Researchers Have Issued A Serious Bitcoin Security Warning
Bitcoin and cryptocurrency adoption has failed to live up to expectations over recent years and fears around scams, fraud, and theft have not helped.
The bitcoin price, after its epic 2017 bull run, slumped last year–though has rebounded in 2019, climbing back above $10,000 per bitcoin.
Now, researchers have warned a staggering four out of the first five results returned when asking Google for a “bitcoin qr generator” led to scam websites–potentially furthering negative public perception around bitcoin and cryptocurrency.
If a user of one of these scam sites tries to generate a QR code for their own bitcoin address, it will create a QR code for the scammer’s wallet, researchers from ZenGo, a bitcoin and cryptocurrency wallet provider, found.
QR codes are often used to share data via a smartphones’ camera and are commonly used to quickly share a bitcoin or cryptocurrency wallet address.
“These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers,” ZenGo’s Tal Be’ery wrote in a blog post.
“Scammers do not even bother with generating their fake QR themselves, instead they shamelessly call a blockchain explorer API to generate the QR for their address.”
Researchers calculated that some $20,000 had recently been lost to QR code scams, calling their findings “just the tip of the iceberg,” as thieves likely regularly change their bitcoin and crypto addresses to avoid detection and blacklisting.
Last month, it was found bitcoin and cryptocurrency fraudsters stole over $4 billion of digital currency from investors and users in the first six months of 2019, a significant increase on the $1.7bn stolen in 2018.
These stolen funds were a result of “outright thefts” from cryptocurrency exchanges, but also scams, according to U.S. cyber security research company Ciphertrace.
“[As QR] codes are not humanly readable, it opens an avenue for fraud,” added ZenGo’s Tal Be’ery.
“Fraud can be on the receiver side when generating as shown here, but also on the sender side if the sender is using a rogue wallet or even a good wallet using a rogue QR implementation.”
* You will receive the latest news and updates.