Author

Topic: Using QR codes as Bitcoin address protection (Read 342 times)

member
Activity: 82
Merit: 28
February 03, 2024, 10:22:33 PM
#20
I curious to know does this also have a negative effect on quick response codes generated by exchanges. I mean are the QR codes generated by exchanges safe for transactions? And how do they generate there own codes.

The visual verification never fails, so when you copy or use QR simply verify it before sending. I would never use a QR by message or on a website to receive payments.

Quote
QR codes have disadvantages in phishing, since victims need to be compelled to scan them for the attack to progress. But they make it more difficult for victims to evaluate the trustworthiness of the URL they’re clicking on, and it’s more likely that emails containing a QR code will reach their target, because it’s more difficult for spam filters to assess QR images included in an attachment like a PDF...
https://www.wired.com/story/qr-codes-phishing-attack/

It is not the subject that concerns here, but...
hero member
Activity: 714
Merit: 1298
February 03, 2024, 06:58:25 AM
#19
QR codes may be used in phishing attacks and the last months have shown the increase of their utilization   at installing  "malware on the end-user endpoint," and, also  "stealing credentials".

Thus "using QR codes as Bitcoin address protection" could put  the false perceptibility  of   the safety on the client  who solely relay on such codes at paying .
hero member
Activity: 2114
Merit: 603
I am still thinking how I will be able to confirm whether the address that I scanned is actually the one I want money to be sent on? When it comes to actual Bitcoin address I can still check the address five times and see whether its correct Or not?

Looking at the discussion above I believe its not the perfect way to go for it. In fact there are already tools that generate the QR codes by just using generic tools. So that is still an optional -option. Smiley
sr. member
Activity: 602
Merit: 291
Bitcoin in Niger State💯
I was reading some threads talking about malware attacks and clipboard virus so I thought of using something new to protect Bitcoin address, though I'm still anticipating a cold wallet to use this method on but I thought of sharing it. I don't know if this belongs here or beginners and help.

So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with. I also thought of how easy it would be for businesses that uses Bitcoin as payment method. It could be printed out and pasted on points where it can be scanned easily.

Although there could be some negative effect of this action but at least it's a good ideal from my perspective.

I don't think QR codes provide any better protection to your wallets. I also see that you mentioned cold wallets, if you are talking about storing your private keys in a QR code, that will be the worst and most craziest idea to ever attempt – I'm saying this will all sincerity of purpose — because I QR Codes are never a safe way of securing your private keys neither is it an alternative to cold wallets.

In fact, even though we've seen bitcoin exchange platforms like Binance and Trust wallet that gives you the option of using QR codes to replace your address, I think it is mostly provided to serve as an easy way to allow your a sender send you funds to your wallets without having to copy your wallet address. In that regards, one could encourage you to use QR codes especially as you are scared of the sender mistakenly tempering with your address which are represented in hexadecimals. I can encourage the use of QR Codes in P2P transactions especially when they are closed transactions.

For public transactions, which includes a situation when you have to drop your wallet address in a public space, I can advise that you use your wallet address instead of the QR Code as people can manipulate your QR Codes to theirs and you will not notice the difference. But at least, once there's a change in your wallet address, you can easily detect that.

LASTLY, DO NOT USE QR CODES TO STORE YOUR PRIVATE KEYS, IT'S ONLY EXPOSING YOUR KEYS TO HACKERS WHO CAN MANIPULATE YOUR QR CODES.
hero member
Activity: 868
Merit: 952

I like scanning QR codes, but I prefer to use what I can see and understand. I can see addresses and I can see when something is wrong with it.

You can still see the details of the transaction before and after you broadcast the transaction. The QR code is also safe to be me safer than copying and pasting address most especially if you’re using a cold storage wallet. Pasting and copying of addresses is risky with malware attack but with QR code if generated properly not like what OP suggested is better. All you need to do is to just verify the transaction details after just like you will do when copying.
sr. member
Activity: 756
Merit: 356
So copying your Bitcoin address and sending it to someone when you want to receive Bitcoin is at risk of being exposed to clipboard malware, but copying it to paste on an online website to convert it to a QR code is safe?  I think not.

On this forum, I learned to verify any address I'm sending Bitcoin to by manually checking if all the address characters match with the one in sending to and this has always helped me. I'm sorry but I cannot just trust an online converter with something I can easily do.

I like scanning QR codes, but I prefer to use what I can see and understand. I can see addresses and I can see when something is wrong with it.
legendary
Activity: 3472
Merit: 10611
So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with.
The flaw is in the bold part not in the data format.

Your mistake here is that you think just because you change the format from a simple string (address) to a simple image (QR) you are providing security. But it is just data in a different format and malware that can manipulate the string can also manipulate the JPG/PNG/... too. In fact its very trivial to write such a malware.

To solve the issue the "send" part should be addressed. For example if it is being sent through the internet, an additional encryption layer could be used like signing the address using a GPG key which the receiver can verify independently to ensure authenticity.
legendary
Activity: 2758
Merit: 6830
I curious to know does this also have a negative effect on quick response codes generated by exchanges. I mean are the QR codes generated by exchanges safe for transactions? And how do they generate there own codes.
They probably use an open source library to generate the QR codes. I wouldn't take away the possibility of an exchange or wallet getting supply-chain attacked like they already have before - meaning, an open source library is hijacked and altered to do stuff it shouldn't do, for example, generating a different address.

NPM dependencies, supply chain attacks, and Bitcoin wallets

To all cases, you should ALWAYS double check the address regardless if you're copy-pasting it or scanning a QR. Double, triple check it... at the beginning, middle and end. Blindly trusting the image on your PC is not an option. Tongue

Copy your address -> paste it -> verify
Scan your QR -> verify the resulting address
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I mean are the QR codes generated by exchanges safe for transactions?
We don't know. I'm not aware of a centralized exchange with a back-end code audit. If we are to measure security by instances of victims by such attack, then it is most likely safe; I have never heard of such a case, mostly because it doesn't make any sense. If an exchange is compromised, the attacker will empty their wallet; they will not try to convert it into their own phishing site.
jr. member
Activity: 87
Merit: 3
So you basically say, choosing a random QR generator website on the internet is the safe option. I highly doubt it.

In any case, eye checking the address takes literally 2 seconds.
member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
I'm aware of the above mentioned negative effect of this action or that it could be hacked and changed which is why i said this below.
Although there could be some negative effect of this action but at least it's a good ideal from my perspective.

In summary, it provides no extra security, introduces more complexity, and is worse privacy-wise.
I curious to know does this also have a negative effect on quick response codes generated by exchanges. I mean are the QR codes generated by exchanges safe for transactions? And how do they generate there own codes.
hero member
Activity: 1456
Merit: 940
🇺🇦 Glory to Ukraine!
I agree. QR codes can make sending bitcoin way more convenient than typing out those long addresses.  Especially while using hardware and mobile wallets that can scan QR codes. But there's some risk with QR codes getting swapped out or changed before you scan them.  While I don't know if such malware already exists, like clipboard malware, it's only a matter of time before hackers develop such a tool. So you gotta be real careful.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
There are lots of QR code generators on the internet but you should look for the most reliable provider to use. For instance, I used this website https://www.qr-code-generator.com/[/li][/list]
Sounds like a privacy nightmare. If you want to generate QR coded addresses, use the internal function of a wallet software, like Electrum.

Hence it generates a QR code that you can download as an image.
And you should verify that the QR code actually corresponds to your address and not to theirs.

So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with.
What prevents someone from tampering your QR coded address?



In summary, it provides no extra security, introduces more complexity, and is worse privacy-wise.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I can't say it's good idea. Aside from what @Hatchy said,
1. I expect many Bitcoiner will find it's not convenient option especially for those who use PC or laptop.
2. Some service which accept cryptocurrency force you to enter Bitcoin address on text field.
3. If you upload the image to 3rd party website, there's small possibility owner of the website tamper with your image.

There are lots of QR code generators on the internet but you should look for the most reliable provider to use. For instance, I used this website https://www.qr-code-generator.com/[/li][/list]

Some wallet software can generate QR code for address on your wallet, use that instead.
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
That's an interesting premise you've got there, OP! Using QR codes can definitely make sharing your Bitcoin address more convenient.  However, we gotta be real careful about security stuff when doing this.  Some of those third-party services that generate QR codes could actually be malicious or vulnerable to malware attacks.  Hackers might use malware to intercept the address and change it and  then if someone scans your code, their Bitcoin could get sent to the hacker instead of you!

I'd say your best bet is to find a good open-source QR generator that works offline.  Those don't connect to the internet so it's way harder for hackers to get in there and pull anything sketchy.  And that way, you don't have to give your address away to some third-party server or company you don't know.  But even then, you have to be careful about clipboard malware that can change your address when copying and pasting.

And a lot of crypto wallets and exchanges actually let you make QR codes right in the app.  Since thats like their whole deal those built-in tools tend to be pretty secure for sharing your address.  Might be easier than finding a third-party generator anyway.

So yeah, just gotta watch your back with this stuff.
hero member
Activity: 714
Merit: 1298

    There are lots of QR code generators on the internet but you should look for the most reliable provider to use. For instance, I used this website https://www.qr-code-generator.com/[/li][/list]



    Never use online QR generators. You may fall into counterfeit traps capable to substitute the original bitcoin address or, even in worse case, to deliver [1], [2] the malicious payload to your machine via QR codes containing exploits, thus, making all your stash vulnerable to theft.


    [1]. link 1

    [2]. link 2
    legendary
    Activity: 1512
    Merit: 4795
    Leading Crypto Sports Betting & Casino Platform
    A good wallet, exchange and other bitcoin service provider will generate you an address and its QR code. You do not need a third party service for that. If a wallet, an exchange or any other bitcoin platform do not generate QR code for you, I do not think such should be used in 2024.

    QR code can help against clipboard malware. If you copy on your device, there is a memory where it is stored and it is called the clipboard. There are malware that can change what you copied to the clipboard and that is what clipboard malware does. It will change the address you copied to an attackers address. That is why it is good to check and recheck the address that you are sending to before pressing on send or before you withdraw or before you send the address to someone.

    Do not think this can give you full protection. There are other malware that works differently before stealing your coins. Using online wallet is prone to malware and it is good to use cold wallet or offline wallet for coins that are high in amount. If you can not go for cold storage, you can go for multisig which can offer better protection than a single signature wallet.

    Also learn how to avoid malware.
    full member
    Activity: 420
    Merit: 120
    So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with.
    Scan the QR code, copy and paste the address, type the address manually, you have to double check. And the another person, who can be the sender or receiver, must double check the address too before a transaction is broadcasted.

    Like if you are a receiver, you send the QR code to the sender, you must double check that if you scan that QR code, it is actually your receiving address.

    Same for the sender, scan QR code and double check to ask you is this address "bc1xxxxx" is actually the receiver address.
    sr. member
    Activity: 336
    Merit: 365
    The Alliance Of Bitcointalk Translators - ENG>PID
    So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with. I also thought of how easy it would be for businesses that uses Bitcoin as payment method. It could be printed out and pasted on points where it can be scanned easily.

    This idea seems risky and might just be the worse idea, mate. Generating QR codes off wallets? Did you know that hackers could compromise QR codes using this method? They might replace your wallet address with theirs, so when someone scans the code, the funds go to the hackers. It becomes tricky to verify if the QR code matches your wallet address.  hot wallets, and exchanges usually have built-in QR codes for your wallet address, making it safer to send and receive money, preventing malware or clipboard viruses.

    When you share your wallet address online and use a website to generate a QR code, you're exposing yourself to a bigger risk. QR codes may seem secure, but they can be altered by hackers or thieves. Sending them online will put you i a whole much risk. I don't recommend this idea for anyone mate.

    Even If you're sending funds using a QR code, make sure to double check the details of the receiver to avoid falling victim to scams. If wallets can be hacked, what more about a website?
    member
    Activity: 66
    Merit: 5
    Eloncoin.org - Mars, here we come!
    I was reading some threads talking about malware attacks and clipboard virus so I thought of using something new to protect Bitcoin address, though I'm still anticipating a cold wallet to use this method on but I thought of sharing it. I don't know if this belongs here or beginners and help.

    Here is how I thought of using QR codes for bitcoin address protection.
    • There are lots of QR code generators on the internet but you should look for the most reliable provider to use. For instance, I used this website https://www.qr-code-generator.com/
    • After getting a reliable provider you can copy your bitcoin wallet address and paste in the text reserved area.
    • Hence it generates a QR code that you can download as an image.

    So as when your bitcoin address is requested you can just send the image for scan to prevent your Bitcoin address from being tempered with. I also thought of how easy it would be for businesses that uses Bitcoin as payment method. It could be printed out and pasted on points where it can be scanned easily.

    Although there could be some negative effect of this action but at least it's a good ideal from my perspective.

    Note: I don't know if this topic has been raised before as I couldn't find one if so I apologize in advance.
    Jump to: