Phishing Scams of Using Tron Authority Upgrade

4 min readFeb 27


Application scenario of TRON MultiSig

Tron multi-signature is generally divided into active multisig and passive multisig. Active multisig is a measure to set up multisig wallets by users and strengthen asset safety. Passive multisig refers to multi-sig operations that users do not intend to perform.

We have compiled the following scenarios that may lead to multisig,

  1. Set multisig by users, the managers need to sign to execute the operation.
  2. The third party gets your secret recovery phrase or private key to set your wallet as the multisig wallet.
  3. Get the secret recovery phrase or private key, which was set as the multisig wallet from the internet.
  4. Access the unknown-source malicious link, and signed to complete the authority upgrade.

After the creation of the wallet address, the default signature setting is single-sig, which can perform any on-chain operation, if the address is multi-sig, it must be executed by users or the third party who get your secret recovery phrase or private key.

About TRON MultiSig Wallet

TRON’s multiple signature mechanism is a security measure that limits specific operations to be performed only with the mutual confirmation of multiple signers by setting thresholds and weights.
In the multi-sig mechanism, the threshold refers to how many managers need to confirm before performing a specific operation. For example, if the threshold is 2, at least two managers are required to confirm a specific operation. The threshold can be set in the multi-contract and adjusted according to specific requirements.
The weight refers to the weight of each manager, which determines the proportion of each manager in the multi-manager operation. For example, if the threshold is set to 2 and the weight of the two signatories is set to 1, a specific operation can take effect only after the confirmation of the two signatories with the weight of 1. The setting of weights needs to be set in the contract and must meet the requirement that the sum of the weights of all signatories equals the total weight.

By setting thresholds and weights, the TRON multisig mechanism can improve the security of the contract and prevent the contract from being tampered with by unauthorized operations or used by attackers for malicious operations.

TRON MultiSig Scams

Tron Authority Upgrade is different from the Approve. After approval, only the approved Token is affected. However, the upgrade of authority will lead to the change of the authority of the address, thus losing the management authority of the address.

Tron Authority Upgrade often happens in some use of the TRC20 deposit process, such as optimizing the price to buy fuel cards, and gift cards, using some verification code platform deposit. When the user uses the link they provide to deposit, it will call the malicious authority upgrade code, when the user directly confirms and enter the password to sign, the authority of the TRON wallet will be upgraded.

The following is a typical case,

Jump to the wallet through the deposit entrance of the malicious website and open it. The payment address is the contract address of USDT. Click [Pay now], and it will remind you not to copy the address to transfer, this is to prevent the user to bypass the malicious code to execute the transfer.

Click [Pay now], and you can see the transaction details. You can see the information about the ongoing operations and possible risks.

Click the second arrow position, you can view the role and risk of the Authority Upgrade(Upgrade account permissions). If you ignore the risk and execute the confirm operation, it will lead to Authority Upgrade, and the wallet address will be maliciously signed. Then, you will see the reminders when you transfer.

The original intention of multisig is to protect users’ assets, but after being used by scammers, it becomes a tool to steal assets, so please stay alert and read the reminders on TokenPocket carefully!

If you meet similar fraudulent links, please send them to our email: and report them. After verification, we will localize the links to prevent more TokenPocket users from scams!

About TokenPocket

TokenPocket is the world’s leading multi-chain self-custodial wallet, which supports mainstream public chains including BTC, ETH, BSC, TRON, Polygon, Solana, HECO, Klaytn, Avalanche, OKC, HSC, Fantom, Polkadot, Kusama, etc. The trinity of TokenPocket mobile wallet, chrome extension wallet, and hardware wallet has been formally formed. The Secret Recovery Phrase and Private Key are stored in the user’s own device and the user can fully control his own crypto assets. TokenPocket has provided reliable services for over 20 million users around the world. The number of monthly active users exceeds 3.5 million and the users are located in more than 200 countries around the world.

| Website | Twitter |Telegram | Extension |Hardware Wallet|Fans Forum |




Crypto&DeFi Wallet on BTC, ETH, BSC, HECO, TRON, Polkadot, Kusama, Klaytn, HSC, EOS, etc. APP download link:

Recommended from Medium


See more recommendations