QR Code Fraud Could Result In $50,000 of Stolen Bitcoin Each Year

2019-1-7 19:58

In the crypto world, it is common knowledge that public keys can be shared freely, as those keys simply represent an address that can be used to receive money. Unlike private keys, public keys cannot be used to withdraw funds from an address. However, it seems that public key sharing is quickly becoming the target of attackers who exploit QR codes.

QR codes are simply scannable images that represent a string of text. Mobile wallets commonly rely on QR codes because they provide a way for users to share a wallet address without the need for typing. The problem is that QR codes are easy to generate and hard to distinguish, and various malicious sites are taking advantage of that fact.

The Rise of Malicious Sites

Plenty of legitimate sites and wallets can convert crypto addresses to QR codes. However, a number of malicious sites are also offering the same function while surreptitiously inserting their own address. This technique is called a man-in-the-middle attack because attackers don’t actually gain access to a wallet — they simply intercept and redirect a transaction.

Since malicious sites frequently change the addresses that they use, it is hard to say exactly how much cryptocurrency these sites have stolen. However, after examining three different sites that rank highly in Google’s search results, it becomes clear that a small number of sites have stolen a substantial amount of money in a short time:

Address: 1HvQ4SMQSqwDXZNYQKB9qinkrPdrvX9YApp
Received: $2,833.88  Active for: 32 days
Used by: bitcoinqrcodegenerator.win

Address: 1MbHBa12WgX611LA21Bg63EpaMXF6ZqUa8
Received: $6,022.64  Active for: 145 days
Used by: bitcoin-qr-code.com

Address: 1HrNjjgtSzdbCEMKwzVQgLuKa3JjF8fSEQ
Received: $161.74  Active for: 108 days
Used by: bitcoin-btc-qr-code-generator.com

Assuming that these numbers remain more or less consistent over time, these three sites would collectively be responsible for stealing over $47,000 worth of Bitcoin in a year. This doesn’t account for the fact that one of the sites also owns Ethereum, Litecoin, and Bitcoin Cash addresses, meaning that the total amount of stolen crypto could be even higher.

Suggested Reading : Learn about the best Litecoin wallets and the best Bitcoin Cash wallets.

Preventing An Attack

This sort of attack is very effective due to the fact that nearly every QR code looks identical to the naked eye. Human-readable (or at least human-recognizable) QR codes would partially solve the problem, but since addresses themselves aren’t human readable, this solution can only go so far. Alternately, transaction verification features such as Ardor’s vouchers could ensure that crypto transfers reach the right person.

Neither of these solutions are widespread, though. Until cryptocurrencies or wallets implement a feature that prevents this sort of attack, the best solution is to use a reputable wallet with a built-in QR code generator. Ideally, you should also verify your QR code by reversing it and seeing if it produces the correct address, but selecting a trustworthy wallet is an important first step.

The post QR Code Fraud Could Result In $50,000 of Stolen Bitcoin Each Year appeared first on UNHASHED.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Bit Public Talent Network (BPTN) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 BPTN

keys public address used year result could

keys public → Результатов: 44


Фото:

HitBTC Slammed by Trace Mayer, John McAfee Over Account Freezes Day Before Proof Of Keys

Some of cryptocurrency’s best-known names have joined public calls for exchange HitBTC to explain itself after it began halting withdrawals days before a significant event. Mayer: ‘Beware’ HitBTC Trace Mayer, organizer of Proof of Keys, which calls for cryptocurrency owners to remove their holdings from third-party exchanges on January 3, condemned HitBTC for the move, reports of which began December 31.

2019-1-2 11:30


Фото:

How Monero Are Improving Human Rights With XMR

 Listen Here – https://soundcloud. com/cryptodaily/how-monero-are-improving-human-rights-with-xmr Monero is considered to be the privacy coin, the currency of choice for absolute privacy. Now, privacy doesn’t necessarily mean security and we should remember that 2018 has seen a tonne of ‘Monero mining’ hacks, calling into question some of the projects integrity.

2018-10-12 17:00


Фото:

Four Steps for Total Crypto Security

When it comes to keeping your crypto safe from outside theft or harm, plenty can be done. You wouldn’t leave your wallet out in public unattended. You wouldn’t leave your car in a lot with the keys in the ignition – so why trust that your digital currency is any safer? Secure your PC, yourself […] Four Steps for Total Crypto Security was originally found on [blokt] - Blockchain, Bitcoin & Cryptocurrency News.

2018-9-25 17:39


STARKs, Part I: Proofs with Polynomials

Special thanks to Eli Ben-Sasson for ongoing help, explanations and review, coming up with some of the examples used in this post, and most crucially of all inventing a lot of this stuff; thanks to Hsiao-wei Wang for reviewing Hopefully many people by now have heard of ZK-SNARKs, the general-purpose succinct zero knowledge proof technology that can be used for all sorts of usecases ranging from verifiable computation to privacy-preserving cryptocurrency.

2018-7-21 23:03


Фото:

The Genesis Files: With Bit Gold, Szabo Was Inches Away From Inventing Bitcoin

As his Hungarian parents had fled post-war Soviet regime to settle in the United States, Nick Szabo came to call the Californian Bay area of the 1990s his home. Here, he was among the first to frequent the in-person “Cypherpunk” meetings organized by Timothy May, Eric Hughes and other founding members of the collective of cryptographers, programmers and privacy activists centered around the ’90s mailing list of the same name.

2018-7-13 17:16