Tuesday, July 14, 00:43
Home security Fake QR code creation sites steal Bitcoin

Fake QR code creation sites steal Bitcoin


A network from Bitcoin-to-QR-code generators (sites which allow for the creation of QR code for Bitcoin addresses) steal more than $ 45.000 users last month.

The nine sites, belonging to this network, provided to users the ability to convert their Bitcoin address (a long line of text where Bitcoin is stored) into a QR code image, which they can store in the computer on or on smartphone their.

Nowadays, converting Bitcoin address to QR code is common as it facilitates transactions. For example, if you send a request for a payment to another person, the following procedure will occur: The request's recipient will scans the QR code with a Bitcoin wallet app and will send the payment you requested without having to manually enter a large Bitcoin address. By using QR codes, users eliminate the possibility of a typing error that could send money into the wrong wallet.

Sites attempted to violate Bitcoin transactions through fake QR codes

Last week, Harry Denley, Director of Security at platform mycrypto, discovered a suspicious site that converts them addresses Bitcoin in QR codes.

There are many such sites, but Denley found this to be malicious. The site did not convert inbound Bitcoin addresses to equivalent QR codes, but produced always the same QR code for the scammer wallet.

This means that if one user share the QR code with someone else or put him on a site to request transactions, all the money will be sent to the fraudster's Bitcoin address.

QR code

Denley discovered eight other sites sharing the same interface, which means they were probably created by the same criminal:

  • bitcoin-barcode-generator.com
  • bitcoinaddresstoqrcode.com
  • bitcoins-qr-code.com
  • btc-to-qr.com
  • create-bitcoin-qr-code.com
  • free-bitcoin-qr-codes.com
  • freebitcoinqrcodes.com
  • qr-code-bitcoin.com
  • qrcodebtc.com

According to Denley, the nine sites created QR codes for five different Bitcoin addresses and stole 7 Bitcoin ($ 45.000), most likely from fraudulent users.

Using it PassiveTotal, a threat intelligence platform from RiskIQ, Denley said he linked the sites to three web sites servers.

The same web servers have hosted more than 450 sites that are also used for malicious purposes:

Most sites hosted on the three web servers were not active. They just contained ads for cryptocurrency gaming sites.

These sites are usually considered scams as they tend to keep all bets, without giving the winnings to the winners.

The discovery of the MyCrypto researcher is not the only one of its kind. Bitcoin-to-QR-code generator networks have also been found in the past. For example, the cryptocurrency wallet company zengo discovered a corresponding network in August. According to ZenGo, the scammers managed to steal more than $ 20.000.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!


Ryzen 7 1700 vs. Ryzen 3 3300X: 8 cores vs. 4

AMD's favorite classic old generation, Ryzen 7 1700, is being tested and compared to its direct competitor, the 4-core Ryzen 3 ...

Browser War: Safari and Edge threaten Chrome

The new Edge browser, released for Windows 10 Home and now available for download on Mac, is based on Chromium, which ...

PC sales worldwide have increased due to coronavirus

The outbreak of the coronavirus pandemic has affected all areas of our lives. After health and other industries have been hit ...

MIT: They make a robot handle that will be able to distinguish cables!

MIT researchers have developed a robot handle with the ability to handle very thin objects such as ropes and cables, according to a statement.

Fedora 33: Will contain Nano as the default text editor

Have you ever thought, who is your favorite text editor, when we talk about operating systems based on ...

Hacker was selling databases of the Ukrainian government

A Ukrainian hacker has been arrested for selling confidential information collected from Ukrainian government databases. According to a ...

TikTok downloaded 49 million videos that violated the terms of use

TikTok downloaded more than 49 million videos from users around the world in the second half of 2019, according to ...

United Kingdom: Is Huawei's immediate foreclosure "dangerous"?

Philip Jansen, CEO of the British telecommunications company "BT", stated that any government move demands the immediate exclusion of the Huawei kit from ...

Dark Mode comes in Google Docs, Sheets and Slides for Android

Do you spend a lot of time using Google Docs, Sheets or Slides on your Android phone or tablet? We have good news for you ...

Hackers seek to exploit vulnerabilities in Citrix ADC

Last week, Citrix released fixes for a total of 11 vulnerabilities in some of its most popular products, in which ...