#1
(This post was last modified: 04 January, 2023 - 07:16 PM by Pruned110902. Edited 2 times in total.)
Security Alert|TRX multisig scams
Recently, TRX multisig scams have been rampant. Scammers will sell their fake logs of exodus wallets for a few bucks. This Log will contain a huge amount of USDT TRC20 (TRON Network).
However, the scammer changed the TRX wallet account permissions, causing users to think they still have control over these assets. Users will then load the account with TRX to pay for the network fee and move out the USDT TRC20. However, they will not succeed because the account permissions changed. 


What are TRX multisig scams?
After a TRX wallet is created, the default wallet owner permission belongs to the account itself with the threshold being one. In other words, transferring through the wallet requires authorization signed by one address holding the permission.
With the ill-gotten mnemonic, scammers will change the user’s TRX account permission to get the owner permission, turning the threshold into two. In this case, sending assets through the wallet needs authorization signed both by the user’s address and the  scammer’s address.
That is why such scams are called TRX multisig scams since the user needs signatures from both his address and the scammer’s to transfer through the TRX wallet. This means that authorization from the scammer’s address is needed for any transactions from the user. The user will encounter an error pop-up  “server:SIGERROR” if his transaction does not have the scammer’s signature.


How to not get scammed?
Simply analyse the wallet using tronscan.org
Check the account permissions by comparing the owner permissions address with the address of your mnemonic phrase.
https://tronscan.org/#/address/{TheAddressGoesHere}

Example of NON matching owner and user permission:

[Image: image.png]