Cryptocurrency addresses encoded in QR codes vulnerable to hackers, warn the creators of the crypto ZenGo.
Before implementing support for QR code in your wallet, the creators of ZenGo analyzed and as a result they came to the conclusion that criminals is not difficult to forge a QR code and thus to take possession of bitcoins. The experts utilize the resources discovered in the browser Google to create a QR code for the address 18Vm8AvDr9Bkvij6UfVR7MerCyrz3KS3h4.
Was unexpectedly generated a QR code through which cryptocurrency got to address intruders 17bCMmLmWayKGCH678cHQETJFjhBR44Hjx. Further research by experts showed that criminals create fraudulent multi-level combination on the basis of this vulnerability.
For example, the widely used scheme where validation address seems correct, if you examine only the beginning of an alphanumeric expression. A number of resources to create fake QR codes, noting that you are trying to copy the address to clipboard, to explore replace it to the correct address.
Thus, experts have identified the move $20 million in bitcoin, which thanks to this vulnerability were on cryptocotyle hackers, and they believe that this is a small part of criminal activity through the study were in sight.
The developers warn ZenGo owners of cryptocurrencies:
Do not use “generators of QR codes” in browsers. Use only checked by reviewers of blocks or resources that you have learned from reliable sources.
Before you put the QR code on our own resource, carry out experimental moving cryptocurrencies at this address
Users can also use a special tool for search engine that able to explore vulnerability, such as Cryptonite. They will notify the user about malicious resources and addresses (in this case, all the attacks can not be identified using these settings).
The creators ZenGo consider:
Fraud may be on the recipient side when code is generated, as shown in this case. However, it can also occur on the sender side, if it a fraudulent trick or fraudulent implementation of the function of a QR code on a good purse. In the future we will be faced with the problem of fraud associated with QR codes. The cryptocurrency community must address this problem and propose more effective ways of protecting against fraud.
Recall that in Canada criminals often “trades” at cryptomate with stickers warning that the device is not working. They convince the citizens to carry out translation with the use of a QR code on fraudulent cryptococal. Therefore it is worth checking, unwrapped it true QR code fake.
In the Netherlands, the attackers parked car offered to citizens for $5, if they “hold Parking” by using QR code and a banking application.
Having access via QR code to the user’s personal data, hackers transferred funds to their accounts.
Great article 0