An investor reported to the Argentine Public Prosecutor’s Office the alleged theft, by a broker, of 100,000 tether (USDT). This is a cryptoactive that maintains parity in its price with the US dollar.
Diego Romero is the name of the investor who, according to the account published by the Infobae portal on July 29, is supposed to was the victim of a form of theft known as “the QR scam” . It is a form of virtual fraud by which a person usurps someone else’s identity and financial accounts.
Romero says that through a P2P exchange platform he contacted a broker (agent that acts as an intermediary in the purchase and sale of financial securities) for the purchase of cryptocurrencies. “I had never invested with a P2P broker,” he says, but used this unregulated intermediary because it offered zero commissions .
The purchase of the USDT and, at the end of June of this year, Romero went to a coworking space in the Palermo neighborhood, in Buenos Aires. There, the broker demanded the download of the digital wallet Trust Wallet to make the transaction.
As Romero did not know how to operate this wallet, the The broker asked him for his mobile phone to scan his QR code and thus transfer the cryptocurrencies. Apparently, this was the excuse to manipulate the investor’s cell phone , who realizes that his balance is at zero only when he leaves the office.
Romero assumes that the private key theft process through this type of scam took only about 8 minutes, during which time the broker handled his phone.
“There is a QR that consolidates all your passwords, you take a picture of it and that’s it, “he told the media. The investor drew all these conclusions after documenting what had happened to him:
When he grabbed my cell phone, he took out the 16 words, obtaining the possibility of accessing my portfolio. As soon as I left the place, he got into my purse and took all the money from me.
Broker denies having stolen the cryptocurrencies
In Through accusations, the broker with whom Diego Romero made the transaction, identified on social networks as Lucas Paul Visciglia, denies having committed the theft . In a message posted on Twitter he says that it has nothing to do with it and that he only scanned the USDT QR to complete the process.
The scandal surrounding the theft of cryptocurrencies even affected the company Lemon Cash . As reported by CriptoNoticias, it is an Argentine Fintech founded in 2019, which offers the possibility of trading cryptocurrencies and using them from its application. Visciglia was one of the investors who put their capital for the development of this company two years ago.
The broker participated in the investment round of this company “with a minority percentage”, according to which is indicated in a statement from Lemon, in which it clarifies that it is not responsible for the activities of its investors and that the broker is not an employee or has a direct relationship with them. Lemon Cash also filed a lawsuit against Visciglia .
The progress of QRLJacking
Although in Diego’s story it is not clear if the broker used the QR to access his account, researchers from various computer security firms have identified the technique he described in his story as QRLJacking. Through it, cybercriminals create a malicious QR code, which when scanned with the victims’ phone gives them access to their data without the person realizing it.
The QRLJacking is used since 2019. According to reports from the security firm ESET, the attacks began two years ago in order to hijack the WhatsApp accounts of many users. However, it can be used in any other application that uses this type of code.
ESET analysts assure that, being a social engineering technique, cybercriminals take advantage of this function to convince victims to scan the QR code generated by them and thus carry out the attack.
This type of cyberattack has moved to the field of cryptocurrencies and is being widely used to take data from digital wallets of the victims and steal the money.