- A recent crypto scam has exploited QR codes to steal approximately $120,000 in USDT from 27 users
- The scammer uses an OTC transaction with a fake attractive rate and a “test refund” request via a fraudulent QR code to access users’ wallets
- Verify addresses before transactions, be cautious of QR codes and third-party sites, and stay vigilant to avoid falling victim to similar scams
Hey, have you heard about the latest crypto scam? Bitrace just issued a warning about a new scam that uses QR codes to steal funds from people’s digital wallets.
Between July 11 and July 17, 2024, at least 27 users were affected, losing around $120,000 in USDT. It’s just another incident in a year full of cybercrime, with total crypto thefts nearing $1.4 billion.
How It Works
The scam follows a specific pattern designed to exploit user trust. The scammer proposes an over-the-counter (OTC) transaction, which is a direct transfer of tokens from one wallet to another, instead of going through an exchange.
This type of transaction has a great exchange rate, higher than the market rate, to get the victim’s attention. To gain further trust, the scammer offers a small amount in USDT, a stablecoin tied to the dollar, and proposes a commission in TRX, the Tron network token, in exchange for future long-term cooperation.
This first payment is meant to reassure the victim that the transaction is legitimate. The crucial point is when the scammer asks for a “small refund test.” The victim is invited to return the USDT they received by scanning a QR code, which redirects them to a third-party website.
This site prompts users to confirm a “test” transaction. However, by clicking “confirm,” users unwittingly give permission to their wallet, allowing scammers to empty it.
The Consequences and Investigations
According to Bitrace, all the stolen funds were transferred through five intermediate addresses and then divided into three accounts at the cryptocurrency exchange Huione, based in Cambodia, for laundering.
This sophisticated method of moving the funds makes it tough to recover them and makes investigations more complicated. Bitrace pointed out that these attacks are just a small part of a growing wave of cyberattacks in 2024.
Cybersecurity company Cyvers says that around $490 million was stolen in the second quarter of 2024 alone through phishing attacks, which are the most common type of access control violation.
How to Protect Yourself
To keep yourself safe from these scams, Bitrace suggests checking the risk level of the other person’s address before you make a transaction. The company is creating a one-click risk verification tool to help users spot potential problems with target addresses.
When you get transaction requests through QR codes or third-party sites, be super careful, especially if the benefits are too good to be true. It’s important to be on your toes and watch out for those too-good-to-be-true offers, especially in the crypto sector, where fraud risks are always around the corner.
Conclusion
So, if you get a transaction proposal with a QR code or from a weird site, stay alert! Always double-check and use the right tools to protect yourself.