Home / Headlines / 4 of 5 Bitcoin QR Code Generators Are Complete Scams
Headlines
3 min read

4 of 5 Bitcoin QR Code Generators Are Complete Scams

Last Updated March 4, 2021 2:39 PM
Greg Thomson
Last Updated March 4, 2021 2:39 PM

An analysis of Bitcoin QR code generators reveals the precarious state of basic security in the cryptocurrency sphere.

A report from ZenGo  shows four out of the top five QR code generators listed on Google’s front page are controlled by scammers. When a user tries to create a QR code for their Bitcoin address, the malicious websites generate a QR code for the scammer’s own wallet.

At least $20,000 can be linked to the malicious addresses – likely a fraction of the total amount stolen over the years.

4 of Top 5 QR Code Generators are Scams

bitcoin qr code generator scam
According to ZenGo, these two Bitcoin QR code generator websites are scams. Google ranks them second and third when you search for a QR code tool. | Source: www.ccn.com/Google

Rather than type out their 34-character address for every transaction, a cryptocurrency user has the option of generating a QR code. Essentially acting as a personal barcode, the QR code links back to the user’s wallet address. When a vendor needs to receive a transaction, all the buyer has to do is scan it with their smartphone.

The QR code has become staple of the cryptocurrency space in recent times. They are used by vendors, content creators, and tippers on a constant basis – all over the internet.

That makes ZenGo’s findings all the more troubling. When “Bitcoin QR Generator” is typed into Google, four out of the top five results turn out to be scams.

The method used by the scammers is very simple. They just replace the user’s wallet address with their own. Furthermore, when a user copies an address to their clipboard in order to paste it, the websites silently replace the address with that of the scammer’s.

bitcoin qr code generator
The user’s address is replaced by the scammer’s. Any money sent to the QR address will go straight to the thieves | Source: ZenGo

Adaptive Bitcoin Thieves

The malicious websites also prove very adaptive – producing fake addresses for any of Bitcoin’s multiple address formats, making the fakes even harder to detect. An analysis of the code underlying the web pages reveals some scammers don’t even use their own QR generators. Instead, they import the generator used on the popular Blockchain.com website.

The following websites and addresses have been identified as fraudulent, and have been reported to relevant authorities.

Bitcoin Scam Addresses
A list of the four scam websites and the associated Bitcoin addresses | Source: ZenGo

One address collected 0.58 Bitcoin in just two months – equivalent to around $5.5k. In total, over $20,000 was found spread across the four addresses listed.

ZenGo recommends that people don’t use Google when they want to generate Bitcoin QR codes, but instead use a trusted website like a blockchain explorer (most offer them for free). Users should also scan the QR code with their phones before using it to make sure it links to their own address.