# Crypto QR Code Scams: How Attackers Steal Your Wallet > Crypto QR code scams swap your wallet destination for an attacker's. Here's how fake addresses, clipboard hijackers, and verify schemes work. URL: https://www.qrsafer.com/blog/crypto-qr-code-scams Published: 2026-04-11 --- Crypto QR code scams have one goal: swap your intended wallet address for an attacker's. The blockchain confirms the transfer, and the funds are gone. No chargeback. No dispute window. No recovery. Here's how these attacks work — and what to verify before every scan. ## How fake wallet QR codes work Every crypto wallet has a long alphanumeric address. Typing one by hand is error-prone, so most platforms generate a QR code that encodes it. Scan the code, and the address populates automatically. Attackers generate their own QR code encoding their wallet address, then place it wherever a legitimate code would be expected: support chat replies, "official" social media posts, community forum threads, printed materials at crypto events. The code is visually identical to a real one — there's no difference between a QR encoding your wallet and one encoding an attacker's. You scan it. The wrong address populates. You send. Most people don't verify the full wallet address before confirming. They just check that something populated the field — and that's exactly the gap attackers exploit. ## The clipboard hijacker **Clipboard hijackers** are malware installed through fake crypto apps, rogue browser extensions, or phishing downloads. They sit in the background monitoring your clipboard, and they swap any cryptocurrency address you copy with an attacker-controlled one — silently, between copy and paste. Here's the sequence: you scan a legitimate QR code, copy the resulting address, paste it into the transfer field. The hijacker already swapped it. The confirmation screen shows the attacker's address. You send. The window between copy and paste is all the hijacker needs. **What to do:** After pasting any wallet address, compare the first 6 and last 6 characters against the address from the original source before confirming. A single changed character means the funds go somewhere else permanently. ## The "send to verify" scheme This scam arrives by message — email, Discord DM, X reply, or a fake customer support account. The message tells you to scan a QR code and send a small amount of crypto to "verify your wallet," "unlock a pending withdrawal," or "confirm your account." No legitimate exchange, protocol, or wallet service asks you to send funds to verify anything. The small-amount framing is deliberate — it seems low-stakes. You send a little, they confirm "receipt," then ask for more to complete the process. If you receive a QR code with instructions to send anything in order to verify or unlock something, do not scan it. Report it to the platform where you received it. ## Why crypto losses are permanent Bank transfers have dispute windows. Credit cards have chargebacks. Crypto has neither. Transactions are recorded on the blockchain and confirmed by network consensus — there is no central authority to call, no reversal to request, no disputed-transaction form to file. When funds reach the wrong wallet, that's where they stay. Verification before you send is the only protection that works. For a broader look at what can happen when you act on a malicious QR code, see [what happens if you scan a fake QR code](/what-happens-if-you-scan-a-fake-qr-code). ## What to check before every crypto transfer 1. **Verify the source.** Did this QR code come from the platform's official website or authenticated app? Codes shared in DMs, replies, or emails have not been verified. 2. **Scan the URL first.** If the QR points to a website rather than encoding a wallet address directly, run it through QRsafer before opening. Phishing sites display fake deposit addresses to route your funds. 3. **Compare the full address.** After the address populates, check it against the address from an independent trusted source — not the same message or page you got the QR from. 4. **Verify again after pasting.** If you copied and pasted the address, compare the first 6 and last 6 characters before hitting confirm. ## How QRsafer helps When a crypto QR code points to a web page — a fake exchange login, a fraudulent "verify your wallet" portal, or a phishing site impersonating a DeFi protocol — QRsafer checks the destination before your browser opens it. Scan the code with QRsafer and you get a verdict in seconds. If the URL routes through a known phishing domain, a suspicious redirect chain, or a freshly registered lookalike, you see the warning before you tap through and hand over credentials. QRsafer protects the web-based layer of crypto scams: the phishing pages and fake portals that harvest login credentials and show fraudulent deposit addresses. It checks URLs, not wallet address strings (which are encoded text, not links). If you've already scanned something suspicious, [what to do if you scanned a suspicious QR code](/blog/what-to-do-if-you-scanned-a-suspicious-qr-code) covers the immediate steps. To understand how these attacks arrive by email, read [how email quishing works](/blog/qr-code-phishing-email-quishing). --- Crypto transfers don't reverse. The verification step is either before you send, or it's too late. ## See also - [What to Do If You Scanned a Suspicious QR Code](/blog/what-to-do-if-you-scanned-a-suspicious-qr-code) - [Discord QR Code Scam](/blog/discord-qr-code-scam) - [Telegram QR Code Scam](/blog/telegram-qr-code-scam) - [What Is Quishing?](/blog/what-is-quishing) - [QR Code Threat Map](/threat-map) Download QRsafer for [iOS](https://apps.apple.com/app/qrsafer/id6743708403) or [Android](https://play.google.com/store/apps/details?id=com.bedrockdigitalsolutions20.qrsafer) and check QR destinations before your browser opens them.