Recently,multisigscamshaveexperiencedasignificantrise.Thescammersinthesescamsexploitthevictimsbylettingthemaccesstheirwalletstotrickthetargetsintosendingtheirfundsforrecompensingtransactionfees.Inthesescams,manyofthevictimsunknowinglysharetheirkeysorseedphrasesandlosetheirfunds.However,tocomprehendtheconceptofamultisigscam,oneneedstounderstandwhatamulti-signature(multisig)walletis.
WhatIsaMultisigWallet
Amultisigwalletservesasawalletthatneedsmultipleprivatekeysforthevalidationofatransfer.Thisassimilatestoa2-factorauthenticationwhere2ormoresignaturesareneededtoapproveatransaction.Ausercanspecifydiverserequirementsforamultisigwallet,suchastherequirementof2outof3keysandsoon.Thisisjustlikeusingseveralkeysforavault,preventingtheopeningofthelockwithouttheothers.
Peoplecommonlyusemultisigwalletsintheirbusinesscollaborations,mutualventures,anddecentralizedautonomousorganizations(DAOs).Theycanadditionallyworkinsecuringfamilyfunds.Thesewalletsenhancethesecurityandpreventthescams.
WhatIsaMultisigScam?
Inmultisigscams,thescammersmaketheirtargetsbelievethattheyhavecompleteaccesstotheircryptowallet.However,inreality,theydonothavefullaccess.Asapartofamultisigscam,theexploitersendsamessagetothetargetbyprovidingawalletaddressthatcontainssomefunds.Inadditiontothis,thescammeralsosharestherecoveryphraseandprivatekey,givingpartialaccesstothewallet.Bydoingthis,thescammerpretendstobeanewbiewantingtoknowabouttheworkingsofthewallet.Forthehelp,thescammeralsopromisesareward.
Nonetheless,whileredeemingtherewardthevictimfacesdifficulty.Onthis,thescammertricksthevictimintosendingfundssayingthatthetransactionrequiresthatamountasafeeforcompletion.Thevictimsrealizethescamwhentheyarestillunabletowithdrawthefundsafterpayingthefee.Hence,thesescammerscapitalizeontheirvictims’greedorgoodwill.Insomecases,thetargetskeependeavoringtogettherewardandthescammerkeepsdemandingfundsintermsoffees.Oncethetargetstopssendingfunds,thescammerjustfocusesontheothervictim.
WorkingonaMultisigScam
MultisigscamshaveseveraltypesandtheycommonlytargettheTronnetworkbecauseoftheworkingofitsmultisigwallets.Inmorecomprehensivemultisigscams,thescammertricksthevictimsintochangingthemechanismoftheirwalletintoamultisigandmakingthescammeraco-owner.Followinggettingcontroloverthewallet,thescammercanefficientlytakeawayfunds.Therearesomecaseswherethescammersstealthefundsdirectly.Therespectivescamsresembleimpersonationfraudorphishingscamswheretheexploiterspretendtobeapartofareliableconsumersupportteam.
Ontheotherhand,themostcommontypeofmultisigscamdoesnotnecessitateconsumerstoprovidetheirprivatekeysorseedphrases.Rather,itjusttricksvictimsintosendingfundsasatransactionfeetotheexploiterwhiletheytrytoobtainfundsfromthemultisigwallet.Forinstance,ascammerpresentsawalletthatincludesagreatamountofothercryptoassetsbutanegligibleamountof$TRX(thenativetokenofTron).Hence,towithdrawfunds,thevictimwillrequireenough$TRXtoredeemfundsfromtheTron-basedmultisigwallet.Nevertheless,aftersendingthefunds,theycometoknowaboutthescamastheycannotredeemfundswithoutthesignatureofthescammer.
RecommendationstoPreventMultisigScams
Topreventmultisigscamsaswellasothersuchfraud,theusersshouldnotsharetheirpersonalinformationwithanyone.Theyshouldalsoavoidtheuseofprivatekeysandseedphrasesbystrangers.Additionally,theyneedtostayvigilantaboutthephishingwebsitesandemails.Firstofall,theusersshouldkeepinmindthatnoneofthelegitimatecryptoexchanges,walletproviders,orentitiesaskforseedphrasesorprivatekeys.Hence,theusersshouldkeeptheminasafelocationwithoutsharingwithanyone.
Additionally,theyshouldalsostayuptodateabouttheotherswhocanaccesstheirwallet.Onspottingunauthorizedsignatories,theyneedtoinstantlyremovethem.TheusersshouldalsodiscardpermissionsinthecaseofDeFiappsthattheynolongerutilize.Moreover,theusersshouldjustutilizethewalletappsandsoftwareprovidedbyofficialandtrustedsources.Severalfakecryptoexchangesandwalletsareoutthereinthemarket.Therefore,theusersshouldverifytheURLsanddouble-checktheapp’sauthenticitybeforeusingthem.
Two-factorauthenticationisanothersecuritymeasure.Thisenablesanadditionalsecuritylayer,preventingunauthorizedwalletaccess.Anotherpreemptivemeasureistoutilizehardwarewalletsastheyadduptothesecurity.Asaresultofthis,evenifscammerscompromisethemultisigsetupofauser,theywouldnotbecapableofshiftingthefundswithoutphysicalconfirmationfromthehardwarewallet.Furthermore,theusersshouldstayawareofthenewtechniquesthatthescammersusetobeinagoodpositioninresponsetosuchscams.
Conclusion
Multisigwalletsofferadditionalsecurityforcryptotransfershoweverscammershavecomeupwithnewmethodstotrickthevictimsusingthisfeature.Stayingup-to-datecansaveusersfromphishingattempts,transactionfeetricks,andothersuchscams.Hence,usersneedtosecureprivatekeys,audittheirwalletpermissions,checkforanysuspiciouslinksbeforefundstransfer,andstayinformed.
blockchainreporter.net