In March, a total of 7 BTC ($45,000) have been stolen from unsuspecting users through fake QR code generators. Security researcher Harry Denley outed nine websites as fake BTC-to-QR code generators.
These websites pass themselves as a quick and accessible way of generating QR codes. Since BTC transactions are irreversible, they take advantage of the users’ fear of making mistakes in inputting their BTC addresses. This has led many people to turn to instant QR code generators to make it much less risky for them to transact with BTC.
The following websites are:
How do the thieves do it?
The interfaces of the websites are straightforward and easy to use. Unsuspecting victims just have to enter their BTC addresses in order to instantly generate a QR code. Marketing the QR code generator and getting people to use them is the thieves modus operandi.
According to Denley, Director of Security at MyCrypto, instead of embedding the victim’s Bitcoin address in the QR code, the fake generators instead embedded one of the thieves’ many BTC addresses. Any funds sent to the victim via the QR code would instead be sent to the thieves’ wallet.
The websites not only feature a fake QR code generator, unfortunately. They also harbor approximately 450 suspicious websites on COVID-19 and cryptocurrencies.
Some of the domains also host fake BTC transaction accelerators claiming to ease BTC transfers for 0.001 BTC (6 USD).
So far, these accelerators have managed to steal around 17.6 BTC ($110,000.)
How to protect yourself from malicious QR code websites
Scammers and thieves are also taking advantage of the current situation to steal from unsuspecting users.
The United States Securities and Exchange Commission (SEC) even warned people against “coronavirus investment scams” possibly connected with microcap stocks. Such websites prey on the fear of the public of the recession with a promise of get-rich-quick schemes.
Be extra cautious in each transaction you perform online. BTC users are always reminded to never transact on websites that offer convenient services without doing their due diligence.
Only use a Bitcoin QR code generator that you know and trust and that you are transacting on reputable and known websites. You can also verify that the generated QR code is actually tied to your Bitcoin address by using a QR code scanner app to test it.
And finally, do not ever share QR codes that other people could be passing around online. Inform others about suspected phishing and scamming websites so that it doesn’t get to victimize more people. Help everyone keep the whole network safe.
Featured image courtesy of Flickr/Paul Wilkinson