BTC: $4,076.64 +0.83%
ETH: $140.21 +0.85%
XRP: $0.31772 +0.46%
MARKETCAP: $141,285,416,316
24H VOL: $33,881,513,442
BTC: 51%

QR Code Fraud Could Result In $50,000 of Stolen Bitcoin Each Year

QR Code

In the crypto world, it is common knowledge that public keys can be shared freely, as those keys simply represent an address that can be used to receive money. Unlike private keys, public keys cannot be used to withdraw funds from an address. However, it seems that public key sharing is quickly becoming the target of attackers who exploit QR codes.

QR codes are simply scannable images that represent a string of text. Mobile wallets commonly rely on QR codes because they provide a way for users to share a wallet address without the need for typing. The problem is that QR codes are easy to generate and hard to distinguish, and various malicious sites are taking advantage of that fact.

The Rise of Malicious Sites

Plenty of legitimate sites and wallets can convert crypto addresses to QR codes. However, a number of malicious sites are also offering the same function while surreptitiously inserting their own address. This technique is called a man-in-the-middle attack because attackers don’t actually gain access to a wallet — they simply intercept and redirect a transaction.

Since malicious sites frequently change the addresses that they use, it is hard to say exactly how much cryptocurrency these sites have stolen. However, after examining three different sites that rank highly in Google’s search results, it becomes clear that a small number of sites have stolen a substantial amount of money in a short time:

Address: 1HvQ4SMQSqwDXZNYQKB9qinkrPdrvX9YApp
Received: $2,833.88  Active for: 32 days
Used by:

Address: 1MbHBa12WgX611LA21Bg63EpaMXF6ZqUa8
Received: $6,022.64  Active for: 145 days
Used by:

Address: 1HrNjjgtSzdbCEMKwzVQgLuKa3JjF8fSEQ
Received: $161.74  Active for: 108 days
Used by:

Assuming that these numbers remain more or less consistent over time, these three sites would collectively be responsible for stealing over $47,000 worth of Bitcoin in a year. This doesn’t account for the fact that one of the sites also owns Ethereum, Litecoin, and Bitcoin Cash addresses, meaning that the total amount of stolen crypto could be even higher.

Suggested Reading Learn about the best Litecoin wallets and the best Bitcoin Cash wallets.

Preventing An Attack

This sort of attack is very effective due to the fact that nearly every QR code looks identical to the naked eye. Human-readable (or at least human-recognizable) QR codes would partially solve the problem, but since addresses themselves aren’t human readable, this solution can only go so far. Alternately, transaction verification features such as Ardor’s vouchers could ensure that crypto transfers reach the right person.

Neither of these solutions are widespread, though. Until cryptocurrencies or wallets implement a feature that prevents this sort of attack, the best solution is to use a reputable wallet with a built-in QR code generator. Ideally, you should also verify your QR code by reversing it and seeing if it produces the correct address, but selecting a trustworthy wallet is an important first step.

Join the NEW Unhashed Telegram or Follow Unhashed on Twitter for the Latest Cryptocurrency News Updates!

Bitcoin Bitcoin $4,076.64 +0.83%
Ethereum Ethereum $140.21 +0.85%
XRP XRP $0.32 +0.46%
Litecoin Litecoin $60.41 +1.44%
EOS EOS $3.74 +0.04%

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.

More Crypto News

Best Tether Wallets in 2019

January 14, 2019

Tether (USDT), the world’s most popular stablecoin, is designed to give users the stability of…

The 5 Best Stellar Wallets In 2019

January 3, 2019

Stellar and its XLM token were first launched in 2014 by Ripple co-founder Jed McCaleb.…

Best Bitcoin Cash Wallets in 2019: Picking a Bitcoin Cash Wallet for Your Needs

December 6, 2018

Bitcoin Cash (BCH), the controversial project forked from the original Bitcoin client, is now the…

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.
Scroll Up