Next time you plan on using one of those Bitcoin QR generator websites to simplify your cryptocurrency transactions, just take a moment to verify its authenticity first. Chances are you’re about to fall prey to a scam.

Researchers from ZenGo, a cryptocurrency wallet provider, published a worrying report late last month claiming that there are, in fact, a plethora of fake Bitcoin QR scam generating websites out there ripping unsuspecting users of their precious Bitcoins.

4 of the top-5 Bitcoin QR Generators on Google Are Fake

This is perhaps the most alarming bit to have come out of the report as the researchers found that four out of the top-five search results against the keyword “Bitcoin QR Generator” turned out to be scams.

For the uninitiated, a Quick Response code — or simply QR code — is a type of matrix barcode commonly used for storing data in a machine-readable optical label. These codes come handy in Bitcoin transactions by enabling users to quickly generate a QR code for their Bitcoin wallet and share it with the payer. This is much more time-efficient and less error-prone as compared to having to manually type a complicated wallet address.

The scam highlighted by the ZenGo researchers in their Aug 29 report is simple yet highly effective. It generates a QR code at the request of the unsuspecting victim without displaying any suspicious behavior whatsoever.

However, the QR code thus generated links itself to the scammer’s Bitcoin wallet instead of the victim’s, which means any payment made using the QR code shared by the victim is actually deposited in the wallet of the scammer.

Security researcher and ZenGo co-founder Tal Be’ery added:

“[..]the scammers do not even bother with generating their fake QR themselves, instead they shamelessly call a blockchain explorer API [..] to generate the QR for their address.”

Just How Successful Are These Scammers?

The ZenGo research team studied the Bitcoin public addresses associated with these scam QR generating sites and found that they have collectively duped people of Bitcoin worth about $20,000.

One of these addresses saw 21 transactions over the course of two months, accumulating 0.58 BTC in that period.

The researchers, however, say that this could be just the tip of the iceberg as the scam is likely to be far more menacing considering that scammers probably periodically switch to different wallets to avoid raising suspicion.

Some of these scam websites also walk the extra mile to avoid detection just in case the victim becomes suspicious. For example, Tal Be’ery noted that a few of these scammers copied their own wallet address to the victim’s clipboard.

“[..] If victims verify the QR code by pasting the value in the clipboard, thinking it’s the address they previously copied to get a QR for, it will match.”

How to Stay Safe From Bitcoin QR Generator Scams?

To steer clear of these scammers, ZenGo advises users to stick to only trusted websites to generate their Bitcoin wallet QR codes (instead of using random sites found on Google search).

Besides, users are advised to verify the newly generated QR code using a wallet app before sharing it with peers. For added protection, ZenGo also recommends using a trusted Threat Intelligence Service to avoid questionable websites and services.

What about you, though? Did you ever come across any scammy services that tried duping you of your Bitcoin stash? If you did, share your experience in the comments below along with any advice you might have for fellow users.

Images are courtesy of Shutterstock, Twitter.