Tron Wallets at Risk: Victims Unknowingly Add Funds to Hacked Accounts
Tron Wallets at Risk – A recently uncovered vulnerability has put 14,545 Tron wallets at risk, exposing millions of dollars in digital assets to potential theft. According to AMLBot, a security firm, over 2,130 wallets were compromised in just the fourth quarter of 2024 due to a flaw in the UpdateAccountPermission transaction. These accounts collectively held nearly $31.5 million in digital assets as of the report’s publication.
How the Attack Works: Stealthy and Dangerous
What makes this attack particularly dangerous is its stealthy nature. Unlike typical hacks where attackers immediately drain funds, this exploit lets hackers take control of wallets without being detected. The attackers block legitimate outbound transactions, locking the rightful owners out of their funds. Victims might continue to deposit funds, unaware that their wallet has already been compromised.
“Mykhailo Tiutin, CTO at AMLBot, explained, “A victim doesn’t understand that the wallet is gone.” One victim shared their experience, revealing they added 1,000 USDT to their wallet before realizing the breach. If the thief had taken all the funds immediately, the victim would have noticed the loss sooner.
Exploit Tied to the UpdateAccountPermission Function
The UpdateAccountPermission function was originally designed to strengthen security by enabling multisig-like controls over transactions. It allows users to assign roles to keys and set thresholds for transactions. However, this system becomes a vulnerability when attackers gain access to a user’s private key. Once compromised, attackers can add their own key to the wallet, effectively blocking the owner from conducting transactions independently.
Unfortunately, wallets do not notify users if new keys are added, leaving no indication that the wallet has been compromised until the victim tries to make a transaction.
What Can Users Do to Protect Themselves?
Security experts emphasize the importance of private key protection and regular checks of account permissions. Ensuring that private keys are stored securely, preferably offline, and never shared with untrusted parties, is essential in preventing this kind of attack. Additionally, minimizing the amount of TRX stored in wallets can act as an added safeguard, as the UpdateAccountPermission function requires a 100 TRX fee.
As this attack continues to affect Tron users, it highlights the importance of both robust security practices and the ongoing development of secure wallet solutions.
Disclaimer: This article is for informational purposes only and does not constitute investment advice. Cryptocurrencies and stocks, particularly in micro-cap companies, are subject to significant volatility and risk. Please conduct thorough research before making any investment decisions.
Leave a comment