Hackers Silently Hijack Tron Wallets: AMLBot Reports
Crypto forensics firm AMLBot has shed light on a highly advanced exploit affecting more than 14,500 Tron cryptocurrency wallets, putting around $31.5 million in digital assets at potential risk in Q4 2024.
On this page
Here’s how it works: there’s a feature on Tron called “UpdateAccountPermission.” It’s designed to enhance security by letting users assign roles to keys and set transaction thresholds.
However, attackers who manage to acquire a user's private key can misuse this feature. They can add their own key to the wallet, configuring it to meet the transaction threshold alongside the original key.
This effectively locks the rightful owner out of their account, making it impossible for them to authorize transactions on their own. Victims may unknowingly continue depositing funds into wallets that are already compromised, further benefiting the attackers.
AMLBot’s Chief Technology Officer, Mykhailo Tiutin, told CoinTelegraph that unsuspecting users often remain unaware of the breach until they face issues while attempting to send funds.
One user shared their experience, explaining how they added 1,000 USDT to their wallet before realizing it was compromised – highlighting that an outright theft might have been easier to detect.
The “UpdateAccountPermission” feature itself isn’t flawed; it serves valuable purposes like enabling shared account control and promoting decentralized governance through multi-approval requirements. However, its misuse underscores the necessity of securing private keys and conducting routine permission audits.
Such vulnerabilities are not exclusive to Tron. On Ethereum, attackers can exploit key functions like “approve” and “permit” used in decentralized finance.
To stay safe, users are encouraged to use hardware wallets, check their account permissions regularly, and carefully check addresses when making deposits.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
