Author

Topic: [Warning] Trust wallet tron multi signature scam.. (Read 523 times)

jr. member
Activity: 58
Merit: 4
it's just  waste of time for the hacker because scammed user will deposit maximum of 1 trx  coin to be able to withdraw usdt from the trust wallet. most probably once he understand he has been hacked and deposited trx coins has been  sent to another address he will not try the same thing again and again.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Does trust wallet allow two private keys, one for viewing only and other one has full control of the wallet? Why would trust wallet has such an implementation in the first place  Huh
Only one of the seed phrase can be imported on Trustwallet (I mean the two can only be imported on Trustwallet separately). Another wallet is used for the creation of the two seed phrases, Trustwallet do not support multisig. Only one can be imported on Trustwallet. The scammer will give you the watch-only one which you can not spend from. But the scammer will import his own also into another Trustwallet or use the wallet he used to create the multisig wallet which is actually the one you can use to spend the coin. The problem is not about Trustwallet but about Tron making its multisig wallet to be like that, in a way scammers can use it to scam people. But just little amount of money is used as fee to make transaction on Tron network, but som people can fall victim to even send high amount and all leading to scam.
hero member
Activity: 2422
Merit: 875
I am absolutely confused with the explanation.

Quote
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
Or the scammer has the two private keys or seed phrases, but give only one to the victim to be scammed while the multisig wallet is 2-of-2 or 2-of-N.


Does trust wallet allow two private keys, one for viewing only and other one has full control of the wallet? Why would trust wallet has such an implementation in the first place  Huh


When someone finds a wallet with big amount of funds and gets the details of that wallet, he will want to take a chance if he is greedy. Those who are like me, when they come across something like this, try to know the details about it to take any kind of step. But it is true that there are many crypto users in the crypto world who are looking for ways to make quick profits. Basically they are the victims of these scams easily.

This scam is not easy to detect, and even if i had not read it, perhaps I could have become a victim of it. The best we can do is to identify and create awareness about these scams that scammers may use to hack money from crypto users. Both newbies and experienced users can fall for these scams.
legendary
Activity: 2702
Merit: 4002
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions

And Tron docs about multisig is here: https://developers.tron.network/docs/multi-signature.


Thank you for the explanation ( I was thinking it is a part of 2-of-2 mutisig) It is the first time that I have heard of such information, and if I had received this message in a part of  Social Engineering attack, I would probably have fallen victim to such scam, especially if it was from someone I know in the forum.

hero member
Activity: 1876
Merit: 721
Top Crypto Casino
They are continuing this scam. This is the second time I have received this message on my personal Twitter account. I may be aware of this scam but not everyone, this tempting offer is definitely enough to trap a newbie crypto user.




Code:
348c16ec953726b1b7be86cc04c40407c87a329f6fb54146949aab55de3944c3
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address

The scammer has made these transactions only to gain trust so that the target victim tries to send funds to this wallet and withdraw funds. This wallet is too complicated for a typical new crypto user, which is why scammers take advantage of it. Scammers have an old trick of gaining trust by making transactions in their own wallets.
sr. member
Activity: 1470
Merit: 428
It makes me wonder why Tron creates something like this in the first place. Is there any benefit for their users other than being more exposed to scam activities? Kind of a weird thing to develop.
These things are usually carefully thought out before they are created, scammers just always seem to be able to twist and take advantage of good things.
Some benefits a Multi sig wallet are highlighted below;
Quote
Increased Security
One of the main advantages of these wallets is that they provide a backup plan in case something goes wrong. As long as your wallet doesn’t require all signatures to access funds, you can avoid getting locked out of it.

For example, you could create a two-of-three wallet and store one private key on your phone, one on your laptop and one on a piece of paper. In case one of your signatures is stolen or lost, you can still access your funds. Therefore, multisig wallets can be an excellent way to address security concerns.

Two-Factor Authentication
Requiring multiple signatures also provides you with a form of two-factor (2FA) authentication. If someone is able to steal one of your keys, you can still block them from taking funds out of your account. You can choose to hold onto all private keys yourself, or give them to others. Either way, it ensures that each transaction is fully verified before it’s completed.

Decision-Making
When the keys for a wallet are shared among multiple people, it allows a group to control funds together. Everyone can see the funds and propose changes, but no one can transfer funds on their own. This is very popular when making business decisions. The wallet essentially acts as a form of voting in which transactions only go through when a certain majority of users agree on the transaction.

Escrowed Transactions
When you’re conducting transactions with another party, holding funds in escrow can be helpful. Escrowed transactions essentially guarantee that neither party can receive funds, services or products without the other party holding up their end of the deal. Two-of-three wallets allow you to perform escrowed contracts with crypto. These transactions start with the payer depositing their funds in the wallet. Once the other party provides the agreed-upon goods or services, both parties can sign the wallet to transfer the funds to the seller. In case of disputes, there’s an unbiased third party with a key who can award the funds to the seller or buyer as needed.
https://learn.bybit.com/blockchain/what-is-multisig-wallet

legendary
Activity: 2170
Merit: 1789
It makes me wonder why Tron creates something like this in the first place. Is there any benefit for their users other than being more exposed to scam activities? Kind of a weird thing to develop. Using 2 different wallet for 2 different purpose would be better if they really need to differentiate the use for each one of them.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
Yes. Of course, people will try to send balances to the wallet for transaction fees, because people will not understand the multi-sign developed, because it is not seen directly in the wallet unless by further research.
However, this is not the first time they have shared private keys or phrases. So crypto users have to be smarter when they encounter incidents like this. No one is wasting large sums of money.

When someone finds a wallet with big amount of funds and gets the details of that wallet, he will want to take a chance if he is greedy. Those who are like me, when they come across something like this, try to know the details about it to take any kind of step. But it is true that there are many crypto users in the crypto world who are looking for ways to make quick profits. Basically they are the victims of these scams easily.
full member
Activity: 854
Merit: 102
The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
Yes. Of course, people will try to send balances to the wallet for transaction fees, because people will not understand the multi-sign developed, because it is not seen directly in the wallet unless by further research.
However, this is not the first time they have shared private keys or phrases. So crypto users have to be smarter when they encounter incidents like this. No one is wasting large sums of money.
legendary
Activity: 1932
Merit: 1273
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions


wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address

The token on TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr is only a bait, so it does not represent the total amount of scammed funds. If we take a look at the main scammer address, TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe, it does get to that points, but take note that is the current amount, there had been multiple outgoing transactions.

One good thing beside Trust Wallet inform that typical scam, it looks like Tronscan right now has made a new update regarding it. Upon reopening the quoted link again, there is a warning text about the account permission authorization.
full member
Activity: 1489
Merit: 150
Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions


wow, i just check the wallet and it seems the scam already got a total of 1k $ ++ from all the people that he scammed.
i hope that no one will easily send balance to this address
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
Yes. He lures everyone with a large balance in the wallet, so people will send gas fees to withdraw the balance. But he has designed the wallet to automatically send every incoming balance. It's a scam, but it's something interesting for wallet system development. The wallet can work automatically. I think they designed this with bot commands on the system API key.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots. Grin

The way they've built it all can lead any crypto user to believe it at first, until researching the details of this multi-sign. Scammers try their best to create new scamming tools, which can lure crypto users and scam them. Even many experienced crypto users will not understand the secret of this wallet at first sight.
full member
Activity: 854
Merit: 102
Yes. He lures everyone with a large balance in the wallet, so people will send gas fees to withdraw the balance. But he has designed the wallet to automatically send every incoming balance. It's a scam, but it's something interesting for wallet system development. The wallet can work automatically. I think they designed this with bot commands on the system API key.
I hope everyone avoids sending balances to those wallets because it will lose speed with Bots. Grin
jr. member
Activity: 269
Merit: 4
Sorry khaled0111, thanks for the merit. I deleted the post to edit it, I couldn't see your merit before I deleted it, I wouldn't had.
No problem at all! I just remerited the edited post as I believe it's very useful and opens the door to discuss how tron multisig works and how it's different from bitcoin multisig.
And you are right about trustwallet, I just checked it and, indeed, it doesn't allow creating multi-signature wallets.

vv181 explained it very well, thanks!
I found this medium post which I believe is easier to understand than the tron doc:
https://coredevs.medium.com/tron-multi-signature-mechanism-92ac998993ac


Thanks for the information. . There are many scammers and they are likely to cover up their tracks. We should be vigilant at all times. If it is too good to be true, then it's definitely not true.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
@ScamViruS, It seems to me that someone relatively recently mentioned just this or a similar example, but things like this are really worth warning about, because even I wouldn't understand how a scammer can profit if he gives someone his seed, and until now the situation was quite the opposite. This would confuse me personally, but I would not fall for a scam because I do not deal with altcoins transactions, nor would I engage in this way of helping someone.

I always say that those who are looking for trouble can expect it if they communicate with unknown people, so it would be advisable for such people not to use Telegram, Twitter and similar means of communication if they are not aware of the dangers that await them there.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
I have like 5 different messages like this on twitter from different accounts, I am sure they are scammers at work and only greedy people gets burnt, I don't look into this messages or try to reply to the scammers, just ignore them and move on.

Those who are greedy easily fall prey to scammers. Twitter, Telegram are currently full of scammers, every day they come to the inbox with various tempting offers. So if you get such offers from scammers then try to expose them, so that inexperienced new crypto users can be safe from scammers. Because newbies will easily believe such offers in the hope of quick profit.
member
Activity: 271
Merit: 14
I have like 5 different messages like this on twitter from different accounts, I am sure they are scammers at work and only greedy people gets burnt, I don't look into this messages or try to reply to the scammers, just ignore them and move on.
legendary
Activity: 2702
Merit: 3045
Top Crypto Casino
Sorry khaled0111, thanks for the merit. I deleted the post to edit it, I couldn't see your merit before I deleted it, I wouldn't had.
No problem at all! I just remerited the edited post as I believe it's very useful and opens the door to discuss how tron multisig works and how it's different from bitcoin multisig.
And you are right about trustwallet, I just checked it and, indeed, it doesn't allow creating multi-signature wallets.

vv181 explained it very well, thanks!
I found this medium post which I believe is easier to understand than the tron doc:
https://coredevs.medium.com/tron-multi-signature-mechanism-92ac998993ac
legendary
Activity: 1932
Merit: 1273
Quote
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
Or the scammer has the two private keys or seed phrases, but give only one to the victim to be scammed while the multisig wallet is 2-of-2 or 2-of-N.

The way the multisig works is not by 2-of-N of a private key but by permission(privileged and weight) of an account(s).

Basically, address A is the owner(privilege) who creates address B, which A assigns B not to have any privilege and weight(no control). Kind of like a watch-only address but you did import the privkey.

Based on the privkey at OP, the address is TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr(address B). But the true owner is TGucfPTopNVFG4CR4wWws9qRWD1RLayiKe(address A). You can see about the account permission on https://tronscan.org/#/address/TXaYFNopc8xsjJLtVzvAVQGProbCmsuXYr/permissions

And Tron docs about multisig is here: https://developers.tron.network/docs/multi-signature.

legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
I am absolutely confused with the explanation.

Quote
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
Or the scammer has the two private keys or seed phrases, but give only one to the victim to be scammed while the multisig wallet is 2-of-2 or 2-of-N.

Secondly, Trustwallet is a single key wallet. Or is it multisig? I downloaded the wallet again on my mobile device few days ago to check if the wallet is multisig or not, I found it to be a single signature wallet, with no changing addresses.

Even without the other private keys or the other public keys, how can the multisig wallet be successfully imported by the victim.

If I am wrong, that would be because I do not know much about altcoins or close source Trustwallet, and if this is true, it is really flawed.



Sorry khaled0111, thanks for the merit. I deleted the post to edit it, I couldn't see your merit before I deleted it, I wouldn't had.
hero member
Activity: 714
Merit: 521
This is not their first time of attacks on trust wallet or any other form of centralized wallet/exchange, they keep improvising on techniques to deceive users that are not carefully minded, these are tricks that turned into something else at the long run, consider it that no one will seek for your assistance without knowing or meeting you from somewhere or platform related occasion and required your help, if he could acquire such a huge amount of coins in his disposal then there's no doubt he's an experienced user that only seek for meat to their teeth by caughting preys unaware, let's be vigilant on all forms of phishing attacks being used to device a means of an attack on users by avoiding some updates coming in forms of messages either by text or through mail requesting our help in cryptocurrency.
hero member
Activity: 1876
Merit: 721
Top Crypto Casino
I got a message on Twitter yesterday from someone asking me for help! He gave all his trust wallet information, that's when I realized it was a trap designed by scammers to fool inexperienced crypto users. With the wallet information provided by him, I accessed that wallet and saw his activities. And then confirmed that it is a scam. Then I searched online and found an announcement about this scam which was updated by trust wallet team. So inexperienced new crypto users please refrain from sending any funds by being lured by someone like this.



You can also check :
Code:
12 Mnemonic Phrase Tron:                                                               
board range direct ship napkin false pilot adjust vicious small festival major                                                                                                                                   
                                                                                                 
Private key:                                                                                       
348c16ec953726b1b7be86cc04c40407c87a329f6fb54146949aab55de3944c3
                                                                                               
How does this scam work?

Quote
What is Tron Multi-Signature?
The normal crypto wallet is single-signature. One set of Secret Phrases which have access to the wallet and one point of authority to confirm smart contracts/transactions from.
With Multi-Signature, you guess it! This adds multiple access points by having multiple private keys to access the same wallet. There are 2 methods of access to the Multi-Sig wallets.
For all you Harry Potter fans out there; imagine Lord Voldemort splitting his soul into multiple Horcruxes. Lord Voldemort is the wallet and the Horcruxes are the private keys. You have to have all the Horcruxes to control the wallet. (I’ve always wanted to use a Harry Potter reference to explain crypto… anyway!).

You can have 2 or more Secret Phrases for a Multi-Sig wallet.

The second way is to simply transfer ownership of the wallet from one set of private keys to another.

What is a Tron Multi-Signature Scam? Part 2.
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
The scammer will give out the Secret Phrase that can access the wallet, but cannot control the funds, and the scammer will keep the Secret Phrase that can both access and also fully control the wallet (see the scam-explanation near the top).

The user being scammed will send Tron funds to the wallet to be able to withdraw the $USDT funds out. However the user being scammed doesn’t know that they don’t control the wallet at all. The scammer will just keep withdrawing the Tron funds that the person they are scamming sends into it. The scammer will continue to do this to multiple users, withdrawing the funds out into their own separate wallet and repeat.

So, to ensure people that are using this method with malicious intent don’t scam people - we’ve added a security warning! This will act a a way of people identifying the wallet which has control of the funds.

Source: https://community.trustwallet.com/t/trust-wallet-adds-support-for-tron-multi-signature-wallets/534456
Jump to: