Author

Topic: Be Careful Sharing The QR Code Of Your Wallet Too (Read 333 times)

hero member
Activity: 3094
Merit: 606
BTC to the MOON in 2019
Criminals are getting smarter and we need to be one step ahead of them, no matter how difficult it is. I have always been told never to give my private key or seed phrase to others, but now people scam by spreading seed phrases, it's so stupid and greedy for what they do. You will lose all your money in return, never trust a project or a website that forces you to enter 12 keys and understand it is just a scam and we need to be alert.
It is always a must not to share your private keys or even QR codes because in this digital age, scammers are even smarter than us. They will always find ways to scam other people because its their job that sustain their daily living. Everything that seems so suspicious should not be tolerated and as much as possible, never entertain people or websites that are almost indulging your privacy. I thought only private keys can get steal, but now also QR codes. This is the reason why we should always stay alert and cautious.
member
Activity: 139
Merit: 10
Criminals are getting smarter and we need to be one step ahead of them, no matter how difficult it is. I have always been told never to give my private key or seed phrase to others, but now people scam by spreading seed phrases, it's so stupid and greedy for what they do. You will lose all your money in return, never trust a project or a website that forces you to enter 12 keys and understand it is just a scam and we need to be alert.
member
Activity: 742
Merit: 30
Thanks so much for the advice. This world is an advance place due to technology advancement, small mistakes will lead to a very huge lost, most especially wallets keys that give access to all token and assets in the wallet, once some scammers were able to access your key all tokens were gone. This is a very good advice I hope newbies like me will take note of this.
sr. member
Activity: 811
Merit: 250
Yes, I believe QR codes infected with malware constitute a new concern. When you scan the code, a malicious code will record information about your wallet which can be used to commit fraud. Scanning should be done with care.
Wow, I never realized this myself if it turns out that fraudsters have been able to create fake QR codes that can scan all the information of other people who scan their codes, this is really scary because fake QR codes and real ones are indistinguishable.
jr. member
Activity: 840
Merit: 4
Oh, wow that's anew one. I honestly didn't know that. And looking critically at it, its a huge security breach. I just checked my mobile Metamask, and truly, they have disabled that share option. So kudos mate, for bringing this up. By the way, many malicious actors would hate your guts for this
sr. member
Activity: 1904
Merit: 256
Vave.com - Crypto Casino
Usually QR also has data for access to our wallet. Even if we open Myetherwallet there to get the private key. We will also be shown with a QR code. We need to be more careful to store our wallet access. Accessing a QR account is required.
hero member
Activity: 2114
Merit: 603
It seems we are missing a point here.
The QR code which was shared by the user was associated with his private keys.

#3 Tweet specify the exact communication of NFT guy with the fake mod. They clearly mentions that it was private key which got shared by mistake. I am pretty sure there is low chance that the tech will be able to extract the private keys from the public key. This way not only MetaMask but the whole other wallets will be compromised / should have been compromised by this time as they use the same synchronisation protocol.

It's really a good share btw because everyone should have their eyes wide open before sharing their qr codes. Good insane tip is to keep both of them separate and only keep the public keys handy while sharing.  Smiley
sr. member
Activity: 2226
Merit: 259
Buzz App - Spin wheel, farm rewards
A bit such incident happened with me. I store my 2fa QR code image in my email and somehow it’s stolen by hacker even though at first i didn’t found any clue how it happened than i observed it’s leaked from my QR code. Thanks for your post to alerting in here.  
This is why I don’t sent any details on email because it can compromise and its too risky. Hackers has a lot of ways to hack people, sharing QR code of your address might also be risky, better not to try it at all. Store all your important information online, this could save you a lot from any trouble especially now the market is getting better so you might want to be safe.

Actually we had better store all our passwords and keys vice versa off-line, on paper in the place where nobody has access to. If you store it somewhere in your computer, a hacker can send you a letter with virus for example, and this way your computer will be hacked and all information will be stolen. So personally I have put all my keys in my notebook.
This mistaken was a few years back when i was newbie in bitcointalk. I learned from this incident now again i will never do this shit. My all of wallet secret phrase stored in offline, nothing 100% safe in online though i am using internet security to protect my computer from unexpected things.
full member
Activity: 938
Merit: 105
Yes, I believe QR codes infected with malware constitute a new concern. When you scan the code, a malicious code will record information about your wallet which can be used to commit fraud. Scanning should be done with care.
full member
Activity: 661
Merit: 100
A bit such incident happened with me. I store my 2fa QR code image in my email and somehow it’s stolen by hacker even though at first i didn’t found any clue how it happened than i observed it’s leaked from my QR code. Thanks for your post to alerting in here. 
This is why I don’t sent any details on email because it can compromise and its too risky. Hackers has a lot of ways to hack people, sharing QR code of your address might also be risky, better not to try it at all. Store all your important information online, this could save you a lot from any trouble especially now the market is getting better so you might want to be safe.

Actually we had better store all our passwords and keys vice versa off-line, on paper in the place where nobody has access to. If you store it somewhere in your computer, a hacker can send you a letter with virus for example, and this way your computer will be hacked and all information will be stolen. So personally I have put all my keys in my notebook.
member
Activity: 411
Merit: 10
You have heard about never share your private key or recovery phrase but sharing qr codes is as dangerous.

There is sync with mobile feature in metamask wallet which lets you sync your desktop metamask with mobile, problem is it gives complete access to the one scanning qr, which many are unaware of.

Victim: https://twitter.com/Ape_NFTs/status/1427706077332873220

Unfolding of events: https://twitter.com/MyCrypto/status/1427711396498731009

Other cases:


Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.

Edit: metamask has disabled the qr code feature as of now.

With the way the crypto space is growing and the push for scammers to get to their victims in any way they can, I would say it's better not to share any information other than wallet addresses with anyone or even store it on your frequently used device, offline is always best . Also, better to just share the wallet address but anything short of that, just keep it to yourself, the reason being, I used to know you could scan a QR code instead of sending an address but with this new development, let someone not get mixed up, then just a better wallet address to share.
sr. member
Activity: 2226
Merit: 259
Buzz App - Spin wheel, farm rewards
A bit such incident happened with me. I store my 2fa QR code image in my email and somehow it’s stolen by hacker even though at first i didn’t found any clue how it happened than i observed it’s leaked from my QR code. Thanks for your post to alerting in here.  
legendary
Activity: 2086
Merit: 1058
For your safety , when making use of a cryptocurrency wallet, you don’t have to be sharing any information at all with people you don’t know. Everything that has to do with your cryptocurrency wallet should be secured, every single bit of information. Even the slightest information that you least expect can be used to track or hack your wallet and before you know it you have lost your assets that are stored in there.

So, when giving out information just make sure that you’re giving out the ones you’re meant to give out and not the ones you are not to. It’s just like people who drop their emails online thinking that there is no risk in doing that, that can be a risk because anyone can hack your email and look through it and be able to lay hands on information that are very important to you. So, let’s always be guided.
member
Activity: 1274
Merit: 14
I never thought that such troubles could arise because of the QR code of my wallet. I constantly use the METAMASK application and this information is very important to me. Thanks to the author.
full member
Activity: 1190
Merit: 111
If you are a type of gullible individuals here in crypto space, certainly, you are closed to become a victim by the scammer
for sure. That is why my rule is never talk to a stranger unless you know him anyhow. And never forget that Qr code,
seed phrase or private key is the most important matter here in cryptocurrency business industry
member
Activity: 199
Merit: 10
https://rangersprotocol.com/
There are many extremely sophisticated scams that make us fall into the trap at any time. Thanks for sharing these, it is very helpful for me and those around me.
copper member
Activity: 142
Merit: 6
Sharing personal wallet information is always been prohibited. So many scammer now and if you used to give your wallet info than you are saying goodbye to your funds on that wallet. We know that we used mostly trust wallet and metamask. They have a QR code features and agree of what you have said, QR code is dangerous than other password, recovery phrase  and etc. This should be not shared at all and should be take care my the wallet owner at all times.
copper member
Activity: 2324
Merit: 2142
Slots Enthusiast & Expert
You have heard about never share your private key or recovery phrase but sharing qr codes is as dangerous.
It depends on what kind of QR codes. If it only contains your (public) address, I think it's safe. But there are private QR codes that you should keep it for yourself, such as, private keys and websites sync which is quite popular for login from phone apps, or vice versa. Binance, Okex, and other popular exchanges also use this method, so keep it (the qr code) secret.

Anyway, thanks for mentioning this so that newbies won't fall to scams.
legendary
Activity: 1932
Merit: 4602
Buy on Amazon with Crypto
I also did not know about this metamask possibility.
But I always use a hardware wallet to work with metamask. The seed phrase is not stored on the computer, and any action requires pressing buttons on the hardware wallet.
The same algorithm applies to mobile phone owners.
People store hundreds of thousands of dollars in wallets and have no desire to spend $ 100 on security.
full member
Activity: 1498
Merit: 146
Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.
PMs from strangers are bad.
PMs from anyone in which the sender asks for money is bad & suspicious. You must check that it is a real person you know or an impersonator
PMs from entire stranger who ask for money is most terrible.

I always do video calls in order to confirm that the person I will send money to is the person who sent me PMs.

It never came to 'sending money' in these scams, those are obvious.
They are tricky and becoming smarter now, they are trying scam which seems more realistic than old methods so we also have to keep updated about their scamming strategies to stay away from those scams. Sharing is caring! Smiley
hero member
Activity: 2520
Merit: 952
Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.
PMs from strangers are bad.
PMs from anyone in which the sender asks for money is bad & suspicious. You must check that it is a real person you know or an impersonator
PMs from entire stranger who ask for money is most terrible.

I always do video calls in order to confirm that the person I will send money to is the person who sent me PMs.

It never came to 'sending money' in these scams, those are obvious.
hero member
Activity: 2366
Merit: 838
Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.
PMs from strangers are bad.
PMs from anyone in which the sender asks for money is bad & suspicious. You must check that it is a real person you know or an impersonator
PMs from entire stranger who ask for money is most terrible.

I always do video calls in order to confirm that the person I will send money to is the person who sent me PMs.
hero member
Activity: 2520
Merit: 952
Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.
copper member
Activity: 966
Merit: 5

Thanks for sharing this very important information and I am not even aware of such, although I have not tried it before. One of the things that comes with innovations is that, the more a technology grows, the more the users needs to be up to date with what's happening, else a small mistake might put the user at a great risk.
With the way crypto space is growing and the urge of scammers to get their victims in anyway they can, I would say it is quite better not sharing any sort of information apart wallet address with anyone nor even keeping such in your prominently used devices, offline is always the best. Also, it's better sharing only wallet address but anything short than that, just keep it to yourself, the reason for this is, I used to know you can scan QR code instead of sending address but with this new development, let someone not get mixed up, hence only wallet address is better to share.
hero member
Activity: 2884
Merit: 579
Hire Bitcointalk Camp. Manager @ r7promotions.com
Thank you for this additional knowledge.

I didn't know that it can possibly happen so for those that usually use mobile for their metamask, it's better to take note on this.

And as well as bookmark it.
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
Had to confess I don't know about this before, I don't know that QR code can take over a wallet permanently just like inserting a private key, thanks for sharing OP, if someone asked me for my wallet QR code I would have send it thinking it's nada
Scammers only take advantage of the victim's negligence to let them explore the device and take over anything before the victim realizes that they were being tricked at that time. This scam is likely to occur on exchange accounts that have a similar syncing method to other devices, I saw it in some exchange mobile apps and interestingly that doesn't require confirmation (2fa, email, etc.) as complicated as on the web version to withdraw funds.
hero member
Activity: 2520
Merit: 952
full member
Activity: 546
Merit: 148
You have heard about never share your private key or recovery phrase but sharing qr codes is as dangerous.

There is sync with mobile feature in metamask wallet which lets you sync your desktop metamask with mobile, problem is it gives complete access to the one scanning qr, which many are unaware of.

Victim: https://twitter.com/Ape_NFTs/status/1427706077332873220

Unfolding of events: https://twitter.com/MyCrypto/status/1427711396498731009

QR code can be tactical and should be treated with caution.

I dropped a guide about QR code for any who wish to learn some days ago on [GUIDE] QR CODE: How they are implemented on Bitcoin, Alts and exchange wallet

Protect your finances.
member
Activity: 420
Merit: 13
$CYBERCASH METAVERSE
Had to confess I don't know about this before, I don't know that QR code can take over a wallet permanently just like inserting a private key, thanks for sharing OP, if someone asked me for my wallet QR code I would have send it thinking it's nada
hero member
Activity: 1722
Merit: 801
With extension from wallet, I only use it with a wallet for one purpose. I don't store all my money in that wallet because if wallets are closed source, I don't know what they built in the extensions.

QR code of 2FA is risky too. It is always easier to scan QR code to set up 2FA for your account but many people scan 2FA QR code and forget to back it up. You will have two options to set up your 2FA, type it, copy and paste, scan QR Code.

I copy and paste to back it up.
Type it manually to check the usability of my backup.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
I really want to know how the process of this crime, I mean technically.
Just read the following threaded tweets [8 parts] and you'll see the whole picture:


How we should handle these criminals?.
Always double-check and verify who you're talking with [it's a simple step but unfortunately, a lot of people tend to forget or ignore it].

@libert19
Thank you for posting this [bookmarked].
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
I knew of that feature when I was setting up my Metamask on my smartphone. I didn't realize that it has that kind of risk involved when connecting the two. I think this is vital information that everyone should've known and have an idea about.

I also recently saw how someone got hacked; even though he has been in the crypto space for a long time and knows its ins and outs, but he still got hacked. They somehow connected to the wrong site and input the seed phrase. He has been out of his mind doing that, and that's just what happens when you are not in your best condition.

https://www.coinspeaker.com/nft-game-loses-cryptopunk-scammers/
member
Activity: 248
Merit: 13
Futiracoin.com
Good one libert19 imagine a scammer talking to a crypto newbie, asking him or her to send her qrcode for unknown reasons stating that they don't need their private keys because that shouldn't be shared with strangers, I'm telling you this is doable for newbies
member
Activity: 966
Merit: 25
Ton Together | Save Smart & Win Big
Oh wow, it's really a cruel and scary world. Thank you for sharing. However, if it's legit, I really want to know how the process of this crime, I mean technically. Criminals are getting smarter every day and we need to be a step ahead of them even though it's hard. I was always told to never spread my private key or phrase seeds to other people, but now people scamming by spreading the phrase seeds, This is insane, and now people got scammed by QR code. How we should handle these criminals?.
hero member
Activity: 2520
Merit: 952
You have heard about never share your private key or recovery phrase but sharing qr codes is as dangerous.

There is sync with mobile feature in metamask wallet which lets you sync your desktop metamask with mobile, problem is it gives complete access to the one scanning qr, which many are unaware of.

Victim: https://twitter.com/Ape_NFTs/status/1427706077332873220

Unfolding of events: https://twitter.com/MyCrypto/status/1427711396498731009

Other cases:


Holy shit, another! 250 eth: https://mobile.twitter.com/sohrobf/status/1430478533306982408

2) https://mobile.twitter.com/oneinaneillion/status/1429333073066295296

Always verify who you receive dms from, all these scams started from fake dms then proceeded to MM qr code.

Edit: metamask has disabled the qr code feature as of now.
Jump to: