Scan the code and be robbed? Be wary of unfamiliar payment QR codes.

How could something be stolen just by scanning a QR code?

Author: Bitrace

Recently, Bitrace received a request for assistance. The victim said that after scanning the QR code to transfer 1 USDT to the other party, all the remaining funds in his wallet were stolen. "I just scanned the QR code, how could it be stolen?" The victim expressed confusion.

This article will deeply analyze the implementation methods of the QR code transfer test scam and conduct on-chain tracking based on real cases to remind users to always be vigilant in cryptocurrency transactions.

Deception

After a deeper understanding of the situation, we found that on the surface this is a new type of fraud method that uses QR code transfer to test theft, but in essence it is to obtain wallet authorization.

Scammers add users as friends through social platforms, establish initial trust, and then look for the right time to make OTC requests. They will attract users with an exchange rate slightly lower than the market price . After both parties agree on the transaction details, the other party will actively pay a small amount of $USDT to the user to gain trust, and generously provide $TRX as a handling fee on the grounds of long-term cooperation.

Before the user has time to express gratitude for having met a "good man", he or she will receive a screenshot of a payment QR code. At this time, the scammer will ask the user to conduct a small amount of payment test.

Through a series of preliminary preparations, the user's transaction risk seems to have been reduced to the minimum. "The refund $USDT and the transaction fee are all transferred to me by the other party, so even if it is a scammer, I will not suffer any loss." After thinking about it, the user scanned the code to return the money, but unexpectedly, all the funds were stolen.

Below we will use the payment QR code provided by the victim in a real case as an example to analyze the scam.

After Bitrace used an empty wallet to test the scan, a third-party website https://sktnid[.].com/ appeared. After being guided, it came to the following interface. The upper right corner of the screenshot is marked with "Official Certification of EURET", which supports USDT remittance. This page is of very poor quality, but it is difficult for inexperienced users to identify it, and they don't know that danger has quietly arrived.

When the user enters the specified repayment amount in this interface according to the scammer's requirements, click "Next" to jump to the wallet signing interface. Once you click Confirm again, it will interact with the smart contract, and the wallet authorization will be stolen. The scammer transfers all the victim's assets through authorization.

A carefully planned scam using a QR code to obtain authorization under the pretext of a small transfer test was completed.

Funding Analysis

The success rate and harmfulness of the QR code transfer test scam are much higher than expected. Bitrace further analyzed the addresses provided by the victims and found that in just one week from July 11, 2024 to July 17, 2024, the suspect address TT...m1mV1 had defrauded 27 suspected victims of nearly 120,000 USDT through this method, and transferred the funds to three Huione accounts after flowing through 5 layers of addresses for fund laundering.

The anonymous nature of blockchain makes it difficult to track encrypted fund transfers. Even if the address is found, it is difficult to find the entity behind the address. Fortunately, Bitrace traced back the source of the initial handling fee through the TD...XRWVe address displayed in the QR code of the gang's payment, and the result showed that it was a centralized exchange. This connects the anonymous on-chain address with the real identity.

Currently, Bitrace has instructed victims to contact the police to report the case, in order to help victims increase the probability of recovering funds through compliant law enforcement procedures.

Final Thoughts

For OTC transactions that do not go through the platform, users must carefully verify the identity of the other party and do not trust any QR codes and links of unknown origin. In addition, it is very important to screen the risk of the counterparty address before the transaction. Bitrace will soon launch a one-click risk quick check tool to help users identify the potential risks of the target address. It supports free trial, so stay tuned.

Disclaimer: As a blockchain information platform, the articles published on this site only represent the personal opinions of the author and guests, and have nothing to do with the position of Web3Caff. The information in the article is for reference only and does not constitute any investment advice or offer. Please comply with the relevant laws and regulations of your country or region.