Author: Bitrace

source: https://mp.weixin.qq.com/s/Y0nMzraWgWynF3jicNb0sA

Recently, several victims have contacted us for help through Bitrace, reporting that they were unable to use their cryptocurrency wallet app properly. Specifically, they were experiencing errors when trying to transfer funds and were unable to call other on-chain contracts. However, deposits were working normally, and their assets were eventually transferred out of their accounts all at once. Investigation revealed that the victims had downloaded a fake wallet app, which led to their private keys being leaked and their account permissions being changed by thieves.

The Bitrace team has been closely monitoring the trend of crypto theft crimes. Compared to earlier simple virus-style installation package attacks, this type of multi-signature scam has been optimized in the “fish farming” process. This article will provide an introduction to this technique.

What is Multi-Signature

“Multi-Signature” (also known as “Multi-Sig”) is a widely used security mechanism in blockchain technology. Transactions can only be completed when a certain number of users with private key permission agree to sign the transaction. Multi-Sig helps prevent malicious attacks and fraudulent behavior, improves the security and availability of encrypted assets, and solves the potential trust issues in cooperative asset management. Therefore, it has been widely adopted.

Using Multi-Sig also means that if a user’s private key is hacked or stolen, the hacker cannot transfer the assets successfully, as they do not have access to the private keys of the other users with Multi-Sig permission. However, if the highest level of Multi-Sig permission is stolen, it becomes a dictatorship, and hackers can disguise themselves as a peer and wait in the dark for the funds to accumulate before striking.

The implementation of Multi-Sig fraud

In traditional fake wallet scams, hackers obtain the private key of an address through a fake wallet and share the address operation permission with the user. Both parties can transfer all funds out of the address. In this type of scam, hackers have two options: either steal the assets immediately, leaving the user with a zero balance, or wait for the user to accumulate more assets, which is called “fishing” by criminals.

In a multi-signature scam, the user loses their account permission, and during this period, the address remains in a state of “in-only” operation. In theory, as long as the user does not operate a transfer out, they will never realize that they are on the edge of being stolen. For hackers, they do not have to worry about when the “duck” in their hand will fly away, and naturally, they will not alert the user. They only need to wait for the user to continue depositing funds into the address.

Clearly, the multi-signature scam is an upgraded iteration of the fake wallet scam, and the method is more concealed, with a higher success rate for illegally obtaining assets.

The Industrialization of Multi-Signature Scams

Based on the information provided by a victim, the Bitrace team has found that as of the writing of this article, the scam gang has stolen the assets of 29 people through this method, totaling about 215,600 USDT.

Bitrace’s intelligence team also found that many cryptocurrency users have fallen victim to this type of multi-signature scam on various social media platforms, indicating that this black industry is gradually becoming industrialized. This is not good news for the vast majority of cryptocurrency users.

How to prevent multi-signature scams

● Refuse to install or use any crypto wallet other than those provided by the official website, including those downloaded from the application store, search engine results, or installation files sent by friends.

● Confirm the accuracy of the official website through multiple cross-checks, and do not blindly trust the website authentication of search engines.

● Refuse to use wallets to make crypto payments to websites or services with unknown sources, including gambling, pornography, and other online services.

● Separate wallets for large amounts of funds, and only use daily wallets to interact with other contracts.

● Do not trust internet friends who actively teach crypto investment.

Conclusion

Bitrace suggests that major wallet provider enable client detection of changes in multi-signature permissions and display the message “Your wallet operation permissions have been changed” as soon as possible. If users can be identified and informed in a timely manner, it will effectively prevent greater losses from occurring. For example, the Tron official browser displays a clear reminder when a user’s address permissions change.

The iterative evolution of on-chain fraudulent activities is accelerating, and even for the same type of fraud, the latest implementation path and hiding method are more secretive than before. With the growth of cryptocurrency adopters, more widespread losses are inevitable. If you are unfortunate enough to suffer a loss, you can contact Bitrace for help at any time.

Follow us
Twitter: https://twitter.com/WuBlockchain
Telegram: https://t.me/wublockchainenglish