Hacking Gold Bar QR Codes

What do Meta, Yahoo!, Uber, eBay, and Capital One have in common? If you said they were all Fortune 500 companies, I’m afraid you’re mistaken - Yahoo! is not a Fortune 500 company. The correct answer is that all of these companies that handle enormous swaths of sensitive data have been hacked. These attacks have impacted billions of users, with dollar value that is incalculably large.

So while much has been made of digital means for tracking gold authenticity, their success hinges on the security of their data. And if history has taught us anything, it’s that anyone can be hacked. In fact, compared to minting a convincing gold coin around a tungsten slug, breaching a network is the easy part. For the aspiring forger, things like QR codes, plastic sleeves, serial numbers are just bumps in the road, not dead ends. And the rising cost of gold only incentivizes hackers to toss their hats in the ring to try.

This raises other troubling questions. These apps authenticate bullion by comparing an identifying mark (again, QR code or serial number) with a database. But are they collecting auxiliary information while performing this service? Are they tracking and recording geolocation data for every scan they run? What about user data? Certainly, knowing the location and quantity of bullion - and its owner - could be of great interest to certain unethical parties.  And while there is no indication that companies are collecting this information per se, another axiom of the modern age is that those with access to data will inevitably harvest it. 

Perhaps there was something else those aforementioned companies have in common…