Beware of Scams Involving Multisig Wallets
Recently, some users on platforms like X and Telegram have received similar messages asking for help: “I have $100 or more worth of crypto in my wallet, but I can’t seem to withdraw it. Here’s my wallet address, private key, and recovery phrase. If you can help me withdraw the funds, I’ll reward you with some USDT”.
Let’s say a user (A) receives this message and assumes the sender is a crypto newbie who doesn’t understand how wallets work. Wanting to help, A imports the wallet using the private key or recovery phrase and finds that the balance is real. However, when attempting to withdraw the funds, it doesn’t work. The scammer then tells A that they need to send about $10 in fees to complete the transaction. After A sends the fee, they still can’t withdraw the balance. At this point, A realizes it’s a scam — one that exploits people’s goodwill or greed to steal their crypto.
Even after sending the fee, the scammer may come up with additional excuses to ask for more funds. Once the victim stops engaging, the scammer simply moves on to the next target, and the small gains from many victims can add up to a significant profit for them.
You might be wondering: if the private key is provided, why can’t you withdraw the funds? The answer lies in the concept of a multisig wallet.
What Is a Multisig Wallet?
A multisig (or “multisignature”) wallet differs from a regular wallet that requires only one private key to sign transactions. Instead, multisig wallets need multiple parties (private key holders) to sign off on a transaction before it can be executed.
A common setup is known as m/n signatures, where at least m signatures out of n participants are required to authorize a transaction. For example:
- 1/2 Multisig: Two trusted friends or two personal wallets, where either party can independently sign and initiate transactions.
- 2/2 Multisig: Both administrators must agree before funds can be moved.
- 2/3 Multisig: Two out of three partners must sign to execute a transaction, reducing the risk of funds being stuck if a private key is lost.
In these scams, fraudsters create a multisig wallet and deposit $100 or more in crypto to bait their victims. They’ll share the private key and recovery phrase to gain trust, then ask for a small fee to “help withdraw” the funds. But because multiple signatures are required, the victim can’t actually withdraw anything, and the only result is that the scammer pockets the fee.
Scam Prevention Tips
Victims often fall prey due to two key reasons:
- Low vigilance towards “pie falling from the sky”.
- A misunderstanding of how multisig wallets work, thinking that possessing a private key grants full control over a wallet.
The Qitmeer Team urges everyone to avoid trusting strangers who promise free rewards or profits through social channels or private messages. It’s also important to strengthen your understanding of crypto concepts like multisig wallets to avoid becoming a victim of such scams.
