- Attackers have exploited a new vulnerability in Tron wallets, with 2,130 wallets in Q4 2024 alone, losing approximately $31.5 million each.
- The attack method involves blocking legitimate transactions while allowing victims to unknowingly deposit more funds.
A newly identified vulnerability discovered on Tron wallets has found that over 14,500 wallets on the platform expose millions in crypto holdings. According to security firm AMLBot report, 2,130 such wallets were allegedly compromised in Q4 2024 alone, each holding approximately $31.5 million.
Tron Crypto Wallet Scam
Instead of immediately draining wallets, attackers secretly gain control and block legitimate transactions, leaving the actual owners unaware. This delay in detection allows victims to unknowingly deposit more funds into compromised accounts.
“Typically, a victim doesn’t even realize that the wallet is gone,” explained Mykhailo Tiutin, CTO of AMLBot. One affected user revealed how he had added 1,000 USDT to his wallet without noticing that the wallet was already compromised. “If the thief would immediately take all my money away, I would have immediately realized that I had lost my wallet,” he said, according to a CoinTelegraph report.
The vulnerability lies in Tron’s UpdateAccountPermission transaction, which is a feature designed to make wallets more secure by assigning roles and setting thresholds for transaction authorization. For example, if the threshold of a transaction is 10 and two keys have weights of five each, then both keys will have to agree on the transaction.
However, if an attacker obtains a private key of a wallet owner, he can add his own key to the account and configure it to meet the required threshold. This, in effect, locks the legitimate owner out of his wallet.
“Wallets do not have any kind of notifications or information to say that somebody has added another key to your wallet. There is absolutely no indication that your wallet is gone until you send an outgoing transaction yourself,” Tiutin noted.
After the lockout, the user can do little else. “This attack is especially concerning, as there is no way to recover funds for the user because the attacker’s private key is required for any further transactions,” said Sattvik Kansal, Rome Protocol’s co-founder.
Although this vulnerability has been exploited, the function of UpdateAccountPermission is beneficial in many ways. It is mainly helpful to business and organization entities to have shared control over their funds. Using multi-signature approval minimizes unauthorized transactions and supports decentralized governance.
Move To Enhance Wallet Security
Not something exclusive to Tron is the exploitation of wallet functionalities. In fact, many Ethereum users have suffered substantial losses from misuse of commonplace features like “approve” and “permit.” Blockchain security firm Scam Sniffer noted that phishing scams accounted for $9.38 million in November 2024, of which $7 million came from Ethereum.
Preventing attacks of this nature starts with safeguarding private keys. As Axel Leloup, lead security researcher at Dowsers, explained, “Ensure private keys and mnemonic phrases are stored securely, preferably offline, and never shared with untrusted parties.”
In one example, the private key in an affected Tron wallet was embedded in the direct source code of the smart contract during testing, making it extremely vulnerable. Low exposure to wallet balances can further discourage the attackers, especially since the UpdateAccountPermission function charges a 100 TRX fee.
Source: https://www.crypto-news-flash.com/tron-wallets-at-risk-14500-addresses-could-face-hijacking/?utm_source=rss&utm_medium=rss&utm_campaign=tron-wallets-at-risk-14500-addresses-could-face-hijacking