Bitcoin or the cryptocurrency space, in general, has been through a lot over the past couple of years. Followed by an epic bull run in 2017, the price of Bitcoin has consistently slumped last year, which has somewhat rebounded in 2019, rising back above $10,000 per BTC. And now, more reasons are coming up, adding to the negative public perception around Bitcoin and cryptocurrencies.
Recent research by cryptocurrency wallet provider—ZenGo—warns users to be highly aware while using QR encoding services from untrusted websites that might be masking your data underneath for their benefit. The report goes on to prove that a staggering four out of five results returned by Google, when searched for a “bitcoin QR code generator,” leads to fraudulent websites.
At present, QR codes are undoubtedly one of the simplest, fastest, and most secure ways to share an address while exchanging cryptocurrencies between two wallets. The convenience of QR codes are especially felt in cases of face-to-face point-of-sale transactions since it eliminates the need for typing wallet addresses which are represented by long strings of random characters. The said duplicitous sites generates a QR code that encodes a wallet address controlled by the scammers, instead of the one linked to the users. All payments made to this QR code is naturally directed to the scammer’s wallet.
ZenGo co-founder, Tal Be’ery also said that these scammers don’t even bother to generate their own QR code/ Rather, they “shamelessly” invoke a blockchain explorer API to generate the QR linking to their address. He, therefore, suggests users to always their trusted website for generating a QR instead of blindly relying on Google. Even then it is recommended to scan the QR code with a wallet app and check if the scanned address is the right one, before sharing the QR.
In addition, using a browser add-on like MetaCert’s Cryptonite that acts as a threat intelligence service and a wallet that alerts on unlawful sites can also help. Be’ery, though, says,
But, it’s not a silver bullet as these services coverage cannot be hermetic.
There exist other secure methods payments as well, like the Foundation of Interwallet Operability (FIO). Over 25 crypto wallets and exchanges have already started migrating from long crypto keys to the ‘username: domain’ method.
Only last month, around $20,000 had been lost to QR code scams, as researchers suggest.
They’re even calling these findings “just the tip of the iceberg,” as these scammers are most likely to change their wallet addresses regularly in order to avoid detection and blacklisting. In the first half of 2019, fraudsters stole cryptos worth over $4 billion from investors and users, marking a prominent rise on top of the $1.7 billion stolen in 2018.
According to the U.S. cybersecurity research company, Ciphertrace, these scams were results of “outright theft” from cryptocurrency exchanges, alongside other scams.