Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    The Wall Around Mint Street: How the RBI Spent a Year Shutting Crypto Out of Indian Banking
    Michael Saylor’s Strategy
    Why Michael Saylor’s Strategy Is Selling Bitcoin After Years of Buying
  • Opinion
    OpinionShow More
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
    The CLARITY Act War Starts Jamie Dimon Vs Armstrong
    The CLARITY Act War Starts: Jamie Dimon Vs Armstrong
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
Blockchain News

Tron Security Flaw Puts Over 14,500 Wallets at Risk of Hijacking

The UpdateAccountPermission feature on Tron is meant to improve account security by including multisig-like functions.

Written By Jalpa Bhavsar
Fact Checked by Jahnu Jagtap
Published 2025-01-22·Updated 1 year ago
Make The Crypto Times preferred on GoogleGoogle
Share
Tron Security Flaw Puts Over 14,500 Wallets at Risk of Hijacking

A hidden security flaw has affected around 14,545 Tron cryptocurrency wallets and put millions of dollars in digital assets at risk.

2,130 wallets, holding nearly $31.5 million, were hacked with a weakness related to the UpdateAttackPermissions transaction in Q4 2024 alone. 

Instead of stealing funds right away, the hackers take control of the wallet and block the owner from making any transactions. This locks the person out of their funds without them knowing, and they may continue adding more money to the compromised wallet, unknowingly helping the hackers.

Tron UpdateAccountPermission Exploit Puts Wallets at Risk

The UpdateAccountPermission feature on Tron is meant to improve account security by including multisig-like functions. This enables account owners to assign specific roles to keys, set their weight values, and establish thresholds for transaction approval.

For example, if the threshold is set to 10, and two keys each have a weight of 5, both must sign to approve a transaction. While this system is designed to enhance security, it becomes a weakness if an attacker gains access to the owner’s private key.

An attacker can use the compromised key to add their key to the account and set it up so that it meets the transaction threshold when paired with the original key. Since they cannot complete transactions on their own, the legitimate owners are essentially locked out, but they are still free to deposit money into the compromised wallet. 

Mykhailo Tiutin from AMLBot explained, “Wallets do not have any kind of notifications or information to say that somebody has added another key to your wallet. There is absolutely no indication that your wallet is gone until you send an outgoing transaction yourself.”

After discovering the breach, victims can only stop depositing funds into the hacked wallet. As per Sattvik Kansal, co-founder of Rome Protocol, this attack is alarming because users can’t get their funds back without the attacker’s private key.

UpdateAccountPermission: Useful but Not Without Risks

The UpdateAccountPermission feature is designed to help businesses and users share control over their funds. This means multiple people need to approve any transactions, which reduces the chances of unauthorized transactions.

It’s also useful for decentralized organizations, where community members manage funds together. Requiring multiple approvals prevents one person from taking control of the funds. Even regular users can use UpdateAccountPermission by adding more keys to their accounts. This makes it less likely they’ll lose access to their funds if one of their devices or keys gets hacked.

Exploitation Happens Beyond Tron

The misuse of blockchain functions does not only happen to Tron. On Ethereum, attackers often take advantage of commonly used features like “approve” and “permit,” which are key for using decentralized finance platforms.

A Scam Sniffer report says that phishing scams across blockchains, excluding Tron, led to $9.38 million in losses in November 2024. Ethereum alone contributed close to $7 million. This is a decrease from the $20 million in losses reported in October 2024, potentially due to Ethereum wallets now asking users to confirm suspicious transactions before approval.

How to Protect Your Wallet from Silent Hijackers

To exploit the UpdateAccountPermission feature, attackers need access to the private key. Once leaked, the account is compromised, and hackers can steal more funds.

Axel Leloup, a security expert, advises understanding Tron’s permission system and regularly reviewing account permissions. He also stressed the importance of securely storing private keys and never sharing them with untrusted sources.

The victim’s wallet was vulnerable due to poor security practices, with the private key exposed in code across multiple devices during smart contract testing.

To prevent this, limit the amount of Tron (TRX) in wallets, especially for USDT transactions. Since 100 TRX is needed for the UpdateAccountPermission function, wallets with little TRX are harder for attackers to exploit. Tiutin recommends using wallets that allow USDT transactions without burning TRX.

Also Read: Apple & Google Ban Crypto Apps Tied to Huione Group Cyberscam

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Tron (TRX)
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Bitcoin BIP-110 Debate Reignites as Michael Saylor Calls it a 'Iatrogenic Proposal'
Bitcoin BIP-110 Debate Reignites as Michael Saylor Calls it a ‘Iatrogenic Proposal’
Cathie Wood’s ARK Invest Buys 220K More Circle Shares as CRCL Selloff Deepens
Cathie Wood’s ARK Invest Buys 220K More Circle Shares as CRCL Selloff Deepens
Stripe's $53B PayPal Bid Would Unite OUSD and PYUSD
Stripe’s $53B PayPal Bid Would Unite OUSD and PYUSD
Kalshi Slams CFTC Trade Order After Michigan Court Fight
Kalshi Slams CFTC Trade Order After Michigan Court Fight
Mudrex & KoinX Launch Crypto Tax Campaign Ahead of India’s July 31 Deadline
Mudrex & KoinX Launch Crypto Tax Campaign Ahead of India’s July 31 Deadline

Find Us on Socials

You may also like

Pi Network Migrates 10.9 Billion Mining Rewards to Mainnet

Pi Network Migrates 10.9 Billion Mining Rewards to Mainnet

US Traders Could Front-Run Robinhood Chain Users by Two Blocks

US Traders Could Front-Run Robinhood Chain Users by Two Blocks

Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets

Ethereum L1 Tops Public Networks With Over $19B in Tokenized Assets

Zcash Confirms July 28 Ironwood Activation; ZEC Trades Near $500

Zcash Confirms July 28 Ironwood Activation; ZEC Trades Near $500

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information