Pages:
Author

Topic: How is sending bitcoin through a QR-code safe ? - page 2. (Read 264 times)

hero member
Activity: 798
Merit: 702
It might be possible by hacking the person's phone camera but this will be very difficult and will require a high professional tools which might not worth the stress and time.

There is nothing impossible for these hackers, and nothing is expensive for them; they are already professionals in that field, looking for victims. If they see a tool that could help them hack through a camera (if there isn't any already), it will cost them little compared to what they will use that tool for, and as such, they will pay anything to get it. You spend money, combined with skill, to get things done.

Quote
Scanning QR code seems secure for now but the problem with scanning is that distance transaction can not be carried out using scanning method.
 
How do you mean that if I send a coin to the Bitcoin address of someone, do I need the person to be in the same place as me? No. The same thing is applicable with the QR code. If you are not sending it to your own wallet, where you will directly scan it from the wallet provider, all you have to do is ask the receiver to send you the QR code, and you can scan it from wherever you are.
hero member
Activity: 644
Merit: 661
- Jay -
i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
To the best of my software knowledge (which is not much), it is not possible yet for a QR code to be changed through a malware on the device it is being scanned on. If that is possible, then the phone need to have been so corrupted that the hackers will be able to steal whatever is on it without going through all that.

You will be extra secure if you double check every letter in the (scanned or copied) address before sending.

- Jay -
member
Activity: 826
Merit: 30
But for QR codes, what you need is to use your device, scan through the QR code, and it will automatically be imputed to wherever you are sending from. So for the hacker to be able to change the QR Code scanner, they will need more extra work, but for the main time, address scanning is still the best option. And one should always cross-check his address before authorizing a transaction.
It might be possible by hacking the person's phone camera but this will be very difficult and will require a high professional tools which might not worth the stress and time. Scanning QR code seems secure for now but the problem with scanning is that distance transaction can not be carried out using scanning method.
legendary
Activity: 2212
Merit: 7064
i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
They started putting everything in QR codes, and I don't think this is always a good idea, but it can certainly be used for sending and receiving Bitcoin, or importing and exporting seed phrases.  
One of the problems I have with QR codes is bunch of different encoding that can be closed sourced, and it often happens one QR code is not compatible with some devices and smartphones.
It's trivial for scammers to change and modify QR codes, but using airgapped wallets (Passport, Keystone, Coldcard, Krux SeedSigner, etc) reduces that risk a lot.
Using QR codes with hot wallets can be problematic because it's much harder to verify if something is modified or not, so it's good to confirm address additioanlly.
legendary
Activity: 1820
Merit: 2700
Crypto Swap Exchange
i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?

To my knowledge, there hasn't been a single documented case of this specific type of attack. When you scan a QR code with your software wallet, the payment information is directly fed into your wallet without going through a clipboard buffer. This eliminates the possibility of malware intercepting and modifying the information. Nevertheless, it's still a good idea to double-check that the payment details actually match what you see on the screen next to the QR code, just to be safe.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
If you are the receiver and you click on receive and the receive address is brought up as QR code, you are safe if the sender scan the QR code directly like that. But if you copy the address and want to send, the address can be changed by clipboard malware to a hackers address. So QR code is safe if you are the receiver and the sender scan the QR code directly from your device.

If you are the sender and you scan the QR code directly, it is also safe. You do not copy anything to the clipboard, not to talk of any data modified.

The malware gain access to the clipboard of a device and modifies data that is copied and change to attackers data. But with QR code, no data/address copied to the clipboard.

QR code used in this way is very safe. QR code is the safest for making bitcoin transaction, not only because data is not modified, but also because no way for malware to be transmitted.

But always check and double check the address before sending.
hero member
Activity: 798
Merit: 702
i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
I don't think that will ever be possible. The reason is this: for the clipboard virus, the hacker needs the victim to copy the original address, which he could change to his own. That's how the malware is being programmed.

But for QR codes, what you need is to use your device, scan through the QR code, and it will automatically be imputed to wherever you are sending from. So for the hacker to be able to change the QR Code scanner, they will need more extra work, but for the main time, address scanning is still the best option. And one should always cross-check his address before authorizing a transaction.
hero member
Activity: 1820
Merit: 775
I was reading the very interesting post of LoyceV about this clipboard virus (https://bitcointalksearch.org/topic/how-to-lose-your-bitcoins-with-ctrl-c-ctrl-v-5190776)

Quote
How it works
1. You select a Bitcoin address, and press CTRL-C.
2. The malware changes the address to an address owned by the hacker/scammer.
3. You press CTRL-V and lose any funds you send.
Even if you check part of the pasted Bitcoin address, chances are the first few characters are the same, and you still won't notice the address was changed.

i was wondering if it's possible to change a QR-code the same way that the victim sends the btc to the scammer address ?
Pages:
Jump to: