Recently, Bitrace received a request for assistance. The victim said that after scanning the QR code to transfer 1 USDT to the other party, all the remaining funds in his wallet were stolen. "I just scanned the QR code, how could it be stolen?" The victim was puzzled.

This article will deeply analyze the implementation methods of the QR code transfer test scam and conduct on-chain tracking based on real cases to remind users to always be vigilant in cryptocurrency transactions.

Deception

After a deeper understanding of the situation, we found that on the surface this is a new type of fraud method that uses QR code transfer to test theft, but in essence it is to obtain wallet authorization.

Scammers add users as friends through social platforms, establish initial trust, and then look for the right time to make OTC requests. They will attract users with an exchange rate slightly lower than the market price. After both parties agree on the transaction details, the other party will actively pay a small amount of $USDT to the user to gain trust, and generously provide $TRX as a handling fee on the grounds of long-term cooperation.

Before the user has time to express gratitude for having met a "good man", he or she will receive a screenshot of a payment QR code. At this time, the scammer will ask the user to conduct a small amount of payment test.

Chat records between the victim and the scammer

Through a series of preliminary preparations, the user's transaction risk seems to have been reduced to the minimum. "The $USDT and transaction fees are transferred to me by the other party, so I won't lose anything even if it's a scammer." After thinking about it, the user scanned the code to return the money, but unexpectedly, all the funds were stolen.

QR code provided by the victim

Below we will use the payment QR code provided by the victim in a real case as an example to analyze the scam.

After Bitrace tested the scan with an empty wallet, a third-party website https://sktnid[.].com/ appeared. After being guided, the following interface appeared. In the upper right corner of the screenshot, there is a mark "Official Certification of EURET", which supports USDT remittance. This page is of very poor quality, but it is difficult for inexperienced users to identify it, and they do not know that danger has quietly arrived.

When the user enters the specified repayment amount in this interface according to the scammer's requirements, click "Next" to jump to the wallet signing interface. Once you click Confirm again, it will interact with the smart contract, and the wallet authorization will be stolen. The scammer transfers all the victim's assets through authorization.

An elaborate scam that used a small transfer test as an excuse to obtain authorization through a QR code was thus completed.

Funding Analysis

The success rate and harmfulness of the QR code transfer test scam are much higher than expected. Bitrace further analyzed the addresses provided by the victims and found that in just one week from July 11, 2024 to July 17, 2024, the suspect address TT...m1mV1 had defrauded 27 suspected victims of nearly 120,000 USDT through this method, and transferred the funds to 3 Huione accounts after flowing through 5 layers of addresses for fund laundering.

The anonymous nature of blockchain makes it difficult to track encrypted fund transfers. Even if the address is found, it is difficult to find the entity behind the address. Fortunately, Bitrace traced back the source of the initial handling fee through the TD...XRWVe address displayed in the QR code of the gang's payment, and the result showed that it was a centralized exchange. This connects the anonymous on-chain address with the real identity.

Currently, Bitrace has instructed victims to contact the police to report the case, in order to help victims increase the probability of recovering funds through compliant law enforcement procedures.

Final Thoughts

For OTC transactions that do not go through a platform, users must carefully verify the identity of the other party and do not trust any QR codes and links of unknown origin. In addition, it is very important to screen the risk of the counterparty address before the transaction. Bitrace is about to launch a one-click risk quick check tool to help users identify the potential risks of the target address. It supports free trial, so stay tuned.