How Do QR Code Scams Trick People Into Sending Funds?

Updated July 13, 2026 6 min read

A QR code feels like a shortcut that removes room for error — no address to type, no characters to mistype. That same convenience is exactly what makes it useful for a scam, because most people scan first and verify never.

The short answer

A QR code scam works by getting someone to scan a code that encodes a scammer’s wallet address instead of the intended one, often by physically covering a legitimate code with a fake sticker or by distributing a manipulated code through messages, fake websites, or printed materials. Because the destination address is hidden inside the code itself, the person scanning it usually has no easy way to verify where funds are actually headed until after the transaction is sent.

Why QR codes are trusted more than they should be

Typing out a long wallet address invites careful double-checking, since the string of characters looks intimidating and error-prone. A QR code removes that friction entirely, and with it, the instinct to slow down and verify. That’s the core vulnerability being exploited: the code looks like a neutral, technical object, when in reality it’s just an image encoding whatever the creator chose to put in it — there’s no built-in guarantee it points to the right destination.

Common ways this plays out

Why irreversibility makes this especially costly

Once a transaction confirmed through a scanned code is broadcast, it generally can’t be recalled — a consequence of how crypto transactions work once sent. There’s no bank to call for a reversal and no built-in dispute process, which is part of why QR-based redirection scams are appealing to scammers in the first place: the funds are usually gone the moment the transaction confirms.

How to reduce the risk

What to weigh

QR codes aren’t inherently riskier than any other way of sharing a wallet address — the risk comes entirely from trusting the source without verifying it. Treating a scanned code with the same scrutiny as a typed address, rather than as a shortcut past that scrutiny, closes most of the gap scammers rely on.

The takeaway

A QR code is only a container for information, not a guarantee of where that information leads. Slowing down to confirm the destination shown after a scan, rather than trusting the scan itself, is the single habit that defuses most of these scams.