This is a key security UX/UI update for Trust Wallet which benefits both the user experience and scam prevention. Read on to find out more…
It may be easier to start off by explaining the scam first. So let’s start off with a message which many of you may have seen something similar before. It could have been on a forum, on in comments of social media posts, or sent to you in a DM. But it goes along the lines of this:
“Hey there, I’ve got a wallet with 10k $USDT in it, but I don’t have the available funds to withdraw, could you withdraw for me we will split in half? Here is my Secret Phrase: (and enters the seed phrase to their wallet)”.
This is a common scam, but can be hard to identify if you don’t know what you’re meant to be looking out for. The scammer will give you a genuine Secret Phrase to a wallet they have created and if you enter the seed phrase, you’ll be able to access the wallet. Strange right? And what’s even more strange? The stated $USDT funds are actually in the wallet! Seems too good to be true? Well, because it is.
These scams have caught out newbies and professionals alike.
This is known as a ‘Tron multi-sig scam’. So next, we’ll go into the what Tron multi-sig is:
The normal crypto wallet is single-signature. One set of Secret Phrases which have access to the wallet and one point of authority to confirm smart contracts/transactions from.
With Multi-Signature, you guess it! This adds multiple access points by having multiple private keys to access the same wallet. There are 2 methods of access to the Multi-Sig wallets.
For all you Harry Potter fans out there; imagine Lord Voldemort splitting his soul into multiple Horcruxes. Lord Voldemort is the wallet and the Horcruxes are the private keys. You have to have all the Horcruxes to control the wallet. (I’ve always wanted to use a Harry Potter reference to explain crypto… anyway!).
You can have 2 or more Secret Phrases for a Multi-Sig wallet.
The second way is to simply transfer ownership of the wallet from one set of private keys to another.
Tron Multi-signature has 2 separate ways of working. In the case of the scam, it’s usually accessed by 2 Private Keys. However one of the Private Keys can control the funds in the wallet, and one cannot, although both will be able to access the wallet.
The scammer will give out the Secret Phrase that can access the wallet, but cannot control the funds, and the scammer will keep the Secret Phrase that can both access and also fully control the wallet (see the scam-explanation near the top).
The user being scammed will send Tron funds to the wallet to be able to withdraw the $USDT funds out. However the user being scammed doesn’t know that they don’t control the wallet at all. The scammer will just keep withdrawing the Tron funds that the person they are scamming sends into it. The scammer will continue to do this to multiple users, withdrawing the funds out into their own separate wallet and repeat.
So, to ensure people that are using this method with malicious intent don’t scam people - we’ve added a security warning! This will act a a way of people identifying the wallet which has control of the funds.
Trust Wallet is an easy to use, true multi-chain noncustodial wallet, which allows you to store and manage over 6 million crypto assets including NFTs across 68+ blockchains. No more storing your assets across multiple custody wallets or exchanges! You’ll have peace of mind knowing all your assets are in one safe place.
Your private keys are stored on your device and your assets on-chain meaning you are in full control at all times. Trust Wallet gives you the ability to natively buy, swap and stake your favourite crypto without having to leave the app and also connect to dApps with the in-built DApp browser.
Trust Wallet is used by over 50 million people worldwide!
Don’t have Trust Wallet yet? Download here: Trust Wallet App