awareness about these scams that scammers may use to hack money from crypto users. Both newbies and experienced users can fall for these scams.
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions
And Tron docs about multisig is here: https://developers.tron.network/docs/multi-signature.
Thank you for the explanation ( I was thinking it is a part of 2-of-2 mutisig) It is the first time that I have heard of such information, and if I had received this message in a part of Social Engineering attack, I would probably have fallen victim to such scam, especially if it was from someone I know in the forum.And Tron docs about multisig is here: https://developers.tron.network/docs/multi-signature.
They are continuing this scam. This is the second time I have received this message on my personal Twitter account. I may be aware of this scam but not everyone, this tempting offer is definitely enough to trap a newbie crypto user.
Code:
348c16ec953726b1b7be86cc04c40407c87a329f6fb54146949aab55de3944c3
wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address
i hope that no one will easily send balance to this address
The scammer has made these transactions only to gain trust so that the target victim tries to send funds to this wallet and withdraw funds. This wallet is too complicated for a typical new crypto user, which is why scammers take advantage of it. Scammers have an old trick of gaining trust by making transactions in their own wallets.
It makes me wonder why Tron creates something like this in the first place. Is there any benefit for their users other than being more exposed to scam activities? Kind of a weird thing to develop.
These things are usually carefully thought out before they are created, scammers just always seem to be able to twist and take advantage of good things.Some benefits a Multi sig wallet are highlighted below;
Quote
Increased Security
One of the main advantages of these wallets is that they provide a backup plan in case something goes wrong. As long as your wallet doesn’t require all signatures to access funds, you can avoid getting locked out of it.
For example, you could create a two-of-three wallet and store one private key on your phone, one on your laptop and one on a piece of paper. In case one of your signatures is stolen or lost, you can still access your funds. Therefore, multisig wallets can be an excellent way to address security concerns.
Two-Factor Authentication
Requiring multiple signatures also provides you with a form of two-factor (2FA) authentication. If someone is able to steal one of your keys, you can still block them from taking funds out of your account. You can choose to hold onto all private keys yourself, or give them to others. Either way, it ensures that each transaction is fully verified before it’s completed.
Decision-Making
When the keys for a wallet are shared among multiple people, it allows a group to control funds together. Everyone can see the funds and propose changes, but no one can transfer funds on their own. This is very popular when making business decisions. The wallet essentially acts as a form of voting in which transactions only go through when a certain majority of users agree on the transaction.
Escrowed Transactions
When you’re conducting transactions with another party, holding funds in escrow can be helpful. Escrowed transactions essentially guarantee that neither party can receive funds, services or products without the other party holding up their end of the deal. Two-of-three wallets allow you to perform escrowed contracts with crypto. These transactions start with the payer depositing their funds in the wallet. Once the other party provides the agreed-upon goods or services, both parties can sign the wallet to transfer the funds to the seller. In case of disputes, there’s an unbiased third party with a key who can award the funds to the seller or buyer as needed.
https://learn.bybit.com/blockchain/what-is-multisig-walletOne of the main advantages of these wallets is that they provide a backup plan in case something goes wrong. As long as your wallet doesn’t require all signatures to access funds, you can avoid getting locked out of it.
For example, you could create a two-of-three wallet and store one private key on your phone, one on your laptop and one on a piece of paper. In case one of your signatures is stolen or lost, you can still access your funds. Therefore, multisig wallets can be an excellent way to address security concerns.
Two-Factor Authentication
Requiring multiple signatures also provides you with a form of two-factor (2FA) authentication. If someone is able to steal one of your keys, you can still block them from taking funds out of your account. You can choose to hold onto all private keys yourself, or give them to others. Either way, it ensures that each transaction is fully verified before it’s completed.
Decision-Making
When the keys for a wallet are shared among multiple people, it allows a group to control funds together. Everyone can see the funds and propose changes, but no one can transfer funds on their own. This is very popular when making business decisions. The wallet essentially acts as a form of voting in which transactions only go through when a certain majority of users agree on the transaction.
Escrowed Transactions
When you’re conducting transactions with another party, holding funds in escrow can be helpful. Escrowed transactions essentially guarantee that neither party can receive funds, services or products without the other party holding up their end of the deal. Two-of-three wallets allow you to perform escrowed contracts with crypto. These transactions start with the payer depositing their funds in the wallet. Once the other party provides the agreed-upon goods or services, both parties can sign the wallet to transfer the funds to the seller. In case of disputes, there’s an unbiased third party with a key who can award the funds to the seller or buyer as needed.
It makes me wonder why Tron creates something like this in the first place. Is there any benefit for their users other than being more exposed to scam activities? Kind of a weird thing to develop. Using 2 different wallet for 2 different purpose would be better if they really need to differentiate the use for each one of them.
The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
Yes. Of course, people will try to send balances to the wallet for transaction fees, because people will not understand the multi-sign developed, because it is not seen directly in the wallet unless by further research.However, this is not the first time they have shared private keys or phrases. So crypto users have to be smarter when they encounter incidents like this. No one is wasting large sums of money.
When someone finds a wallet with big amount of funds and gets the details of that wallet, he will want to take a chance if he is greedy. Those who are like me, when they come across something like this, try to know the details about it to take any kind of step. But it is true that there are many crypto users in the crypto world who are looking for ways to make quick profits. Basically they are the victims of these scams easily.
The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
Yes. Of course, people will try to send balances to the wallet for transaction fees, because people will not understand the multi-sign developed, because it is not seen directly in the wallet unless by further research.However, this is not the first time they have shared private keys or phrases. So crypto users have to be smarter when they encounter incidents like this. No one is wasting large sums of money.
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions
wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address
The token on TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr is only a bait, so it does not represent the total amount of scammed funds. If we take a look at the main scammer address, TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe, it does get to that points, but take note that is the current amount, there had been multiple outgoing transactions.
One good thing beside Trust Wallet inform that typical scam, it looks like Tronscan right now has made a new update regarding it. Upon reopening the quoted link again, there is a warning text about the account permission authorization.
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions
wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address
Yes. He lures everyone with a large balance in the wallet, so people will send gas fees to withdraw the balance. But he has designed the wallet to automatically send every incoming balance. It's a scam, but it's something interesting for wallet system development. The wallet can work automatically. I think they designed this with bot commands on the system API key.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots.
The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
Yes. He lures everyone with a large balance in the wallet, so people will send gas fees to withdraw the balance. But he has designed the wallet to automatically send every incoming balance. It's a scam, but it's something interesting for wallet system development. The wallet can work automatically. I think they designed this with bot commands on the system API key.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots.
Sorry khaled0111, thanks for the merit. I deleted the post to edit it, I couldn't see your merit before I deleted it, I wouldn't had.
No problem at all! I just remerited the edited post as I believe it's very useful and opens the door to discuss how tron multisig works and how it's different from bitcoin multisig.And you are right about trustwallet, I just checked it and, indeed, it doesn't allow creating multi-signature wallets.
vv181 explained it very well, thanks!
I found this medium post which I believe is easier to understand than the tron doc:
https://coredevs.medium.com/tron-multi-signature-mechanism-92ac998993ac
Thanks for the information. . There are many scammers and they are likely to cover up their tracks. We should be vigilant at all times. If it is too good to be true, then it's definitely not true.
@ScamViruS, It seems to me that someone relatively recently mentioned just this or a similar example, but things like this are really worth warning about, because even I wouldn't understand how a scammer can profit if he gives someone his seed, and until now the situation was quite the opposite. This would confuse me personally, but I would not fall for a scam because I do not deal with altcoins transactions, nor would I engage in this way of helping someone.
I always say that those who are looking for trouble can expect it if they communicate with unknown people, so it would be advisable for such people not to use Telegram, Twitter and similar means of communication if they are not aware of the dangers that await them there.
I always say that those who are looking for trouble can expect it if they communicate with unknown people, so it would be advisable for such people not to use Telegram, Twitter and similar means of communication if they are not aware of the dangers that await them there.
I have like 5 different messages like this on twitter from different accounts, I am sure they are scammers at work and only greedy people gets burnt, I don't look into this messages or try to reply to the scammers, just ignore them and move on.
Those who are greedy easily fall prey to scammers. Twitter, Telegram are currently full of scammers, every day they come to the inbox with various tempting offers. So if you get such offers from scammers then try to expose them, so that inexperienced new crypto users can be safe from scammers. Because newbies will easily believe such offers in the hope of quick profit.
I have like 5 different messages like this on twitter from different accounts, I am sure they are scammers at work and only greedy people gets burnt, I don't look into this messages or try to reply to the scammers, just ignore them and move on.
Sorry khaled0111, thanks for the merit. I deleted the post to edit it, I couldn't see your merit before I deleted it, I wouldn't had.
No problem at all! I just remerited the edited post as I believe it's very useful and opens the door to discuss how tron multisig works and how it's different from bitcoin multisig.And you are right about trustwallet, I just checked it and, indeed, it doesn't allow creating multi-signature wallets.
vv181 explained it very well, thanks!
I found this medium post which I believe is easier to understand than the tron doc:
https://coredevs.medium.com/tron-multi-signature-mechanism-92ac998993ac
Quote
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
Or the scammer has the two private keys or seed phrases, but give only one to the victim to be scammed while the multisig wallet is 2-of-2 or 2-of-N.The way the multisig works is not by 2-of-N of a private key but by permission(privileged and weight) of an account(s).
Basically, address A is the owner(privilege) who creates address B, which A assigns B not to have any privilege and weight(no control). Kind of like a watch-only address but you did import the privkey.
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions
And Tron docs about multisig is here: https://developers.tron.network/docs/multi-signature.
Jump to: