Cybersecurity experts at AMLBot said that unlike typical hacks of crypto wallets, these hackers did not seek to withdraw all the funds of their victims at once, but set themselves the goal of seizing control of wallets, while remaining unnoticed for users.

Then they blocked all outgoing transactions, which was also not obvious for the victims of the attack, since the operations of replenishing the crypto wallet were carried out normally. Thus, the aggrieved party continued to "enrich hackers", but was effectively deprived of access to their funds.

The hacker attack vector was aimed at compromising the UpdateAccountPermission function of Tron wallets, which was supposed to improve account security by allowing crypto account holders to assign certain roles to keys, set weights and thresholds for approving transactions. During the attack, hackers managed to implicitly add their own key to the account and configure it to block outgoing transactions.