September 6, 2019 – Cryptocurrency scams come in all forms and shapes. From the most stupidly obvious to complicated. In a new report, the QR Code, the very mechanism that has become useful lately when it comes to payments and depositing and withdrawing funds are being used to scam people.
Cryptocurrency Wallet ZenGo wrote that while they are trying to add QR support to their product, they found out that “4 out of 5 results presented when querying Google were leading to scammers websites.” In a blog post, they revealed that QR codes generated from these websites are controlled by scammers, “thus directing all payments” to the scammer and not to the user.
How is this even possible? ZenGo tried requesting a QR for a specific Bitcoin Address. What they got is a QR code that matches another address. In some instances, the scammer will display a QR code with a fake address that matches the format of the requested address. In this way, any victim who just scan or skim the address will likely not be able to spot the discrepancy.
Finally, some will put the scam address in the clipboard. According to ZenGo, “if victims verify the QR code by pasting the value in the clipboard, thinking it’s the address they previously copied to get a QR for, it will match.”
How to avoid the QR Code Generator Scam
ZenGo publishes these tips:
- Don’t google a QR code, instead use your favorite blockchain explorer to generate one;
- Verify that the scanned address in the QR is your original address;
- Use browser addons like MetaCert’s Cryptonite to alert on scammy websites and addresses.
ZenGo said they have shared the technical details of their findings with threat intelligence providers.
Just recently, we reported about a Bitcoin ATM Scam in Canada that deliberately misleads the victim to use a different QR code as a destination address. Reported by Manitoba Post (via U.Today,) announcements are posted on Bitcoin ATMs that warn users of an ongoing upgrade. Now normally, when buying Bitcoin on cryptocurrency ATMs, the user will be asked to have the QR Code of their OWN wallet address scanned so that the machine can send the Bitcoin to their wallet.
So the scheme is that in the posters plastered on the Bitcoin ATMs, the user is warned of an upgrade and requested to scan the QR Code that is on the poster itself. As U.Today pointed out, it sounds very ridiculous but uninitiated newbies might fall in this trap.
This article is first published on BitPinas: [Beware] Many Bitcoin QR Code Generators are Scams