Beware of Scanning Unknown Payment QR Codes: Funds Stolen Instantly
Recently, Bitrace received a request for assistance from a victim who reported that after testing a 1 USDT transfer by scanning a QR code, their remaining wallet funds were completely stolen. “I just scanned a QR code, how could I be robbed?” the victim wondered. This article delves into the method behind the QR code transfer test scam, combining real cases with on-chain tracking, to remind users to always stay vigilant during cryptocurrency transactions.
Scam Analysis
Upon further investigation, we found that this appears to be a new type of scam where theft is carried out through a payment QR code transfer test, essentially deceiving users into authorizing their wallets.
Scammers add users as friends on social platforms and build initial trust. They then look for an opportune moment to propose an OTC (Over-the-Counter) transaction. The scammers attract users by offering exchange rates slightly lower than the market rate. After both parties agree on the transaction details, the scammer will make a small USDT payment to the user to gain their trust and generously offer TRX as a fee for long-term cooperation. Before the user can marvel at their good fortune, they receive a screenshot of a payment QR code, and the scammer requests a small repayment test.
With all the preliminary steps laid out, the transaction risk seems minimized to the user. “The USDT repayment and the transaction fee are both being sent to me by the other party, so even if it’s a scam, I won’t lose anything,” the user thinks, and proceeds to scan the code and make the repayment, only to have all their funds stolen.
Scam Breakdown
Using a real case provided by the victim, we will break down the scam. Bitrace tested the QR code with an empty wallet and was directed to a third-party website, https://sktnid[.].com/. Following the prompts led to a page marked “OKX Official Certification” in the upper right corner, supporting USDT transfers. Despite the poor quality of this page, inexperienced users might not recognize the danger.
Once users enter the specified repayment amount on this page and click “Next,” they are redirected to the wallet’s signing interface. Clicking “Confirm” initiates an interaction with a smart contract, at which point the wallet authorization is stolen. The scammers then transfer all of the victim’s assets through the authorization. This well-orchestrated scam is completed by deceptively obtaining authorization through a QR code under the guise of a small transfer test.
Fund Analysis
The success rate and danger of the QR code transfer test scam are higher than imagined. Bitrace’s analysis of the victim-provided address revealed that between July 11, 2024, and July 17, 2024, the suspect address TT…m1mV1 used this method to scam 27 suspected victims of nearly 120,000 USDT. The funds were then funneled through five intermediary addresses and into three Huione accounts for laundering.
The anonymity of the blockchain makes tracking cryptocurrency transfers challenging. Even if an address is found, identifying the entity behind it is difficult. Fortunately, Bitrace traced the initial transaction fees back to a centralized exchange through the scammer’s collection QR code address TD…XRWVe, linking the on-chain address to a real-world identity. Bitrace has guided the victim to report to the police, aiming to help them recover their funds through legal channels.
Conclusion
For OTC transactions outside platforms, users must carefully verify the other party’s identity and not trust unknown QR codes or links. Additionally, performing a risk check on the counterparty’s address before the transaction is crucial. Bitrace is about to launch a one-click risk check tool to help users identify potential risks associated with target addresses. This tool will be available for free trials. Stay tuned.
Contact us:
Website: https://www.bitrace.io/
Email: bd@bitrace.io
Twitter: https://x.com/Bitrace_team
