The nine sites, belonging to this network, provided to users the ability to convert their Bitcoin address (a long line of text where Bitcoin is stored) into a QR code image, which they can store in the computer on or on smartphone their.
Nowadays, converting Bitcoin address to QR code is common as it facilitates transactions. For example, if you send a request for a payment to another person, the following procedure will occur: The request's recipient will scans the QR code with a Bitcoin wallet app and will send the payment you requested without having to manually enter a large Bitcoin address. By using QR codes, users eliminate the possibility of a typing error that could send money into the wrong wallet.
Sites attempted to violate Bitcoin transactions through fake QR codes
There are many such sites, but Denley found this to be malicious. The site did not convert inbound Bitcoin addresses to equivalent QR codes, but produced always the same QR code for the scammer wallet.
This means that if one user share the QR code with someone else or put him on a site to request transactions, all the money will be sent to the fraudster's Bitcoin address.
Denley discovered eight other sites sharing the same interface, which means they were probably created by the same criminal:
According to Denley, the nine sites created QR codes for five different Bitcoin addresses and stole 7 Bitcoin ($ 45.000), most likely from fraudulent users.
Using it PassiveTotal, a threat intelligence platform from RiskIQ, Denley said he linked the sites to three web sites servers.
The same web servers have hosted more than 450 sites that are also used for malicious purposes:
- 220.127.116.11 (List of hosted domains)
- 18.104.22.168 (List of hosted domains)
- 22.214.171.124 (List of hosted domains)
Most sites hosted on the three web servers were not active. They just contained ads for cryptocurrency gaming sites.
These sites are usually considered scams as they tend to keep all bets, without giving the winnings to the winners.
The discovery of the MyCrypto researcher is not the only one of its kind. Bitcoin-to-QR-code generator networks have also been found in the past. For example, the cryptocurrency wallet company zengo discovered a corresponding network in August. According to ZenGo, the scammers managed to steal more than $ 20.000.