In the last issue of Web3 Security Getting Started Pitfall Guide, we mainly explained the risks when downloading/purchasing wallets, how to find the real official website and verify the authenticity of the wallet, and the risk of leaking private keys/mnemonic phrases. We often say "Not your keys, not your coins", but there are also situations where even if you have the private key/mnemonic phrase, you cannot control your assets, that is, the wallet has been maliciously multi-signed. Combined with the MistTrack stolen forms we collected, after some users’ wallets were maliciously multi-signed, they didn’t understand why they still had balances in their wallet accounts but could not transfer funds out. Therefore, in this issue, we will take the TRON wallet as an example to explain the relevant knowledge of multi-signature phishing, including the multi-signature mechanism, regular operations of hackers and how to avoid malicious multi-signatures in the wallet.
Let’s briefly explain what multi-signature is. The original intention of the multi-signature mechanism is to make the wallet more secure and allow multiple users to jointly manage and control the access and usage rights of the same digital asset wallet. . Even if some managers lose or leak private keys/mnemonic phrases, the assets in the wallet will not necessarily be damaged.
TRON’s multi-signature permission system is designed with three different permissions: Owner, Witness and Active, each with specific functions and uses.
Owner permissions:
Witness permissions:
This permission is mainly related to Super Representatives. Accounts with this permission can participate in the election and voting of super representatives, and manage operations related to super representatives.
Active permissions:
Used for daily operations, such as transferring funds and calling smart contracts. This permission can be set and modified by the Owner permission. It is often assigned to accounts that need to perform specific tasks. It is a collection of several authorized operations (such as TRX transfers, pledged assets).
As mentioned above, when creating a new account, the account's address will have Owner permissions (the highest permissions) by default. You can adjust the account's permission structure, choose which addresses to authorize the account's permissions to, and stipulate the weight of these addresses. size, and set thresholds. The threshold refers to how much signer weight is required to perform a specific operation. In the figure below, the threshold is set to 2, and the weights of the three authorized addresses are all 1. When performing a specific operation, the operation can take effect as long as there are confirmations from 2 signers.
(https://support.tronscan.org/hc/article_attachments/29939335264665)
After the hacker obtains the user's private key/mnemonic phrase, if the user does not use the multi-signature mechanism (that is, the wallet account is only controlled by the user), the hacker can change the Owner/Active Permissions can also be granted to one's own address or the user's Owner/Active permissions can be transferred to oneself. These two operations of hackers are usually called malicious multi-signatures, but in fact this is a broad term. In fact, it can be done according to the user's To distinguish whether you still have Owner/Active permissions:
In the picture below, the user's Owner/Active permissions have not been removed. The hacker has authorized the Owner/Active permissions for his address. At this time, the account is owned by the user Jointly controlled with hackers (threshold is 2), the weights of both user addresses and hacker addresses are 1. Although the user holds the private key/mnemonic phrase and has Owner/Active permissions, he cannot transfer his own assets because when the user initiates a request to transfer assets, both the user's and the hacker's addresses are required to sign before this operation can be executed normally.
Although the operation of transferring assets from a multi-signed account requires confirmation of multi-party signatures, multi-party signatures are not required for depositing funds into a wallet account. If the user does not have the habit of regularly checking the account permissions or has not performed any transfer operations recently, he will generally not find that the authorization of his wallet account has been changed, and he will continue to be damaged. If there are not many assets in the wallet, hackers may take a long-term approach and wait for the account to accumulate a certain amount of digital assets before stealing all the digital assets at once.
There is another situation where hackers use TRON's permission management design mechanism to directly transfer the user's Owner/Active permissions to the hacker address (the threshold is still 1), causing the user to lose Owner/Active Permissions, not even the "right to vote" are gone. It should be noted that the hacker here does not use the multi-signature mechanism to prevent users from transferring assets, but it is customary to call this situation a malicious multi-signature of the wallet.
The above is the detailed content of Web3 Security Getting Started Guide to Avoiding Pitfalls: Risks of Wallet Being Maliciously Multi-Signed. For more information, please follow other related articles on the PHP Chinese website!
Three major frameworks for android development
div scroll bar
What is the role of kafka consumer group
Four major characteristics of blockchain
What are the website building functions?
What software is dreamweaver?
How to import old phone into new phone from Huawei mobile phone
What are the mobile operating systems?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
