Researchers Point to A Major Security Flaw in Bitcoin’s QR Codes Author: Sherlock Gomes Last Updated: 16 September 2019 After its impressive bull-run in 2019, Bitcoin has refused to hit the accelerator. However, amidst the pricing volatility, there is one more thing that the crypto community needs to look after- security flaws. According to researchers, there are some major security flaws in Bitcoin that is making users lose thousands of dollars. Bitcoin is in a problem The recent security warning by researchers is not related to the Bitcoin blockchain but a Google search result that could lead users to scam websites. They noted that four amongst the top five results on Google’s search results for ‘bitcoin QR generator’ led a user to a fraudulent website. ZenGo researchers have said that every time a user visits this website and tries to create a QR code for his Bitcoin address, he gets the code for the hacker’s wallet. Now, whenever the user gives his QR code to a sender to receive funds, the hacker’s account will be credited. Tal Be’ery from the crypto wallet provider ZenGo said, “These sites generate a QR code that encodes an address controlled by the scammers, instead of the one requested by the user, thus directing all payments for this QR code to the scammers.” He added, “Scammers do not even bother with generating their fake QR themselves; instead, they shamelessly call a blockchain explorer API to generate the QR for their address.” QR codes are a simple way to make payments via smartphones. Users only need to point their phone’s camera to the code and make a quick and easy payment to someone else’s digital wallet. These QR codes can also be generated on the receiver’s side. As QR codes cannot be read and deciphered by humans, it becomes impossible for them to detect a fraudulent address. Investors are losing money According to the researchers, Bitcoin users have already lost $20,000 to such scams. They noted that their report only scratches the surface of this deep issue. The hackers are constantly changing their crypto addresses. This ensures that they are not being blacklisted by the network and also helps them avoid detection. The year 2019 has seen the resurgence in crypto prices, but it has also led to a higher number of scams and frauds in this industry. In 2018, investors lost $1.7 billion to crypto frauds. However, that figure has crossed $4 billion in the first half of this year. This sum includes larger amounts of money stolen from digital currency exchanges as well as funds lost to scams.