In the crypto and blockchain world, unfortunately, we find scammers who strive to be able to directly or indirectly steal the funds of the unfortunate who for one reason or another fall victim to the same scammers.
There are several scams and tricks that criminals use but this time we will focus on a really devious one that few know or recognize, which is the one that concerns the seed or the private key.
Before going into detail and understanding how it works, this scam is based on the fact that we must never reveal our private key or our seed to anyone because if we do, we will lose all the funds within it.
Knowing this, criminals deliberately publish their private key or seed in chat or private messages, in the hope that someone can insert the private key or seed into the wallet and see that there are crypto with a value and ready to be moved to our wallet with a simple transaction.
We will take one example that was circulating on Twitter and dig into the case.
Here we have a scammer wallet address: TUr8tTfMmr2ML88C65xLHPT4JGNgUkvh9Z
Here is also a secret phrase: damage muscle dilemma year useful toast siege sustain hero property lucky home
Now let's check what is going on, and why scammer "generously" shares his private key?
Let's check account permissions.
It is important to notice that threshold of Owner permission is set to 4. For those who don't know what threshold is, here is a brief definition:
Minimum threshold to validate multisig transactions, a multisig transaction will only take effect when the total weight of signing addresses is greater than the threshold.
So basically we are looking at msig wallet, with 2 accounts and second account has weight of 3 - meaning that first account + second will satisfy msig condition of threshold and by that, action will be executed.
This means that without access to that second wallet, this first account is useless. And from that point anyone that has access will be unable to send funds to another address. If victim persist to send funds, he will be asked to top up TRX to cover transaction fee - which will be quickly pulled by criminals to another address.
