Network of Dubious BTC QR Code Generators Stole More than $45,000 Author: Ali Raza Last Updated: 13 June 2020 Recent reports revealed that Bitcoin-to-QR code generators have stolen over $45,000 from users. The theft has been going on for the past 4 weeks before it was discovered by a security researcher. The researcher revealed that the nine sites involved offered users the opportunity to enter their Bitcoin address and change the Bitcoin to a QR code image that the users can save on their smartphone or PC. In today’s Bitcoin market, it’s very common for users to share their Bitcoin addresses in exchange for a QR code to request payments from others. The receiver does not have to type a long text on the Bitcoin address by hand, as is usually the case. This time, the receiver will scan the QR code using a Bitcoin wallet app and send the payment. By utilizing QR codes, the users would not have to worry about typing a long text that could lead to typographic errors and wrongly sending their funds to another account. Sites are hijacking Bitcoin transactions through soiled QR codes Last week, head of security at MyCrypto portal, Harry Denley, discovered a phony website that changed Bitcoin addresses to QR codes. Although there are a lot of genuine sites that convert Bitcoin addresses to QR codes exist, Denley said this particular one looks dubious. He discovered that while other genuine sites convert BTC address to the QR code equivalent, the dubious site generates the same QR code, which is sent to a scammer’s wallet. In that case, when the user placed his QR code on the site for donations or shares the code with another individual, all the money exchanged would be deposited to the Scammer’s BTC address. After discovering the first site, Denley revealed he has now discovered an additional eight websites that share a similar interface, which means they could have been designed by the same scammer. He reported that the nine sites produced QR codes for five different BTC addresses, and the addresses have received funds from the tricked users amounting to about 7BTC or $45,000. Denley pointed out that he is not yet sure how the sites sent their ads to get such amount of funds. “I am still unsure of where these sites were advertised to get so many funds,” he said. More than 450 other suspicious sites are hosted by the same server Denley revealed that during his investigation, he tracked down those sites to 3 servers using a threat intelligence platform known as PassiveTotal. He discovered that over 450 other websites are being hosted by the same servers, and they all have malicious-looking interfaces with terms like coronavirus, Gmail, and models of other crypto-related entities. However, many of the hosted sites were inactive, but are filled with ads from Bitcoin casinos. Those sites are scam sites because they usually do not pay out winnings whenever the betting outcomes favor any of the users.