Star Tower Chain
Star Tower Chain
Star Tower Chain
  • StarTower
  • basic knowledge
    • What is blockchain
    • What is a decentralized wallet
    • What are private keys, mnemonic words, and passwords?
    • What is the miner's fee?
    • What is DeFi
    • What is DEX
    • What is a keystore
    • What is a hardware wallet
    • What is a cold wallet?
    • What is a hot wallet?
    • What is an observation wallet
    • What is a multi-signature wallet?
    • What is a plug-in wallet?
    • What is Passphrase?
  • Safety Knowledge
    • Common fraud cases
      • Beware of custom RPC node scams
      • Stay away from fake links and wallet scams
      • Beware of fake customer service wallet verification scams
      • Beware of SMS sharing fake wallet scams
      • Beware of TRON malicious permission change scams
      • Beware of "zero amount" transfer scams
      • Beware of precise fake addresses
      • Beware of receiving code fraud
      • Beware of new airdrop scams
      • Beware of Mnemonic Phrase Sharing Scams
      • BSC chain malicious authorization fraud
      • Fake Airdrop Scam
      • Fake QR code scam
      • Fake link/App scam
      • Phishing scam
      • Fake Token Scams
      • Fake customer service scam
      • Dapp authorization scam
  • Safety measures
    • How to use revoke.cash authorization management tool
    • Precautions for using third-party DApps
    • Guidelines for using the token contract security detection tool
    • Please keep your private key/mnemonic safe!
    • Please be careful with tokens or website links marked as risky
    • A text to distinguish whether the StarTower wallet is genuine
    • Official website genuine wallet verification method
    • Authorization (Approve) is explained in detail!
    • How to view/cancel malicious Approve (authorization)?
    • Asset loss prevention
    • Asset theft prevention
    • MEV protection function tutorial
    • Fake wallet solution
    • Safety Operation Guidelines
    • Precautions for using third-party DApps
  • Wallet FAQ
  • BTC Wallet
    • Adding/transferring/trading runes
    • What is Runes Protocol
    • What is a Bitcoin ETF?
    • A quick overview of Bitcoin, Lightning Network, Nostr, Nostr Assets Protocol, and Taproot Assets Pro
    • Use StarTower Wallet to transfer BRC-20, one step faster
    • How to use BTC acceleration function
    • View and send Ordinals in your wallet
    • What is a Partially Signed Bitcoin Transaction (PSBT)
    • What are Bitcoin Ordinals
    • What is BTC network congestion and how to solve it.
    • What is Observer Wallet
    • What is the change address?
    • What is the UTXO model?
    • What is OP_RETURN?
    • What is a path
    • What is Taproot?
    • What is Segregated Witness
  • Group 1
    • About RBF and CPFP
Powered by GitBook
On this page
  1. Safety Knowledge
  2. Common fraud cases

Beware of TRON malicious permission change scams

Recently, some community users have reported that the TRON wallet has been inexplicably multi-signed, resulting in the inability of Token to operate. In response to such problems, we have sorted out t

TRON Multi-Signature Scenario

Based on communication with users and verification of relevant data, the following scenarios that may lead to multi-signature are obtained.

1. If you have set up multi-signature yourself, you need to manage the address and execute the signature yourself;

2. Using a fake wallet leads to the leakage of the private key mnemonic, which is then used to set up multi-signature after being obtained by the other party;

3. Import the private key mnemonics obtained from the Internet into the wallet. The address has been multi-signed;

4. A third-party malicious link was executed, and the signature completed the permission change operation.

After the TRON wallet address is created, it is set to single weight by default and can perform any on-chain operations. If the address is multi-signed, it must be due to the leakage of the private key or mnemonic phrase or the execution of a malicious link that caused a change in permissions.

Introduction to TRON Multi-Signature

TRON's multi-signature mechanism is a security measure that limits specific operations by setting thresholds and weights, and can only be executed with the joint confirmation of multiple signatories.

In the TRON multi-signature mechanism, the threshold refers to how many signatories need to confirm before a specific operation can be performed. For example, if the threshold is 2, then when performing a specific operation, at least the signatory weight must be greater than or equal to the threshold for confirmation. The threshold can be set in the multi-signature contract and adjusted according to specific needs.

Weight refers to the weight of each signatory, which determines the proportion of each signatory in the multi-signature operation. For example, if the threshold is set to 2 and the weight of two signatories is 1, then when performing a specific operation, the confirmation of two signatories with a weight of 1 is required for it to take effect. The weight setting needs to be set in the contract, and the sum of the weights of all signatories must be greater than or equal to the total weight.

By setting thresholds and weights, the TRON multi-signature mechanism can improve the security of contracts and prevent them from being tampered with by unauthorized operations or being used by attackers for malicious operations.

TRON Multi-Signature Scam

There is a difference between TRON’s change permissions and Approve (authorization). Authorization only affects the authorized Token; while changing permissions will result in changes to TRON address permissions, thereby losing management rights over the address.

Malicious changes in permissions by TRON often occur during TRC20 recharges, such as buying gas cards and gift cards at very low prices, or using verification code platforms to recharge. Basically, they take advantage of people's desire for cheapness. When users use the links they provide to recharge, the malicious permission-changing code will be called. When users confirm and enter the password to sign, the permissions of the address will be changed.

PreviousBeware of SMS sharing fake wallet scamsNextBeware of "zero amount" transfer scams

Last updated 7 months ago