Bitget App
Trade smarter
Buy cryptoMarketsTradeCopyBotsEarnWeb3

Stay Alert: Beware of Multi-Sig Fraud!

2022-11-17

Recently, some people might have received a message for help on Twitter or Telegram like this: “I have 100/1,000 USDT in my wallet, but somehow I cannot withdraw it. Here are my wallet address, private key, and mnemonic phrase. If you can help me withdraw, you will get some USDT as a reward.”

This image has an empty alt attribute; its file name is u_b_e915ffc0-49fd-11ed-88d8-f95859546a3c.jpeg
This image has an empty alt attribute; its file name is u_b_04b56130-49fe-11ed-88d8-f95859546a3c.jpeg
This image has an empty alt attribute; its file name is u_b_19067d90-49fe-11ed-88d8-f95859546a3c.jpeg

Person A replied and was ready to lend a hand, given that the contact might be a fresh starter for Web3 wallets. After importing the wallet through the private key or mnemonic phrase, person A found that the balance was displayed but assets could not be withdrawn.

Then the contact told person A that assets could only be withdrawn after a commission fee of around USD 10 is deposited. However, A found that the withdrawal was still not available even after the deposit… Now person A realized this was actually a fraud! Such kinds of scams cheat people out of crypto assets using their kindness or targeting their greed.

If you cannot “transfer the balance” after depositing a commission fee, the fraudsters would keep brainwashing you by making up excuses until you walk away from this. Then, they would look for the next target. As long as there are enough victims, they would make a considerable profit.

You might be wondering why the assets cannot be withdrawn after the private key is imported.

Here is something you need to know about multisig (multi-signature) wallets.

Prior to that, let’s talk about single-signature wallets first. If we want to carry out a transfer to a blockchain, we need to make a signature with our wallet. After signing the transaction, the transfer will be successful once the transaction is executed. That’s a standard procedure for a single-signature wallet, which is commonly used by investors.

Unlike the single-signature wallet, a multisig wallet requires the signatures of more than one person to execute a transaction. For a transfer with a multisig wallet, the transaction must be signed by one or more people before it can be completed.

This image has an empty alt attribute; its file name is u_b_07b09870-4a01-11ed-88d8-f95859546a3c.jpeg

While using a multisig wallet, we can designate an m/n signature mode, which means that an operation can only be completed when certain people sign. You can set the multisig mode based on your specific needs, such as:

  1. 1/2 multisig mode: Suitable for two people who trust each other or one person with two wallets. A transaction can be independently initiated with either private key (similar to a partnership account).
  2. 2/2 multisig mode: Vault funds can only be used with the consent of both administrators (two private keys are required to transfer the funds).
  3. 2/3 multisig mode: For funds jointly managed by three partners, in case one of the three private keys is lost, only two of the private keys are required to transfer funds.

Of course, there can be 1/3, 3/6, 5/8, and many other multisig modes. The distinctive characteristic of the multisig wallet is that transactions can only be completed with the authorization of more than one private key holder.

Simply put, in this kind of scam, the fraudsters create a multisig wallet, and deposit some USDT in the wallet as bait. Then, they chat with you in a community or DM you, gain your trust by telling you the private key and mnemonic phrase, and ask you to deposit. However, as transfers can only be completed with two or more private keys, you definitely cannot withdraw any asset.

Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) currently does not support multisig mode, but private keys can be imported to a multisig wallet. When you transfer assets from this wallet, Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) will show a prompt indicating that you do not have permission and report an error.

Crypto beginners might fall into traps due to the following reason: they have never heard of a multisig wallet and thus believe that they can do anything in the wallet with just a private key. Please remain vigilant when you’re approached by anyone in the community and do not believe strangers saying that they would offer you profit and their fortune code. In addition, we suggest learning more about anti-fraud skills in Bitget Wallet (Previously Bitget Wallet (Previously BitKeep)) Academy, especially our Safety Knowledge. Getting to know more concepts and fraud cases can help you stay alert from traps.

Content
    wallet