A multi-signature wallet is actually a multi-signature wallet. Multiple people jointly manage one address, and more than half of the managers must agree to use the funds, reducing the risk of asset theft.
advantage:
1. It can improve account security. Compared with single-signature wallets, hackers who want to attack multi-signature addresses need to crack the private keys of multiple people in order to obtain the property in the multi-signature address, which is relatively more difficult.
2. Implement data backup to avoid property loss after the private key is lost. If it is a single-signature wallet, all assets cannot be obtained after the private key is lost. If it is a multi-signature wallet, taking 2/3 as an example, if one of the private keys is lost, the assets can still be traded normally.
3. Reduce erroneous transactions. When a user initiates a transaction, other private key holders can prevent the erroneous transaction by refusing to sign when they find an error. The more people participate in the signature verification process, the lower the possibility of erroneous transactions.
shortcoming:
Multiple signatures were stolen and used by scammers.
Common cases of multiple signature theft include:
The first one is that the user’s private key is leaked, resulting in over-signing by bad guys.
Common examples include: users download fake wallets through phishing websites; mnemonics or private keys are stored in online devices or platforms, and many apps will apply for permission to access photo albums or monitor clipboards, etc.; wallets are over-signed by randomly scanning QR codes to authorize; wallets for airdropped fake tokens are over-signed;
At this time, through the multi-signature mechanism, the thief can set his and your addresses to multi-signature, and when the user transfers money alone, he will find that it cannot be done smoothly. The other party has your private key and cooperates with his multi-signature account to transfer your funds.
The second type is that others intentionally leak the private key by phishing, resulting in the inability to retrieve the transferred funds.
This method is a disaster area for novices. The scammer directly discloses his wallet private key to you, and often there are other assets in the wallet that are not small. He may lie that he does not know how to operate the wallet, and ask you to help him operate the wallet to transfer a certain amount of TRX, and transfer an equal amount of stablecoin assets. The newbie thinks he has taken advantage, imports the other party's private key or mnemonic, and transfers TRX to the wallet. At this time, the multi-signature trap will be triggered.
The wallet given by the scammer has actually been set up as a multi-signature wallet. Therefore, even if you get his private key at this time, you will not be able to operate the assets in it smoothly, and the assets you transferred will be gone forever.
The third type is clicking on a phishing link that causes permission changes.
This may be caused by the user clicking on a phishing link, which causes the wallet's permissions to be changed. For example, scammers create a website that allows users to purchase various cards or recharge at low prices. When users use the link they provide to recharge, the malicious permission-elevation code will be called. After the user directly confirms and enters the password to sign, the permissions of their wallet address will be changed.
When a user's wallet address is maliciously multi-signed, problems will arise when transferring money at this time, and it is also possible that the other party may use more permissions to transfer funds.
Let me say the most important thing here: anyone who tells you that they can solve the problem of being “over-signed” is a liar!
Users and fraudsters in the crypto world do not have equal technical capabilities, and the industry also lacked more mature technical warning, identification and countermeasures in its early days.
However, the ultimate security of assets still depends on the enhancement of users' inner security awareness. If users have less expectations for pie in the sky and more precautions against temptation traps and be alert to possible scams, the security of the entire crypto world will be further improved.
In recent years, there have been too many cases of people losing virtual currency due to multiple signatures, including some with millions of assets. Remember not to get download links from unofficial channels, do not randomly scan codes given by others, do not randomly transfer money, do not randomly authorize, and do not believe that pie in the sky will fall.