Bittress warns of new crypto scams using QR codes

According to a social media post by blockchain analytics firm Bitrace, scanning the wrong QR code can drain your wallet.

Bittress is warning about a new type of crypto scam: “Theft is carried out through a payment QR code transfer attempt, essentially tricking users into handing over wallets.”

According to Bitras, the scam follows a certain pattern. First, the scammer proposes that the user exchange tokens over the counter – wallet-to-wallet transfers rather than exchanges – and offers an exchange rate that beats the market.

They also offer a payout in Tron's TRX (TRX) token in exchange for long-term cooperation. They even pay USDT, a dollar-denominated stablecoin, to earn user trust.

RELATED: Crypto Exploits $1.4B As Hackers Target CeFi This Year: Report

That's when the scammer asks the user to participate in a “mini payment experiment,” which involves scanning a QR code and returning USDT. The QR code directs the user to a third-party website asking them to confirm the “test” transaction. Clicking “Verify” steals the user's wallet credentials, Bitras says.

According to Bittress, at least 27 wallet owners appear to have been victimized, losing a total of around $120,000 in USDT. The attacks took place between July 11 and July 17, and the fraudster used the same wallet on all occasions.

According to Bittrace, the funds were moved to five intermediate addresses and three accounts at Cambodian crypto exchange Huione.

Cyber ​​attacks are on the rise in 2024. According to cyber security firm Syvers, the total stolen crypto funds this year is approaching $1.4 billion.

Access control breaches – often in the form of phishing attacks – accounted for an overwhelming $490 million in stolen funds in the second quarter alone.

“A risk check on the peer address before the transaction is critical,” Bittress said, adding that the company is developing a one-click risk verification tool to help users identify potential risks associated with target addresses.

Magazine: Crypto-Sec: Phisher Follows Hedera Users, Address Poison Gets $70K