I've learned a new thing today, thanks to you for that and I must confirm that the QR code part caught my attention the most. So scammers have started using it to bypass and gain entrance into people's accounts? That's advance! Scamming is getting uglier, we all need awareness and get to be smarter than the scammers in their game.

About Paxful, as a business, it's not that they are not concerned about it, but I believe it's beyond them. If you noticed, every exchange always has its disclaimers, it's about parties' transaction involvements, and it's actually out of their sole control unless you later report such. Some of these might be so new to them, which is why they always update their disclaimers and warnings to fit the current vices of the perpetrator and to caution the intending victims.