Bitrace warns of new crypto scam using QR codes

Alex O’Donnell4 hours agoBitrace warns of new crypto scam using QR codesThe scam starts with a small payment of USDT to the user.569 Total views1 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onAccording to a social media post by blockchain analysis firm Bitrace, scanning the wrong QR code could drain your wallet. 

Bitrace is warning of a new type of crypto scam “where theft is carried out through a payment QR code transfer test, essentially deceiving users into authorizing wallets.”

According to Bitrace, the scam follows a specific pattern. First, the scammer proposes that the user swap tokens over-the-counter — through a wallet-to-wallet transfer rather than an exchange — and offers an exchange rate that beats the market.

They also offer a fee denominated in Tron’s TRX (TRX) token in exchange for long-term cooperation. To gain the user’s trust, they even make a small payment of USDT (USDT), a dollar-pegged stablecoin.

Related: Crypto exploits near $1.4B this year as hackers target CeFi: Report

That’s when the scammer asks the user to partake in a “small repayment test,” which purportedly involves returning the USDT by scanning a QR code. The QR code directs the user to a third-party website asking them to confirm the “test” transaction. Clicking “confirm” steals the user’s wallet authorization, Bitrace said.

According to Bitrace, at least 27 wallet holders appear to have been victimized, collectively losing around $120,000 in USDT. The attacks took place between July 11 and July 17, and the scammer used the same wallet in every instance.

According to Bittrace, the funds were then moved through five intermediary addresses and into three accounts with Cambodian crypto exchange Huione for laundering.The USDT was funneled through five addresses and into accounts with the crypto exchange Huione. Source: Bitrace

Cyberattacks are on the rise in 2024. According to cybersecurity firm Cyvers, the total volume of stolen crypto funds this year is approaching $1.4 billion.

Access control breaches — often in the form of phishing attacks — accounted for the overwhelming majority of stolen funds, around $490 million in the second quarter alone.

“A risk check on the counterparty’s address before the transaction is crucial,” Bitrace said, adding that the company is developing a “one-click risk check tool to help users identify potential risks associated with target addresses.”

Magazine:Crypto-Sec: Phishing scammer goes after Hedera users, address poisoner gets $70K# Blockchain# Cryptocurrencies# Altcoin# Security# Payments# Hackers# Cryptocurrency Exchange# Tokens# DeFiAdd reaction