A potential security vulnerability is affecting around 14,545 TRON wallets, putting millions of dollars in digital assets at risk of theft.
The security vulnerability on TRON threatens more than 14,500 wallets. Image: cryptomus
Cause of the vulnerability
A little-known security vulnerability has put more than 14,500 TRON wallets at risk of asset theft. This vulnerability has led to the potential theft of millions of dollars in digital assets without the wallet owners' knowledge.
AMLBot, a security firm, discovered that 2,130 wallets have been compromised through a vulnerability related to the UpdateAccountPermission feature, with a total affected asset value of up to $31.5 million.
What makes this attack particularly dangerous is its stealthy nature. Instead of immediately withdrawing funds, the attackers can take control of the wallet without being detected. They can stop legitimate transactions, preventing the wallet owners from accessing their assets. One victim shared that they continued to deposit 1,000 USDT into their wallet without realizing it had been compromised, as there were no signs of the attack.
Understanding UpdateAccountPermission
The TRON UpdateAccountPermission feature is designed to enhance account security through a mechanism similar to multisig, allowing wallet owners to delegate permissions and set thresholds for transaction approvals. For example, if the transaction threshold is 10 and each key has a weight of 5, both keys must sign to authorize a transaction.
In theory, if an attacker gains control of a wallet, they can add their own key to the account and adjust the transaction threshold to make it feasible to bypass. As a result, the wallet owner cannot complete transactions alone, but they can continue to deposit funds into the compromised wallet without realizing it.
According to Mykhailo Tiutin, the Chief Technology Officer of AMLBot, there are no warnings or signs to indicate that a wallet's permissions have been changed. Victims only discover the issue when they try to make a transaction and are unable to complete it.
Even when the problem is detected, the only option for victims is to stop depositing funds into the compromised wallet, and there is no way to recover the lost assets.
It's only when they receive this notification that wallet owners realize the problem
Not just on TRON
The abuse of blockchain features is not limited to TRON. On Ethereum, malicious actors often exploit popular features like "approve" and "permit", which are crucial for interacting with decentralized finance (DeFi) platforms.
As Coin68 has summarized, crypto attack losses increased by 40% in 2024, even though DeFi is no longer the main target.
Preventive measures
The prerequisite for an attacker to exploit the UpdateAccountPermission feature is the leakage of the private key. To prevent this, Axel Leloup, a security researcher at Dowsers, emphasizes the importance of understanding TRON's permission system and regularly checking account permissions.
Leloup also warns about the fundamental principle of cryptocurrency security, which is to safely store the private key and seed phrase offline and never share them with anyone untrustworthy.
An anonymous victim shared that their wallet was compromised due to poor security. This wallet was used to test smart contracts, and its private key was embedded in the source code and moved across multiple devices.
Another protective measure is to reduce the amount of TRON (TRX) stored in the wallet, especially for users transacting USDT. The UpdateAccountPermission feature requires a 100 TRX fee. Tiutin recommends using wallets that allow USDT transactions without consuming TRX.
In general, securing crypto wallets involves not only protecting the private key but also understanding and controlling the security features on the blockchain platform. Furthermore, scams are becoming increasingly sophisticated and unpredictable, making it difficult for users to prevent them absolutely. A typical example is the recent rise of hacker impersonating recruiters.
Compiled by Coin68
