My father in law got scammed out of $6k, by being told to go to a bitcoin atm and put in the cash. He never selected a receive wallet, or was given access or asked for a QR code at any point. When being scammed there is supposed to be a step where you stupidly give the keys, seed phrase, etc, away, but I can’t find that point of failure here. The money is gone, I just want to learn what happened and inform others.
He scanned his Drivers license, put in the money, and got a receipt that shows the public address, and no private keys of any sort. I go to import this public address as a watch only wallet (of course empty now) to see the transaction history, my FIL’s BTC and one other victim’s input, and one output to an external address, moving the stolen money.
My question is, how can a Bitcoin ATM let someone buy without specifying a receiving address, or allow buying into an address that someone already controls. I assume it must be an inside job, and the owner of the machine has access to the temporary wallets it must create upon purchase. Could someone set up the machine to receive, then walk away as your victim is on the phone coming around the corner and then finish the session with my FIL inserting all that cash and getting a useless receipt. Is that feasible?
[link] [comments]
No comments:
Post a Comment