New QR Code Scam: How to Protect Your Cryptocurrency Assets

09.08.2024

New QR Code Scam: How to Protect Your Cryptocurrency Assets

Cryptocurrency transactions have long been an integral part of the modern financial world, offering users fast, convenient, and decentralized ways to exchange and store funds. However, with the growing popularity of cryptocurrencies, the number of fraudulent schemes aimed at stealing funds from unsuspecting users has also increased. One of the latest scams, involving the use of QR codes, has become a serious threat to cryptocurrency wallet owners. Bitrace, a company specializing in blockchain technology research and analysis, has issued a warning about this new scam.

How the scam works

Scammers operate by contacting users through various social platforms, offering attractive cryptocurrency exchange deals. The first step is to establish trust. To do this, the criminals may conduct a small transaction in USDT (Tether) to convince the user of their reliability. After a successful initial transaction, they suggest a "small return test," in which the user is required to scan a provided QR code. The scammers claim that this code is necessary to confirm the transaction or verify the address.

In reality, scanning the QR code gives the scammers access to the user's wallet. By scanning the code, the user inadvertently allows the scammers to manage their funds, potentially leading to the complete loss of all assets in the wallet.

Real examples of scam victims

According to Bitrace, at least 27 people have fallen victim to this scheme, with total losses amounting to approximately $120,000 in USDT. One victim shared their story with Bitrace, explaining that after conducting a test transaction of 1 USDT, their wallet was completely emptied. "I just scanned a QR code. How could I have been robbed?" the victim stated in disbelief.

Bitrace analyzed the scam using the QR code provided by the victim. In a controlled experiment, the company used an empty wallet, which after scanning the code, redirected them to a third-party website claiming to be an "OKX Official Certification" site. On this site, the user was prompted to enter a return amount and confirm the transaction. After clicking "Next," the user was asked to sign a smart contract, which in reality transferred full control of the wallet to the scammers.

Detailed scam breakdown

Scammers meticulously plan their attacks, using psychological tactics to gain their victims' trust. They first establish contact with potential victims on popular platforms and social networks, posing as reputable members of the cryptocurrency community. They may offer favorable exchange terms that slightly deviate from the market rate, thereby attracting the user's attention. To create an illusion of legitimacy, the scammers conduct the first transaction without any issues, such as sending 1 USDT to the victim's wallet. This creates a sense of security, encouraging the user to proceed further.

After a successful initial transaction, the scammers suggest the victim perform a "return test," supposedly necessary to ensure the safety of future transactions. At this point, the user receives a QR code, which the scammers claim is needed to confirm the transaction or verify the address. However, this code hides malicious software that activates upon scanning, giving the scammers access to the victim's wallet.

Bitrace, testing the QR code under controlled conditions, discovered that after scanning, the code redirects the user to a third-party website disguised as an official resource, where the user is prompted to confirm the transaction. The entire process appears legitimate, but in reality, it is a carefully crafted scheme to steal funds.

Challenges in tracking and recovering stolen funds

One of the key advantages of cryptocurrencies is their anonymity, but this very feature makes them appealing to scammers. While it is technically possible to track transactions on the blockchain, identifying the individuals or organizations behind specific wallets is extremely challenging. Bitrace noted that scammers use intermediary addresses to obscure their tracks, significantly complicating the investigation and recovery of stolen funds. In the case of the QR code used in this scam, Bitrace managed to trace the funds to a centralized exchange, but even then, identifying the scammer remains a difficult task.

Cryptocurrencies are often used in fraudulent schemes precisely because of their decentralized nature, allowing criminals to conduct operations while remaining anonymous. Bitrace advised the victim to contact law enforcement in an attempt to recover the stolen funds through legal channels; however, the outcomes of such cases are not always favorable.

Precautions and recommendations

Bitrace emphasizes the importance of taking precautions when conducting cryptocurrency transactions, especially outside official platforms and exchanges. First, users should always carefully verify counterparty addresses before taking any action. This includes not only checking the addresses themselves but also being alert to any suspicious signs, such as requests to scan QR codes or click on unknown links.

The company is also developing a new risk assessment tool that will allow users to identify potential threats when interacting with cryptocurrency addresses. This tool will be available for free testing and is expected to become an essential element in the fraud protection arsenal for all cryptocurrency market participants.

Additionally, it is crucial to remember that even seemingly small transactions can pose a significant threat. In a situation where a single mistake can lead to the complete loss of funds, users must be extremely cautious and aware of potential risks. Bitrace strongly recommends using multi-factor authentication and additional security measures, such as cold wallets, for storing substantial amounts of cryptocurrency.

Conclusion

With each passing day, the number of fraudulent schemes in the cryptocurrency space continues to grow, and these schemes are becoming increasingly sophisticated. QR codes, once considered a convenient and secure tool for transactions, can now lead to significant losses if they fall into the wrong hands. Bitrace warns all users to stay vigilant and aware of potential threats when using cryptocurrency wallets.

Current articles