A QR code appears in a Telegram DM. The sender — someone in a trading group you follow — says it's a verification code to access a private investment channel, or proof of an airdrop you qualify for, or a link to an exclusive platform. Telegram QR code scams weaponize the same open, pseudonymous culture that makes Telegram popular, and they exploit the platform's own authentication infrastructure to do it.
Here's how each variant works.
Vector 1: The QR-login account hijack
This is the most dangerous Telegram scam because it requires no password and produces instant results.
Telegram offers a QR login option on its desktop and web clients: the app displays a QR code on the login screen, you scan it with your phone, and authentication is complete — no password, no SMS code. It's a legitimate convenience feature. Attackers weaponized it.
The exploit is simple. The attacker opens Telegram's login page on their device, which generates a time-limited QR code. They screenshot that code and send it to you — usually via a DM from a compromised account or a fake "Telegram Support" profile — with a cover story:
- "Scan this to verify your identity and keep your account active"
- "Admin needs you to re-authenticate before the channel reopens"
- "Scan to confirm your membership in the private group"
If you scan it with your Telegram app — which is exactly the action Telegram's own feature is designed for — the attacker's device is authenticated into your account immediately. They can now read your messages, contact your connections, post in your channels, and lock you out.
The rule: Telegram support never contacts users by DM. Any QR code that arrives via a DM or group message claiming to be for verification is a scam.
Vector 2: Crypto giveaway and investment QR codes in public channels
The second variant targets the large crypto-trading and investment communities concentrated on Telegram.
Attackers join legitimate channels or create near-identical impostor channels — often with the same name, profile photo, and pinned messages — and post announcements designed to look official:
- "Exclusive airdrop for subscribers — scan the QR to connect your wallet and claim within 2 hours"
- "New exchange launch — verify your wallet address to receive your bonus allocation"
- "Whitelist is open — scan to register before spots fill"
The QR code leads to a phishing site styled as a crypto exchange or Web3 wallet interface. Victims are prompted to connect a wallet using WalletConnect or a similar protocol and "approve" a transaction that actually grants the attacker full control over the wallet's assets. In other cases, the fake site asks directly for a seed phrase under the guise of "wallet recovery" or "identity verification."
Crypto transactions are irreversible. Once assets are drained via a malicious wallet approval, there is no recourse.
For a detailed breakdown of how this category of fraud works, see our guide to crypto QR code scams.
Vector 3: Fake "exclusive platform access" QR codes in trading DMs
The third variant is lower-tech but effective because it exploits one of Telegram's defining features: DMs from strangers are permitted by default.
Attackers create accounts that appear to belong to successful traders, analysts, or fund managers — often with fabricated screenshots of gains and testimonials pinned to their profiles. They message users who are active in public trading groups, offering access to a "private signals channel" or "exclusive algorithmic trading platform." The access, they say, requires scanning a QR code.
The code leads to one of two places: a credential-harvesting page mimicking a real financial platform, or a payment page asking for a subscription fee to access the "exclusive" service that does not exist.
Because Telegram's open messaging makes it easy to reach thousands of users, this scam scales efficiently. The same attacker can run dozens of accounts simultaneously.
For comparison, an identical pattern appears on WhatsApp, where QR codes sent via DMs from unfamiliar contacts follow the same playbook.
What to do if you scanned a suspicious Telegram QR code
If you may have scanned a login QR code:
- Open Telegram immediately and go to Settings → Privacy and Security → Active Sessions.
- Terminate every session you don't recognize — there is a "Terminate All Other Sessions" option if you're unsure which device is which.
- Enable two-step verification under Settings → Privacy and Security if it isn't already on. This requires a password in addition to the SMS code for future logins.
- Review recent messages sent from your account and notify contacts if anything was sent without your knowledge.
If you connected a crypto wallet or approved a transaction:
- Revoke the malicious approval immediately using a tool such as Revoke.cash, which shows and cancels active token approvals by contract.
- Move remaining assets to a new wallet address not linked to the compromised session.
If you entered payment information:
- Contact your bank or card issuer to block the card and dispute the charge.
- Monitor your accounts for further unauthorized activity.
What to remember on Telegram
- Telegram does not send account-verification QR codes via DM. Any QR code framed that way is a scam, regardless of how official the sender looks.
- Legitimate crypto airdrops, whitelists, and giveaways link to official websites — they do not post QR codes in Telegram channels.
- Never scan a QR code received in a DM, even from an account you recognize — it may be compromised.
- Scan every QR code with QRsafer before acting on it.
See also
- What to Do If You Scanned a Suspicious QR Code
- Discord QR Code Scam
- WhatsApp QR Code Scam
- Crypto QR Code Scams
- QR Code Threat Map
Download QRsafer for iOS or Android and run it on any QR code that surfaces in your Telegram feed before your account or wallet pays the price.