Recently, Bitrace received a request for assistance. The victim claimed that after scanning a QR code to transfer 1 USDT to the other party for testing, the remaining funds in the wallet were completely stolen. "I just scanned the QR code, how could it be stolen?" the victim expressed confusion about this.

This article will delve into the implementation of the QR code transfer test scam, combine real cases to conduct on-chain tracking, and remind users to remain vigilant at all times during cryptocurrency transactions.

Scam Analysis

After a thorough understanding of the situation, we found that on the surface, this is a new type of scam that steals assets by using a receiving QR code for transfer testing, essentially deceiving wallet authorization.

Scammers add users as friends on social platforms, establish initial trust, and then seize the opportunity to initiate an OTC request. They attract users with slightly lower exchange rates than the market price, and once the trading details are agreed upon, the other party will proactively transfer a small amount of $USDT to the user to gain trust, and generously provide $TRX as a fee for long-term cooperation.

Before the user has time to appreciate the encounter with a "generous person," they receive a screenshot of a receiving QR code from the scammer, who then requests the user to conduct a small refund test.

Chat record between the victim and the scammer

After a series of preliminary preparations, the user's trading risk seems to have been minimized. "The $USDT for the refund and the transaction fee are both transferred to me by the other party. Even if it's a scam, I won't suffer any loss," the user thought, and then scanned the QR code for the refund, only to find that the funds were completely stolen.

QR code provided by the victim

Next, let's dissect the scam using the receiving QR code provided by a real victim.

After Bitrace used an empty wallet for the scan, a third-party website https://sktnid[.].com/ appeared, and after being guided, it led to the following interface. The "Ouyi official certification" is marked in the upper right corner of the screenshot, supporting USDT remittance. This page is very low-quality, but inexperienced users find it difficult to discern, unaware that danger is imminent.

When the user enters the specified refund amount as requested by the scammer on this page and clicks "Next," it jumps to the wallet's signing interface. Once confirmed again, it interacts with the smart contract, and at this point, the wallet's authorization is stolen. The scammer uses the authorization to transfer all of the victim's assets.

A carefully prepared scam using a small amount of transfer test as an excuse to deceive through QR codes is thus completed.

Fund Analysis

The success rate and harm of the QR code transfer test scam are much higher than imagined. Bitrace further analyzed the address provided by the victim and found that from July 11, 2024, to July 17, 2024, within just one week, the suspect address TT…m1mV1 used this method to scam nearly 12,000 USDT from 27 suspected victims, and the funds were subsequently laundered through 5 layers of addresses into 3 Huione accounts.

The anonymity of the blockchain makes it difficult to trace encrypted fund transfers, and even if the address is found, it is difficult to identify the entity behind the address. Fortunately, Bitrace traced the initial fee source from the TD…XRWVe address displayed on the scammer's receiving QR code, and the result showed it was from a certain centralized exchange. This connects the anonymous on-chain address with real identities.

Currently, Bitrace has guided the victims to contact the police to report the case, in order to help the victims increase the probability of fund recovery through compliant law enforcement processes.

Conclusion

For OTC transactions outside the platform, users must carefully verify the identity of the other party and not trust any QR codes or links of unknown origin. In addition, it is crucial to conduct risk screening of the counterparty's address before the transaction. Bitrace is about to launch a risk quick check tool to help users identify potential risks of target addresses, and it will be available for free. Stay tuned for updates.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。