China takes a stand
According to reports, the Shanxi police have detained the group and are looking into the matter. It is important to note that this is not an isolated incident; police in other regions of China have already taken action against criminal groups who used comparable tactics to forge imToken, TokenPocket, MetaMask, and TrustWallet wallets, among other well-known wallets, and then stole coins.
The gang, which has been active for a while, has been distributing fake wallet APK installation packages through Telegram, WeChat groups, and other channels, purchasing search engine advertising services, and forging the official website of Token Pocket to entice victims into downloading and installing fake wallets so they can steal encrypted assets.
The methods of stealing bitcoin have been continuously improved, and these phoney wallet theft activities have become extremely industrialized. New multi-signature tactics have recently stolen from a huge number of victims, and the amount of lost money is growing.
Recently, Bitrace, a bitcoin tracking and recovery software, helped the Shanxi police put the gang in check. In order to prevent the theft of encrypted assets, Bitrace has long been monitoring the criminal situation in which fake wallets are used to steal coins. To prevent this, Bitrace has advised users to only download wallets from legitimate app stores or official websites and not from installation packages sent through Telegram or WeChat groups or wallets downloaded from search engines.
The multi-signature scam
Multi-signature is one of the modern methods that hackers employ to steal cryptocurrency. A common security feature of blockchain technology is multi-signature, which necessitates the consent of a specific number of individuals having access to private keys in order for a transaction to be performed.
In addition to enhancing the security and usability of encrypted assets and resolving any trust issues associated with multi-party asset management cooperation, multi-signature helps avoid harmful assaults and fraud.
Due to the usage of multiple signatures, when a user’s private key is compromised or stolen, the hacker is unable to transfer assets because they were unable to access the private keys of other users who had multiple signatures.
The hacker can, however, pose as a partner and linger in the shadows once the multi-highest signature’s authority has been taken, seeing that they can wait for the money to amass more before wiping them all out.
The address will always be in the condition of “only in and out” throughout this time in the multi-signature scam since the user loses their account authority.
If the user doesn’t control the transfer, they’ll never be in danger of being taken. This strategy was used by the fraudulent group to steal a total of 29 people’s assets, amounting to around 215,600 USDT.
The Bitrace team suggests that major wallet makers turn on the feature that detects multi-signature permission changes on the client-side. When this feature is enabled, the message “Your wallet operation permission has been altered” will appear right away. It will successfully stop larger losses from happening if the user can be identified and informed in a timely manner.