In the crypto world, it is common knowledge that can be shared freely, as those keys simply represent an address that can be used to receive money. Unlike , public keys cannot be used to withdraw funds from an address. However, it seems that public key sharing is quickly becoming the target of attackers who exploit QR codes.
QR codes are simply scannable images that represent a string of text. commonly rely on QR codes because they provide a way for users to share a wallet address without the need for typing. The problem is that QR codes are easy to generate and hard to distinguish, and various malicious sites are taking advantage of that fact.
The Rise of Malicious Sites
Plenty of legitimate sites and wallets can convert crypto addresses to QR codes. However, a number of malicious sites are also offering the same function while surreptitiously inserting their own address. This technique is called a because attackers don’t actually gain access to a wallet — they simply intercept and redirect a transaction.
Since malicious sites frequently change the addresses that they use, it is hard to say exactly how much cryptocurrency these sites have stolen. However, after examining three different sites that rank highly in Google’s search results, it becomes clear that a small number of sites have stolen a substantial amount of money in a short time:
Address:
Received: $2,833.88 Active for: 32 days
Used by: bitcoinqrcodegenerator.win
Address:
Received: $6,022.64 Active for: 145 days
Used by: bitcoin-qr-code.com
Address:
Received: $161.74 Active for: 108 days
Used by: bitcoin-btc-qr-code-generator.com
Assuming that these numbers remain more or less consistent over time, these three sites would collectively be responsible for stealing over $47,000 worth in a year. This doesn’t account for the fact that one of the sites also owns Ethereum, Litecoin, and bitcoin Cash addresses, meaning that the total amount of stolen crypto could be even higher.
Suggested Reading : Learn about the best and the best .
Preventing An Attack
This sort of attack is very effective due to the fact that nearly every QR code looks identical to the naked eye. (or at least human-recognizable) QR codes would partially solve the problem, but since addresses themselves aren’t human readable, this solution can only go so far. Alternately, transaction verification features such as could ensure that crypto transfers reach the right person.
Neither of these solutions are widespread, though. Until cryptocurrencies or wallets implement a feature that prevents this sort of attack, the best solution is to use a reputable wallet with a built-in QR code generator. Ideally, you should also verify your QR code by reversing it and seeing if it produces the correct address, but selecting a is an important first step.
The post appeared first on .
Published at Mon, 07 Jan 2019 12:03:58 +0000
