So just how common is QR code hacking in crypto? A recent report says it’s happening a lot more than people think.
Researchers from crypto wallet provider ZenGo recently began looking into QR code integration and came across reports of sites using that method to scam users out of bitcoin, according to the report. As they began investigating, they discovered these incidents weren’t isolated, but part of a widespread fraud designed to direct transfers not to user’s wallets, but to the hackers' own.
Indeed, four of the top five Google search results for “bitcoin qr generator,” turned out to be scam sites, the researchers found.
"The scam is dead simple," ZenGo reported. "The scammy QR generator just displays a QR of their address instead of the victims'."
QR codes are scannable two-dimensional barcodes that can contain various types of data. In crypto they’re commonly used as a quick, scannable way to input an address for transfers.
The fraudulent sites, according to the report, “generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.”
Analysis of the bitcoin addresses linked to QR codes generated by the fraudulent sites shows they’ve scammed around $20,000 in bitcoin so far from unsuspecting users. The report notes it’s likely the sites have used various bitcoin addresses in an effort to avoid blacklisting, so the total take could be far more.
ZenGo recommends crypto users who prefer the convenience of QR codes for sending or requesting payments, instead of using Google, use a known site like their favorite block explorer.