A new dangerous scam is in circulation which attacks those who use bitcoin ATMs for buying BTC by paying in fiat currency.
As Cryptolocalatm reveals, the scammers have equipped themselves with special double-sided stickers designed to redirect the withdrawn BTC to their public address, instead of those of the users.
These stickers are placed by the scammers on the camera or on the QR code scanner of the ATMs and show on the side visible to the user the words “scan here” and a watermarked QR code.
In reality, on the other side, the one that is shown to the ATM scanner, there is a real QR code of a public address belonging to the scammers, thus when the users will show their QR code to the ATM scanner to send the BTC purchased to their address, the scanner will read the QR put in place by the scammers on the side of the sticker hidden to the user, resulting in the BTC being sent to another public address owned by the scammer.
For example, the sticker shown by cryptolocalatm.com shows the QR code of the public address 1JvHVnEsYsYsPo5SJfYfzVhMRoatmKE6ntS, which until now has received only one transaction worth 0.0868 BTC.
Unfortunately, since bitcoin transactions are in no way reversible, once the BTC are approved to be sent to that address there is no way to retrieve them.
However, there is a way to avoid this scam: making sure that the scanned address matches your own before confirming the transaction. After scanning the QR, the ATM shows the alphanumeric string of the public address to which the bitcoins are going to be sent, asking for confirmation of the sending before proceeding with the transaction.
Hence, simply check that the public address of the recipient shown during the last step, that of the confirmation, matches your own and if not, cancel the transaction.
This is a procedure that should always be adopted before definitively confirming any cryptocurrency transaction, in other words, check that the public address to which you are sending the tokens corresponds to the one to which you want to send them. Sadly, however, this is not always adhered to.
Unattended ATMs are the most exposed to this kind of scams, since the fraudster has nothing to do but attach a sticker to the scanner: in case of supervised ATMs it is more difficult to do it without being discovered. In fact, all it takes is to remove the sticker to prevent the scam from succeeding.