Chinese authorities have made a significant breakthrough in the fight against fake crypto wallets by arresting a criminal gang involved in manufacturing and distributing them.
China takes a stand
According to reports, the Shanxi police have arrested the gang and they are currently investigating the case. It is worth noting that this is not an isolated case, as police in other parts of China have also previously cracked down on similar criminal gangs who used similar methods to counterfeit world-renowned wallets such as imToken, TokenPocket, MetaMask, and TrustWallet and carried out coin theft.
The gang, which has been operating for a long time, has been distributing fake wallet APK installation packages through Telegram, WeChat groups, and other means, buying advertising services on search engines, and counterfeiting Token Pocket’s official website to induce victims to download and install fake wallets to steal encrypted assets.
These fake wallet-stealing activities have been highly industrialized, and the techniques of stealing coins have been continuously upgraded. Recently, a large number of victims have been stolen by new multi-signature techniques, and the scale of damaged funds is continuing to expand.
Bitrace, a cryptocurrency tracking and recovery platform, recently assisted the Shanxi police in successfully cracking down on the gang. Bitrace has been paying attention to the criminal situation of fake wallets stealing coins for a long time and has warned users to download wallets from regular app stores or official websites and not to install installation packages sent through Telegram or WeChat groups, or wallets downloaded from search engines, to avoid theft of encrypted assets.
The multi-signature scam
One of the new techniques used by hackers to steal coins is multi-signature. Multi-signature is a security mechanism widely used in blockchain technology that requires a certain number of users with private key permissions to agree to sign a transaction before it can be completed.
Multi-signature helps prevent malicious attacks and fraud, improves the security and usability of encrypted assets, and solves the potential trust problems of multi-party cooperation in asset management.
The use of multi-signature also means that when a user’s private key is hacked or stolen, the hacker cannot successfully transfer assets because they have not obtained the private key of other users with multiple signatures.
However, once the highest authority of the multi-signature is stolen, the hacker can pretend to be a partner and lurk in the dark, seeing that they can wait for the funds to accumulate more and then wipe them all out.
In the multi-signature scam, because the user loses their account authority, the address will always be in the state of “only in and out” during this period.
If the user does not operate the transfer, they will never find themselves on the verge of being stolen. Bitrace found that the fraudulent gang has stolen the assets of 29 people in total through this method, totaling about 215,600 USDT.
The Bitrace team recommends that major wallet manufacturers enable the function of detecting multi-signature permission changes on the client-side, and the words “Your wallet operation permission has been changed” will be displayed immediately. If the user can be identified and notified in time, it will effectively prevent larger losses from occurring.
Source: https://www.cryptopolitan.com/china-takes-down-fake-crypto-wallet-operation-details/