Cryptocurrency wallet ZenGo wrote the findings in a blog post published on Aug. 29. Reportedly, when researching prior to implementing QR Code support in their wallet, ZenGo learned of the prevalence of scam QR Code generators.
Four out of the first five results presented when querying Google for a “bitcoin qr generator” lead to scam websites.
The company explains how the alleged scam works:
“These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.”
QR codes are a way to share data (in this case public keys) in a visual way that can be scanned with devices featuring a camera — usually a smartphone. Such codes are believed by many to be the most convenient way to share a wallet address when in-person — in retail transactions, for example — since it avoids the need to type long strings of seemingly random characters.
During their investigation, ZenGo researchers found out that some of those scams have gone as far as also changing the addresses contained in the clipboard to the scam address. Some, on the other hand, personalized the scam address to be of a similar format to the one provided by the user. Lastly, the company notes that those scams are also successful:
“Summing up the balances of the scammy addresses we had observed, we found out about scams worth about $20K. We assume they are just the tip of the iceberg, as scammers probably change their addresses to avoid detection and blacklisting.”
As Cointelegraph reported in July, the South Korean Justice Ministry estimates that cryptocurrency-related crimes have caused 2.69 trillion won (about $2.28 billion) of financial damage between July 2017 and June 2019.