Network of Fake Bitcoin QR Code Generators Stole $45,000 in March

Published at: March 29, 2020

A network of malicious QR code generators has stolen more than $40,000 from Bitcoin (BTC) users in one month.

At least nine fake Bitcoin-to-QR code generators have been spotted in recent weeks, with security researcher, Harry Denley, first tweeting that he had identified two domains hosting fake QR code applications on March 22.

Denley later identified seven other domains sharing the same interface — suggesting that they are all created by the same developer.

Fake Bitcoin QR code generators steal over 7 BTC

The malicious programs promise to convert a user’s Bitcoin address into a QR code, claiming to eliminate the risk of the user losing their funds as a result of typos when entering or sharing their address — a service offered by every popular block explorer and most mobile wallet applications.

However, the QR code generated by the programs is always the same address — diverting the victims’ funds to the malicious program’s developers. The supposed QR generators correspond to five different wallets, which have absorbed more than seven BTC, likely from the apps’ victims. 

The malicious websites are bitcoin-barcode-generator.com, bitcoinaddresstoqrcode.com, bitcoins-qr-code.com, btc-to-qr.com, create-bitcoin-qr-code.com, free-bitcoin-qr-codes.com, freebitcoinqrcodes.com, qr-code-bitcoin.com, and qrcodebtc.com.

‘Bitcoin transaction accelerators’ accumulate 17.6 BTC

The websites are hosted by three different servers that collectively host roughly 450 other websites that appear sketchy — with the sites featuring keywords related to coronavirus, Gmail, and various cryptocurrencies.

Among the sites are several purported “Bitcoin transaction accelerators,” which claim to speed up BTC transfers in exchange for a 0.001 BTC. The BTC addresses associated with the supposed ‘accelerators’ have absorbed more than 17.6 BTC — taking in nearly $110,000.

Crypto scams capitalize on coronavirus fears

Opportunistic scammers have sought to capitalize on the COVID-19 pandemic — with UK county regulators, the Texas State Securities Board, and the US Commodity Futures Trade Commission issuing warnings about the proliferation of coronavirus crypto scams over the past week.

Recent scams have also impersonated the World Health Organization in an attempt to siphon donations, and taken the form of apps purporting to track the spread of coronavirus.

Tags
Related Posts
UK Crackdown Pulls Thousands of Crypto Scams Offline
Over the past four months, the National Cyber Security Centre, or NCSC, removed over 300,000 URLs pertaining to fake celebrity-endorsed investment opportunities. More than a half of these sites belonged to fraudulent cryptocurrency investment schemes. Per an announcement published by the NCSC on August 14, an increasing number of these scams utilized fake endorsements from national celebrities, such as Ed Sheeran and Richard Branson. This raised red flags for authorities, prompting the launch of a massive retaliatory campaign. Ciaran Martin, CEO of the NCSC, commented: “These investment scams are a striking example of the kind of methods cyber criminals are …
Bitcoin / Aug. 14, 2020
Mobile Crypto Scam Targets Wealthy Indian Investors
A new cryptocurrency scam in India is targeting wealthy individuals using a fake mobile app. According to India TV News, cybercriminals are targeting high income individuals across India. Victims receive messages through social media groups asking them to sell and buy Bitcoin through a mobile app. This app, which supposedly acts as a crypto exchange, is actually entirely fraudulent. Once a user’s Bitcoin is deposited on the fake exchange, the scammers stop responding to queries from the victim and disappear. Manan Shah, founder and CEO of Avalance Global Solutions, said that an unidentified man lost over $50,000 while dealing with …
Adoption / Aug. 10, 2020
Crypto Scammers Turn Toward Terrorism With a Japanese Bomb Threat
Crypto terrorists threatened to bomb a government office on the Japanese island of Hokkaido. They told authorities that they would only disable the alleged explosive device if their crypto ransom was paid. According to FNN, the terrorists sent the Numata Town Hall an email stating they had installed a bomb in a women’s second-floor toilet. They claimed that as long as officials met their payment demands before 03:00 UTC on June 29, the bomb would not be detonated. However, this appears to have been a fake threat. The deadline set by the criminals has passed and the hall remains intact …
Bitcoin / July 29, 2020
AMFEIX Threatens Users Who Share Coverage That Criticizes the Company
Last week Cointelegraph published a story about investors having difficulty getting their money back from a crypto fund called AMFEIX, which promised high-yield profits for investors who sent them Bitcoin (BTC). Our story described more than 500 pending withdrawals from users trying to get their money back, and AMFEIX’s unsatisfactory communication with those users. The company addressed its users via its official Telegram channel after the story was published, suggesting that the withdrawal delays were due to technical difficulties that had been an issue since May. It also stated that “members who show loyalty to AMFEIX will have priority” in …
Bitcoin / July 28, 2020
FTX hacker reportedly transfers a portion of stolen funds to OKX after using Bitcoin mixer
Hackers who drained FTX and FTX USA of over $450 million worth of assets just moments after the doomed crypto exchange filed for bankruptcy on Nov. 11, continue to move assets around in an attempt to launder the money. A crypto analyst who goes by ZachXBT on Twitter alleged that the FTX hackers have transferred a portion of the stolen funds to the OKX exchange, after using the Bitcoin mixer ChipMixer. The analyst reported that at least 225 BTC — worth $4.1 million USD — has been sent to OKX so far. 1/ Myself and @bax1337 spent this past weekend …
Blockchain / Nov. 29, 2022