In a recent social media update, blockchain analysis firm Bitrace has issued a significant warning about a new crypto scam involving QR codes that could potentially empty your digital wallet. This scam exploits the trust of users by deceiving them into authorizing wallet transactions through seemingly legitimate QR code transfers.
Bitrace describes the scam as a multi-step deception that follows a precise pattern:
- Initial Proposal: The scam begins with the fraudster offering to facilitate an over-the-counter (OTC) token swap. Instead of using a traditional exchange, the scammer proposes a wallet-to-wallet transfer with an exceptionally favorable exchange rate compared to the market.
- Incentives for Trust: To build trust, the scammer promises a fee paid in Tron’s TRX token and may even make a small initial payment using USDT, a stablecoin pegged to the US dollar. This gesture is designed to reassure the user of the scammer’s credibility.
- The Deceptive Test: The scammer then requests the user to participate in a “small repayment test.” This step involves scanning a QR code, which allegedly leads to a test transaction to return the USDT. However, this QR code redirects the user to a third-party site where they are asked to confirm the transaction.
- Authorization Theft: Clicking “confirm” on the fraudulent site grants the scammer access to the user’s wallet authorization, leading to unauthorized transactions and theft of funds.
Bittrace’s investigation has revealed that at least 27 wallet holders have fallen victim to this scam, with total losses amounting to approximately $120,000 in USDT. These attacks occurred between July 11 and July 17, and the same wallet was used for all instances of the scam.
The stolen funds were traced through five intermediary addresses before being laundered through three accounts on the Cambodian crypto exchange Huione.
| Date | Number of Victims | Total Loss (USDT) | Exchange Used for Laundering |
|---|---|---|---|
| July 11 – July 17 | 27 | $120,000 | Huione (Cambodia) |
The increase in cyberattacks in 2024 highlights a troubling trend. According to cybersecurity firm Cyvers, the total volume of stolen crypto funds this year is approaching $1.4 billion. A substantial portion of these thefts, about $490 million in the second quarter alone, can be attributed to access control breaches, often resulting from phishing attacks.
Bitrace emphasizes the importance of performing a risk check on the counterparty’s address before proceeding with any transaction. To aid users in identifying potential risks associated with target addresses, the company is developing a “one-click risk check tool.” This tool aims to enhance user security by providing an additional layer of verification.
By remaining vigilant and utilizing tools designed to detect fraud, users can better protect themselves from these sophisticated scams. As always, maintaining caution and verifying transaction details is crucial in safeguarding digital assets.
Featured image credit: iMin Technology via Pexels
Follow us for more breaking news on DMR