Sorry people, but it seems like fraud is still running rampant throughout the cryptocurrency space. Earlier this morning, we reported on a new way to turn bitcoin into cash via the dark web, and now, we’re here to discuss a new QR code system that sends people to scam sites.
A QR Code System That’s Turned Rogue?
For as long as bitcoin and cryptocurrency have existed, there have been malicious actors out there seeking to take what isn’t theirs. Unfortunately, the security of the crypto world has often left a lot to be desired, and too many doors remain open for hackers to enter.
Among the most common ways to steal one’s digital funds include crypto jacking, SIM-swapping and phony initial coin offerings (ICOs), though the latter has seemingly become a thing of the past. Very few companies are looking to employ these fundraising events given the scrutiny they’re likely to face from the Securities and Exchange Commission (SEC) if the assets being provided are not registered correctly. There are simply too many unanswered (and confusing) questions.
Crypto jacking involves gaining control of a person’s computer to mine cryptocurrencies, while SIM-swapping often involves bribing cell provider employees for the private data of account holders. This can include birthdates, social security numbers, and even usernames and passwords.
Researchers have conducted a new study through Google, in which they performed searches regarding the generation of bitcoin QR codes to develop new wallet addresses. They say that four of the first five results ultimately led them to scam sites involving codes that if downloaded, could potentially open the door for hackers to steal users’ funds.
One of the researchers explains:
These sites generate a QR code that encodes an address controlled by the scammers instead of the one requested by the user, thus directing all payments for this QR code to the scammers. Scammers do not even bother with generating their fake QR themselves. Instead, they shamelessly call a blockchain explorer API to generate the QR for their address.
How Much Is Gone?
It is estimated that more than $20,000 in crypto funds have been lost to these phony QR codes. The researcher goes on to say:
[As QR] codes are not humanly readable, it opens an avenue for fraud. Fraud can be on the receiver side when generating as shown here, but also on the sender side if the sender is using a rogue wallet or even a good wallet using a rogue QR implementation.
Cases of thievery in the crypto space have increased exponentially over just the last year alone, with nearly $5 billion in funds being stolen in just the first six months of 2019. This is considerably higher than the $1.7 billion lost or stolen in all of 2018.