Bitcoin Forum
November 10, 2024, 05:14:21 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: How is sending bitcoin through a QR-code safe ?  (Read 261 times)
Becassine (OP)
Hero Member
*****
Offline Offline

Activity: 2002
Merit: 816



View Profile WWW
July 14, 2023, 07:19:21 PM
Merited by lovesmayfamilis (1)
 #1

I was reading the very interesting post of LoyceV about this clipboard virus (https://bitcointalk.org/index.php?topic=5190776.0)

Quote
How it works
1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?

Nwada001
Hero Member
*****
Offline Offline

Activity: 756
Merit: 685



View Profile
July 14, 2023, 07:23:01 PM
 #2

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
I don't think that will ever be possible. The reason is this: for the clipboard virus, the hacker needs the victim to copy the original address, which he could change to his own. That's how the malware is being programmed.

But for QR codes, what you need is to use your device, scan through the QR code, and it will automatically be imputed to wherever you are sending from. So for the hacker to be able to change the QR Code scanner, they will need more extra work, but for the main time, address scanning is still the best option. And one should always cross-check his address before authorizing a transaction.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
[/quote]
Code:
[center][table][tr][td][/td][td][size=20pt][nbsp]
[size=6pt][color=#65e]█▄[/td]
[td][font=arial black][size=24pt]R[/size][/font][/td]
[td][size=2pt]


[color=#fec]▀[color=#fda]▀[color=#fc9]▀[color=#eb7]▀[color=#eb5]▀[col
Charles-Tim
Legendary
*
Offline Offline

Activity: 1722
Merit: 5206


Leading Crypto Sports Betting & Casino Platform


View Profile
July 14, 2023, 07:51:33 PM
 #3

If you are the receiver and you click on receive and the receive address is brought up as QR code, you are safe if the sender scan the QR code directly like that. But if you copy the address and want to send, the address can be changed by clipboard malware to a hackers address. So QR code is safe if you are the receiver and the sender scan the QR code directly from your device.

If you are the sender and you scan the QR code directly, it is also safe. You do not copy anything to the clipboard, not to talk of any data modified.

The malware gain access to the clipboard of a device and modifies data that is copied and change to attackers data. But with QR code, no data/address copied to the clipboard.

QR code used in this way is very safe. QR code is the safest for making bitcoin transaction, not only because data is not modified, but also because no way for malware to be transmitted.

But always check and double check the address before sending.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
FatFork
Legendary
*
Offline Offline

Activity: 1778
Merit: 2663


Crypto Swap Exchange


View Profile WWW
July 14, 2023, 07:58:32 PM
 #4

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?

To my knowledge, there hasn't been a single documented case of this specific type of attack. When you scan a QR code with your software wallet, the payment information is directly fed into your wallet without going through a clipboard buffer. This eliminates the possibility of malware intercepting and modifying the information. Nevertheless, it's still a good idea to double-check that the payment details actually match what you see on the screen next to the QR code, just to be safe.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
dkbit98
Legendary
*
Offline Offline

Activity: 2408
Merit: 7561



View Profile WWW
July 14, 2023, 08:05:57 PM
 #5

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
They started putting everything in QR codes, and I don't think this is always a good idea, but it can certainly be used for sending and receiving Bitcoin, or importing and exporting seed phrases.  
One of the problems I have with QR codes is bunch of different encoding that can be closed sourced, and it often happens one QR code is not compatible with some devices and smartphones.
It's trivial for scammers to change and modify QR codes, but using airgapped wallets (Passport, Keystone, Coldcard, Krux SeedSigner, etc) reduces that risk a lot.
Using QR codes with hot wallets can be problematic because it's much harder to verify if something is modified or not, so it's good to confirm address additioanlly.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Yawa2020
Member
**
Offline Offline

Activity: 812
Merit: 30


View Profile
July 14, 2023, 08:12:11 PM
 #6

But for QR codes, what you need is to use your device, scan through the QR code, and it will automatically be imputed to wherever you are sending from. So for the hacker to be able to change the QR Code scanner, they will need more extra work, but for the main time, address scanning is still the best option. And one should always cross-check his address before authorizing a transaction.
It might be possible by hacking the person's phone camera but this will be very difficult and will require a high professional tools which might not worth the stress and time. Scanning QR code seems secure for now but the problem with scanning is that distance transaction can not be carried out using scanning method.
un_rank
Hero Member
*****
Offline Offline

Activity: 896
Merit: 856


- Jay -


View Profile WWW
July 14, 2023, 08:22:19 PM
 #7

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
To the best of my software knowledge (which is not much), it is not possible yet for a QR code to be changed through a malware on the device it is being scanned on. If that is possible, then the phone need to have been so corrupted that the hackers will be able to steal whatever is on it without going through all that.

You will be extra secure if you double check every letter in the (scanned or copied) address before sending.

- Jay -

██
██
██
██
██
██
██
██
██
██
██
██
██
... LIVECASINO.io    Play Live Games with up to 20% cashback!...██
██
██
██
██
██
██
██
██
██
██
██
██
Nwada001
Hero Member
*****
Offline Offline

Activity: 756
Merit: 685



View Profile
July 14, 2023, 09:29:31 PM
 #8

It might be possible by hacking the person's phone camera but this will be very difficult and will require a high professional tools which might not worth the stress and time.

There is nothing impossible for these hackers, and nothing is expensive for them; they are already professionals in that field, looking for victims. If they see a tool that could help them hack through a camera (if there isn't any already), it will cost them little compared to what they will use that tool for, and as such, they will pay anything to get it. You spend money, combined with skill, to get things done.

Quote
Scanning QR code seems secure for now but the problem with scanning is that distance transaction can not be carried out using scanning method.
 
How do you mean that if I send a coin to the Bitcoin address of someone, do I need the person to be in the same place as me? No. The same thing is applicable with the QR code. If you are not sending it to your own wallet, where you will directly scan it from the wallet provider, all you have to do is ask the receiver to send you the QR code, and you can scan it from wherever you are.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
[/quote]
Code:
[center][table][tr][td][/td][td][size=20pt][nbsp]
[size=6pt][color=#65e]█▄[/td]
[td][font=arial black][size=24pt]R[/size][/font][/td]
[td][size=2pt]


[color=#fec]▀[color=#fda]▀[color=#fc9]▀[color=#eb7]▀[color=#eb5]▀[col
Faisal2202
Hero Member
*****
Offline Offline

Activity: 1386
Merit: 513


Payment Gateway Allows Recurring Payments


View Profile WWW
July 14, 2023, 10:00:04 PM
 #9

You pointed out a very good question. To understand the answer we must know how QR code works. We do know that each person has it's own unique QR code which is generated each time somewhere like in some wallets or exchanges such codes are unique everytime. Coming back to the point.

In QR code scams, a scammer could replicate ke exchange his own QR code with your QR code so when an other person intends to send you money by scanning that QR code then the money will be sent to him not you. And k think detecting such activities are difficult in QR code because in wallet address we can compare the characters but in QR code it is a big difficult to compare the patterns which might look same but the numbers hidden in it might contain different wallet address and that can't be seen by naked eyes of at least without decryption of it.

..cryptomus..   
  
.
lllllllllllllllllll CRYPTO
PAYMENT GATEWAY
▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀

▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀
ACCEPT
CRYPTO
PAYMENTS
..GET STARTED..
Stalker22
Legendary
*
Offline Offline

Activity: 1680
Merit: 1415



View Profile
July 14, 2023, 10:04:25 PM
 #10

~
all you have to do is ask the receiver to send you the QR code, and you can scan it from wherever you are.

I think that is exactly what he was implying. If the recipient sends the QR code remotely, for example via email or chat messages, then there is a risk that a potential attacker can intercept that communication and modify the QR code. Paying with a QR code is only safe if you are sure of the authenticity and integrity of the QR code you are scanning.

█████████████████████████
██
█████▀▀███████▀▀███████
█████▀░░▄███████▄░░▀█████
██▀░░██████▀░▀████░░▀██
██▀░░▀▀▀████████████░░▀██
██░░█▄████▀▀███▀█████░░██
██░░███▄▄███████▀▀███░░██
██░░█████████████████░░██
██▄░░████▄▄██████▄▄█░░▄██
██▄░░██████▄░░████░░▄██
█████▄░░▀███▌░░▐▀░░▄█████
███████▄▄███████▄▄███████
█████████████████████████
.
.ROOBET 2.0..██████.IIIIIFASTER & SLEEKER.██████.
|

█▄█
▀█▀
████▄▄██████▄▄████
█▄███▀█░░█████░░█▀███▄█
▀█▄▄░▐█████████▌▄▄█▀
██▄▄█████████▄▄████▌
██████▄▄████████
█▀▀████████████████
██████
█████████████
██
█▀▀██████████████
▀▀▀███████████▀▀▀▀
|.
    PLAY NOW    
Adbitco
Hero Member
*****
Offline Offline

Activity: 1610
Merit: 706


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
July 14, 2023, 10:19:28 PM
 #11

QR code to me is the safest way to scan and send payment since there is no copy and paste to send payment only scan and pay without copying address. QR code is already being designed with rightful address so there's no way to be attacked by any scammer or hacker. Although I can not say with all assurance that it can't be hacked, nowadays things are really happening because scammer are exploring different ways to phish people's funds.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
kamvreto
Legendary
*
Offline Offline

Activity: 1974
Merit: 1157

MAaaN...!! CUT THAT STUPID SHIT


View Profile
July 14, 2023, 10:48:51 PM
 #12

~
all you have to do is ask the receiver to send you the QR code, and you can scan it from wherever you are.

I think that is exactly what he was implying. If the recipient sends the QR code remotely, for example via email or chat messages, then there is a risk that a potential attacker can intercept that communication and modify the QR code. Paying with a QR code is only safe if you are sure of the authenticity and integrity of the QR code you are scanning.

It may have happened to me, fraudulent schemes are currently growing and becoming more sophisticated. Before making a payment with a QR code, we can see the payment information that appears before selecting the send button. here will be shown the intended merchant information and input the nominal to be sent. Sometimes there are people who replace the physical QR code in a store with their QR code (fraudsters) with almost the same name. That 's why you have to be careful and confirm before sending.
Nwada001
Hero Member
*****
Offline Offline

Activity: 756
Merit: 685



View Profile
July 14, 2023, 10:49:50 PM
 #13

~
all you have to do is ask the receiver to send you the QR code, and you can scan it from wherever you are.

I think that is exactly what he was implying. If the recipient sends the QR code remotely, for example via email or chat messages, then there is a risk that a potential attacker can intercept that communication and modify the QR code. Paying with a QR code is only safe if you are sure of the authenticity and integrity of the QR code you are scanning.

That's why it will always be advisable to me to request that the QR code be attached with the wallet below it for authentication purposes, and when that is also being done to take some extra measures for security reasons, we should always ask the sender to confirm if the address received and gotten from the QR code is the same as what was sent.

It may have happened to me, fraudulent schemes are currently growing and becoming more sophisticated. Before making a payment with a QR code, we can see the payment information that appears before selecting the send button. here will be shown the intended merchant information and input the nominal to be sent. Sometimes there are people who replace the physical QR code in a store with their QR code (fraudsters) with almost the same name. That 's why you have to be careful and confirm before sending.

Exactly why I said this 👇👇
And one should always cross-check his address before authorizing a transaction.

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
[/quote]
Code:
[center][table][tr][td][/td][td][size=20pt][nbsp]
[size=6pt][color=#65e]█▄[/td]
[td][font=arial black][size=24pt]R[/size][/font][/td]
[td][size=2pt]


[color=#fec]▀[color=#fda]▀[color=#fc9]▀[color=#eb7]▀[color=#eb5]▀[col
Cryptomultiplier
Full Member
***
Offline Offline

Activity: 952
Merit: 232



View Profile WWW
July 14, 2023, 11:26:19 PM
 #14

If the exchange shows options to send or receive crypto via QR code, it means it is a possible choice for transactions incase the other fails or you fail to have the requirements for it to approve a transaction.

QR code has been existing for some time now and it is rare to see most devices these days without its feature. One interesting thing is the way exchanges and some apps has included it as authentication option for login into an account, sharing files, data, contacts too. The uniqueness of the Hash is what also sets it apart. Each individual to its own hash.
Although the fear of having malicious bugs or phishing URL embedded within once scanned is accurate, to ensure a second or maybe a third confirmation of the details displayed is necessary to avoid falling victim to hackers or scammers.

████████████████████                                                    OrangeFren.com                                                ████████████████████
instant KYC-free exchange comparison
████████████████████     Clearnet and onion available #kycfree + (prepaid Visa & Mastercard)     ████████████████████
hatshepsut93
Legendary
*
Offline Offline

Activity: 3038
Merit: 2161


View Profile
July 14, 2023, 11:53:17 PM
Merited by LoyceV (4)
 #15

First of all, the QR code itself can be replaced without hacking. For example, if it's a sticker, someone can put their own sticker on top of the original one. If it's a photo posted on social media, someone can edit it in Photoshop to put their address. You get the idea.

But on software level, this task is not as trivial as replacing a clipboard, but still could be achieved, at least theoretically. The QR-code scanner app could be exploited to replace Bitcoin adresses with hacker's address, if it has such a sophisticated vulnerability.
ImThour
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1619


Bitcoin Bottom was at $15.4k


View Profile
July 15, 2023, 07:55:15 AM
 #16

It's difficult to replace a QR Code from a website if it's in SVG shapes like <rect> and if it's just an image, it can be easily replaced just like the Bitcoin Wallet Address.
If you don't understand the difference, I will explain it a bit more.

1. QR Code as a combination of Rectangles:


In this, you can see each rectangle has to be replaced to form a new QR.

2. QR Code as an Image: That will be just a QR code in a .png or .jpeg format and one line of code can replace it.

Hope it's helpful.
LoyceV
Legendary
*
Offline Offline

Activity: 3486
Merit: 17653


Thick-Skinned Gang Leader and Golden Feather 2021


View Profile WWW
July 15, 2023, 01:51:33 PM
 #17

With QR-codes, there's a much simpler attack vector than changing the QR-code: the malware will be in the software used to create or read the code.
Both malicious QR code generators and readers exist.

▄▄███████████████████▄▄
▄█████████▀█████████████▄
███████████▄▐▀▄██████████
███████▀▀███████▀▀███████
██████▀███▄▄████████████
█████████▐█████████▐█████
█████████▐█████████▐█████
██████████▀███▀███▄██████
████████████████▄▄███████
███████████▄▄▄███████████
█████████████████████████
▀█████▄▄████████████████▀
▀▀███████████████████▀▀
Peach
BTC bitcoin
Buy and Sell
Bitcoin P2P
.
.
▄▄███████▄▄
▄████████
██████▄
▄██
█████████████████▄
▄███████
██████████████▄
███████████████████████
█████████████████████████
████████████████████████
█████████████████████████
▀███████████████████████▀
▀█████████████████████▀
▀██████████████████▀
▀███████████████▀
▀▀███████▀▀

▀▀▀▀███▀▀▀▀
EUROPE | AFRICA
LATIN AMERICA
▄▀▀▀











▀▄▄▄


███████▄█
███████▀
██▄▄▄▄▄░▄▄▄▄▄
████████████▀
▐███████████▌
▐███████████▌
████████████▄
██████████████
███▀███▀▀███▀
.
Download on the
App Store
▀▀▀▄











▄▄▄▀
▄▀▀▀











▀▄▄▄


▄██▄
██████▄
█████████▄
████████████▄
███████████████
████████████▀
█████████▀
██████▀
▀██▀
.
GET IT ON
Google Play
▀▀▀▄











▄▄▄▀
satscraper
Hero Member
*****
Offline Offline

Activity: 910
Merit: 1638



View Profile
July 15, 2023, 03:01:35 PM
 #18


i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?

The short answer is YES,it is technically possible for malware to manipulate QR codes.

That is why it is very important to check the transaction's details ( such as destination address, change address, amount being sent) shown on the screen of airgapped hardware wallet if what is meant  in your question was HW interaction with bitcoin light client.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
pawanjain
Hero Member
*****
Offline Offline

Activity: 2856
Merit: 732


Nothing lasts forever


View Profile
July 15, 2023, 03:19:45 PM
 #19

I was reading the very interesting post of LoyceV about this clipboard virus (https://bitcointalk.org/index.php?topic=5190776.0)

Quote
How it works
1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?

Clipboard virus won't be able to do anything when we are using QR codes.
To apply the same technique for a QR the hacker will have to inject malicious code in the app that the user is using to scan the QR code.
That is something very hard to achieve because of security protocols on devices these days.
So we are good when using QR codes.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
tabas
Hero Member
*****
Offline Offline

Activity: 3178
Merit: 770


Top Crypto Casino


View Profile
July 15, 2023, 03:21:44 PM
 #20

Possible, like if you're in a store and a con gets in and tried to lose the attention of the staff replacing the QR code that's dedicated for direct store payments. I've seen a video dramatization of it. So, it's like a group of people, either a woman and man but also can be done by a single person. The woman attracts the staff and makes a conversation not knowingly, there's the intention of replacing the QR code with the one that they've made. So, this is the scenario in physical places. What I think for online transactions, it's the same scam that they're trying to imitate someone and just simply sends their own QR code to misled customers. And as said by satcraper, through malware so be cautious with links and files that you guys download.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!