Four Out of Five Top Bitcoin QR Code Generators are Scams: Report

Published at: Sept. 6, 2019

Four out of the first five results presented when querying Google for a “bitcoin qr generator” lead to scam websites.

The findings

Cryptocurrency wallet ZenGo wrote the findings in a blog post published on Aug. 29. Reportedly, when researching prior to implementing QR Code support in their wallet, ZenGo learned of the prevalence of scam QR Code generators. The company explains how the alleged scam works:

“These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.”

QR codes are a way to share data (in this case public keys) in a visual way that can be scanned with devices featuring a camera — usually a smartphone. Such codes are believed by many to be the most convenient way to share a wallet address when in-person — in retail transactions, for example — since it avoids the need to type long strings of seemingly random characters.

Successful scams

During their investigation, ZenGo researchers found out that some of those scams have gone as far as also changing the addresses contained in the clipboard to the scam address. Some, on the other hand, personalized the scam address to be of a similar format to the one provided by the user. Lastly, the company notes that those scams are also successful:

“Summing up the balances of the scammy addresses we had observed, we found out about scams worth about $20K. We assume they are just the tip of the iceberg, as scammers probably change their addresses to avoid detection and blacklisting.”

As Cointelegraph reported in July, the South Korean Justice Ministry estimates that cryptocurrency-related crimes have caused 2.69 trillion won (about $2.28 billion) of financial damage between July 2017 and June 2019.

Tags
Related Posts
Binance Helps UK Police to Stop $51 Million Phishing Fraud
Binance claims to have assisted British prosecutors in an investigation of an online fraud that resulted in over $51 million losses by victims. Criminal is now jailed On Sept. 26, Binance’s chief compliance officer Samuel Lim published a blog post saying that the exchange was working with the Cyber Crime Unit of the United Kingdom’s Metropolitan Police Service to investigate into Bulgarian phishing expert Svetoslav Donchev. As officially reported by the Crown Prosecution Service (CPS), Donchev, 37, was extradited to the U.K. from Bulgaria to face the online scamming fraud charges and pleaded guilty to five offences to receive a …
Cryptocurrency Exchange / Sept. 27, 2019
Warning: How 'One Time Password' bots can steal all your crypto
Cybercriminals are using bots purchased on Telegram to trick users into giving them access to their cryptocurrency accounts. According to a report from cybersecurity firm Intel471, One Time Password (OTP) bots are “remarkably easy to use” and are relatively inexpensive to operate relative to the amount that can be earned from a successful attack. A Telegram bot known as ‘BloodOTPbot’ charges a monthly fee of just $300 to hackers to access. Fraudsters also have the option to spend an extra $20 to $100 on more phishing tools that target individual social media accounts on Instagram, Facebook and Twitter, financial services …
Blockchain / Feb. 17, 2022
Crypto’s recovery requires more aggressive solutions to fraud
It’s hardly an exaggeration to say that our industry is facing tough times. We’ve been in the midst of a “crypto winter” for some time now, with the prices of mainstays, including Bitcoin (BTC) and Ether (ETH), tumbling. Likewise, monthly nonfungible token (NFT) trading volumes have fallen more than 90% since their multibillion dollar peak back in January of this year. Of course, these declines have only been exacerbated by the numerous black swan events rocking the crypto world, such as the FTX and Three Arrows Capital meltdowns. Taken together, it shouldn’t be a surprise that crypto is facing a …
Cryptocurrencies / Dec. 30, 2022
Crypto Thief Indicted in New York’s First SIM Swapping Prosecution
Manhattan’s District Attorney (DA) announced the indictment of an individual for stealing identities and funds, including crypto, via a process known as SIM swapping. The announcement was made in an official press release from the Manhattan District Attorney’s Office on Feb. 1. The defendant, Dawson Bakies, has been accused of stealing the identities of over 50 victims in the United States, and also stealing funds from some of them. The 20-year-old man has been charged with identity theft, grand larceny, computer tampering and scheme to defraud among other charges in a New York State Supreme Court indictment. According the Manhattan …
United States / Feb. 2, 2019
LocalBitcoins Resumes Outgoing Transactions After Warnings of Phishing Link on Forum
A link to a phishing LocalBitcoins clone website had been placed on the official LocalBitcoins forum, but the attack has since been stopped. A LocalBitcoins community manager warned of the attack on Reddit on Jan. 26. According to the post, an unidentified hacker or hacker group detected a security vulnerability in the LocalBitcoins forum and linked it to a phishing forum. Even before the official communication, a Reddit user warned in a post on the Bitcoin (BTC) subreddit: “When visiting the localbitcoins forum [...] users are prompted to log into their account, as if they have been logged out. This …
Hackers / Jan. 27, 2019