Science & Tech

You really shouldn’t scan random QR codes

By now, I’m sure you’ll have heard of one of the Super Bowl’s big stories: the Coinbase QR advert.

For the uninitiated, Coinbase — a cryptocurrency exchange — ran a 60 second spot that featured a QR code bouncing around in a way reminiscent of old DVD screensavers.

It was a roaring success.

Coinbase claims it witnessed over 20 million hits in a single minute on its special offer of $15 of free Bitcoin for new sign-ups.

Of course, take the visitors figure with a pinch of salt.

The number comes from the company itself, meaning the story could be summed up as “Coinbase says its own advert was actually super, duper popular, thank you very much.”

Despite the numerical murkiness, we can agree it was a successful advert.

Yet this obscured a fundamental truth of the modern world: we really shouldn’t scan random QR codes.

Yes, you can argue that the Coinbase advert wasn’t “random” — it was aired during one of the most prominent television spots in the world, after all — but that’s missing the point.

“It’s notable how many facets of the cryptocurrency world mimic social engineering scams,” Max Eddy wrote for PC Mag.

To put that another way, Coinbase is normalizing a potential security vulnerability. By running this advert, it gives people the impression that scanning a context-less QR code is, well, totally fine.

Not a good stance for a company that should secure your financial assets.