Key Insights
- Bitrace uncovers a new crypto scam using QR codes to trick users into authorizing wallet access, resulting in at least $120,000 stolen from 27 victims
- The scam involves a fake over-the-counter token swap offer and a “repayment test” that leads to unauthorized wallet access
NEW YORK (MarketsXplora) – Cryptocurrency users are facing a new threat as scammers exploit QR codes to drain digital wallets, blockchain analysis firm Bitrace warned in a recent social media post. The sophisticated scheme has already claimed at least 27 victims, resulting in losses of approximately $120,000 in USDT, a popular dollar-pegged stablecoin.
The scam, which unfolded between July 11 and July 17, follows a carefully orchestrated pattern. Fraudsters initiate contact by proposing an over-the-counter token swap at an attractive exchange rate, surpassing market offers. To build trust, they offer a fee in Tron’s TRX token for long-term cooperation and even make a small initial USDT payment to the victim.
The crux of the deception lies in a seemingly innocuous “repayment test.” Victims are asked to scan a QR code, ostensibly to return the small USDT amount. However, the code directs users to a third-party website where confirming the “test” transaction inadvertently grants wallet authorization to the scammer.
“This new type of crypto scam essentially deceives users into authorizing wallets through a payment QR code transfer test,” a Bitrace spokesperson explained.
The firm’s analysis revealed that the same wallet was used in all reported incidents.
Further investigation by Bitrace uncovered the money trail. The stolen funds were routed through five intermediary addresses before landing in three accounts at Huione, a Cambodian cryptocurrency exchange, for laundering.
This scam emerges against a backdrop of escalating cyberattacks in the crypto space. Cybersecurity firm Cyvers reports that stolen crypto funds in 2024 are approaching a staggering $1.4 billion. Access control breaches, primarily phishing attacks, accounted for roughly $490 million in losses during the second quarter alone.
To combat such threats, Bitrace emphasized the importance of thorough risk assessment. “A risk check on the counterparty’s address before the transaction is crucial,” the firm stated. In response to the growing need for user protection, Bitrace announced it is developing a “one-click risk check tool” to help users identify potential risks associated with target addresses.
As the cryptocurrency market continues to evolve, this latest scam serves as a stark reminder of the need for vigilance in digital transactions. Industry experts advise users to exercise extreme caution when engaging in peer-to-peer trades and to verify the authenticity of any QR codes before scanning.