时间:2024-04-07|浏览:247
The virtual currency wallet was oversigned, and 990,000 U was lost! Insufficient authority, unable to withdraw money. (From CoinsRadar.net):
During the Qingming Festival, it rained heavily, and pedestrians on the road were heartbroken;
Today, a fan of the author was really crying, his wallet was oversigned, and he lost 990,000 (135,465 USDT)!
What can 990,000 do?
You can marry a wife, buy a house in a second- or third-tier city, buy the entire youth of a college student, and let ordinary people screw for a lifetime...
What happened:
The fan recharged more than 130,000 U to the TP wallet early this morning. When he wanted to withdraw it in the morning, it showed "Verification Signature Error", which means that it was oversigned by a bad guy, and he lost the highest authority of his wallet and could not withdraw money.
This fan did not randomly scan the code or click on the link. The author checked the fan's coin collection record and did not receive the fake tokens that the scammers airdropped.
Through the record of deposit and withdrawal, it was found that 6 seconds after the fan transferred a large amount of U into the wallet, another record of 100TRX was recharged. This was not recharged by the fan himself, but by the bad guy. The 6-second recharge is obviously not an artificial recharge speed, which means that the fan wallet has been written into the smart contract by the bad guys, and the recharge is instant at the blockchain speed.
The fan asked TP customer service for the reply: the fan may be caused by the mnemonic or private key being stored in an online device or platform. Now many apps will apply for permission to access the album, or monitor the clipboard, or even modify the payment address, etc.
The bad guy accessed the fan's mobile phone album, obtained the wallet mnemonic, and added a permission. The execution threshold is 2, and 2 address permissions are required to sign and execute, but the fan has only one management key left, while the bad guy has two, and the bad guy has the highest authority of the wallet.
The author has written many articles about wallets being over-signed and unable to withdraw money. If the fans could see it earlier, they might not have lost 990,000.
The author has written about "wallets that were over-signed by randomly scanning QR codes to authorize", "wallets that were over-signed by scammers who cast a wide net to airdrop fake tokens", "transfers to scammers were over-signed", and now, another bad guy has used "high-tech" to access the photo album and obtain the mnemonic phrase, resulting in multiple wallets...
In the past, I just heard others say not to randomly download strange apps and browse unhealthy websites, otherwise others will access your mobile phone albums, memos, files, etc. I didn't take it seriously when I heard it, until I encountered it myself, I realized that these "high-tech" are all true!
This is the scammers who cast a wide net to airdrop fake tokens, and there are also interactive contracts. The wallet receives small amounts of coins inexplicably, and you will lose the wallet permissions when you click on the authorization, resulting in the loss of virtual assets.
Alas, there are really many scammers in the currency circle!
The author really does not recommend that novices put virtual coins in their wallets. Exchanges are more suitable for you.
What is multi-signature?
The normal wallet account owner's authority is you. If the scammer also obtains the owner's authority of your wallet account, this is called multi-signature. Once multi-signed, your account wallet can only receive but not transfer out, and the scammer can steal your U at any time.
90% of wallets are stolen because of this trick. When the wallet transfers out, a string of English characters is displayed. The translated meaning is mostly insufficient authority or signature error, etc.
Generally, the assets in the wallet that is multi-signed will not be transferred immediately.
One is that the scammer waits for you to recharge more, and you don’t find that you can’t withdraw cash, so you may recharge more.
Second, the wallets with multiple signatures are usually obtained by scammers with the highest authority. You cannot withdraw money yourself. The scammers are not in a hurry and will take the long game to catch the big fish.
You are the fish on the sticky board, and he will eat it whenever he wants.
(The wallets with multiple signatures should be stopped immediately)
In addition, anyone who tells you that they can solve the problem of being "multi-signed" must not be believed, they are all scammers!
In recent years, there have been too many people who have lost virtual currency due to multiple signatures, and there are many with millions of assets.
[Deliberately leaking mnemonics to cheat GAS fees]
There are also scammers who deliberately send their own wallet mnemonics and balances to the group, pretending that they are newbies who don't know how to transfer coins... or the scammers say that they don't play anymore, there are still a few hundred U in the wallet, and those who are destined to take it can take it...
In short, scammers will deliberately leak their own mnemonics.
Some newbies think to themselves, "Oh my god, this is a good thing", and quickly log in to the scammer's wallet to see that there are indeed virtual coins in it, so they quickly recharge TRX and ETH to withdraw other people's coins.
In fact, this is a scam to steal GAS fees. If you want to transfer USDT from your wallet, you must first transfer the GAS fee to this wallet, usually ETH, because the withdrawal fee of ERC20 is high. After you transfer it in, you will find that your ETH will be transferred away instantly. You may wonder if there is something wrong with your operation, so you continue to transfer it, but it is still transferred away.
The principle is very simple. This wallet has been written into the smart contract by others. The GAS fee you recharge will be transferred to the scammer's other wallet address immediately!
You think others are sheep, but they are wolves, fishing to cheat you of GAS fees!
So, if you see the mnemonic words leaked by others, you can go in and take a look, but never recharge any coins in it! !