So a lil breakdown on how this scam actually works. The scammer used the multisignature feature for individual $TRON address to achieve this.
The corresponding TRON address is tronscan.org/#/address/TKx1…, active since 4 days ago with a total of 499 $USDT in funds, and some shitcoin.
The corresponding TRON address is tronscan.org/#/address/TKx1…, active since 4 days ago with a total of 499 $USDT in funds, and some shitcoin.
https://twitter.com/xdxp/status/1541026387947298816
I was contacted by @JoyceBr58080110 stating they can't withdrawal their USDT, and requested my help and be rewarded 200 USDT. They gave their seedphrase and by importing the wallet into Trust Wallet, I found the wallet address: tronscan.org/#/address/TKx1…
A glimpse at the account assets shows that it has some TRX for fees on the TRON network, 499 USDT, and some shitcoin. Crypto newbies will think they have hit jackpot since they can transfer the funds away since they have the private key access. But 1 TRX is not enough for fees. 
Now, you will realize you need to fund this wallet with additional TRX for fees, which approximates to 20-30 TRX, valued at $1-2 at current market price. Small amount for a few hundred bucks of potential profit. However, as soon as money is sent to this address, it's sent away.
In the first instance, TMp3reLeUkGAjvRssgc78JPAttyHrHCMTw sent 29.30996 $TRX, seen here tronscan.org/#/transaction/….
Seconds later, this amount was transferred away to TDsBEmLHvQk4Y3zNKdbKJnLct2Vs9TKo4M, seen here tronscan.org/#/transaction/….
Seconds later, this amount was transferred away to TDsBEmLHvQk4Y3zNKdbKJnLct2Vs9TKo4M, seen here tronscan.org/#/transaction/….
In the second instance, TM1zzNDZD2DPASbKcgdVoTYhfmYgtfwx9R sent
29.759 $TRX, seen here tronscan.org/#/transaction/….
Similarly, this was sent away seconds later, seen here tronscan.org/#/transaction/….
29.759 $TRX, seen here tronscan.org/#/transaction/….
Similarly, this was sent away seconds later, seen here tronscan.org/#/transaction/….
The speed of transfer is impossible for human execution, so we can only associate this with a fund transfer trigger by an underlying smart contract. This is where the multisignature feature of TRON wallet comes into play, introduced in the v3.5 update.
There are 3 types of permissions in TRON wallets for multisig: owner, witness, and active. Owner permission has the right to execute all the contracts. Witness permission is for SR. Active permission contains a set of contracts selected execution permissions.
For the wallet in question (TKx1TtevcLSMst73ZRZLKfVc7wEfpVwuBn), 4 days ago they called the AccountPermissionUpdateContract function twice. The first tx, tronscan.org/#/transaction/…, updated the active permission of the wallet to TDsBEmLHvQk4Y3zNKdbKJnLct2Vs9TKo4M.
A second call for AccountPermissionUpdateContract swapped the owner of TKx1... to TDsB... This means the wallet TKx1... is controlled entirely by TDsB... Third party no longer have rights to TKx1... wallet, they can't do shit as owner permission changed.
tronscan.org/#/transaction/…
tronscan.org/#/transaction/…
So how are funds transferred in split seconds? Notice that under active permissions, there is an operational function for automated fund transfers - Smart Contract Trigger (TRC20/TRC721 Transfer). This allows any predetermined token to be transferred away once it hits TKx1...
This is similar to many other scams that works in similar fashion but the way the scammers revoked owner permission using the #multisig feature for TRON wallets is ingenious.
Stay safe out there, y'all.
Stay safe out there, y'all.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
