Fraudsters on TRON are now exploiting wallets compromised by multisig scams by sending small amounts of USDT or TRX with deceptive notes (e.g., “removing multi-signatures”). They falsely claim they can restore wallet access, luring users into transferring more funds.
TRX multisig scams occur when users expose their private keys—whether by downloading fake wallets or signing malicious links—allowing scammers to convert their wallets into multisig accounts that require the scammer’s signature for any transaction, effectively locking the user out.
John, a blockchain practitioner who frequently uses the TRX wallet, once took a screenshot of his mnemonic phrase and saved it in his mobile phone album. Unfortunately, malware stole the mnemonic, and his wallet was compromised in a multisig scam, causing him to lose control. Although the scammers haven’t transferred his tokens yet, John is unable to make any transactions, leaving him extremely anxious.
Shortly afterward, he noticed a small USDT deposit (0.5 USDT) in his wallet. The transfer's memo included a seemingly official notice and a proposed solution: “Your address has been multisigned by the company. Please contact TG: ppaa319 to have it removed.”
Desperate to regain control, John followed the instructions and contacted the sender. Claiming to be the “TRON Professional Team,” they assured him they could remove the multisig restriction from his wallet.
They demanded a “technical service fee” equal to 30% of his wallet’s assets. In his urgency, John prepaid half the fee. After receiving the payment, the scammers sent fake progress screenshots and threatened to halt the process unless he paid the remaining amount—pressuring John into completing the payment.
However, once they received the full amount, the scammers disappeared without providing any assistance. John not only failed to recover his wallet but also suffered additional financial losses. Exploiting his limited understanding of TRON’s multisignature mechanism and his desperation, the scammers orchestrated a second fraud, leaving him completely deceived.
PSA:
- Be cautious of on-chain memos and always verify the authenticity of the source through official channels.
- Be especially wary of memos from unknown sources, particularly those claiming to resolve technical issues or account restrictions.
- Safeguard your mnemonic phrase and private keys by storing them securely offline. Use physical backups, such as handwritten copies or hardware wallets, to keep them isolated from online threats and prevent cyberattacks.
- To ensure security, download and use the official imToken wallet only from https://token.im/.
imToken Is Always Protecting Your Token Security
In February, imToken marked a total of 6706 risky tokens, banned 441 risky DApp websites and marked 6657 risky addresses.
In addition, if you find any suspiciously risky tokens or DApps, please contact us: support@token.im to help more users avoid token losses.
Closing Thoughts
Scams are constantly evolving, it is indeed challenging for average users to fully prevent them. imToken is committed to rapidly detecting issues and finding solutions, providing timely messages to the community, and educating users about various types of scams to protect them from losses.
We encourage you to read and share imToken Wallet Security Monthly Report and join hands with imToken to safeguard your token security.