diff --git a/test/helpers/actions.ts b/test/helpers/actions.ts
index 72e89cbf..2a055da2 100644
--- a/test/helpers/actions.ts
+++ b/test/helpers/actions.ts
@@ -483,6 +483,14 @@ export async function getAddressFromQRCode(which: addressType): Promise<string>
   let address = '';
   if (which === 'bitcoin') {
     address = uri.replace(/^bitcoin:/, '').replace(/\?.*$/, '');
+    // Accept Bech32 HRPs across networks: mainnet (bc1), testnet/signet (tb1), regtest (bcrt1)
+    const allowedBitcoinHrp = ['bc1', 'tb1', 'bcrt1'];
+    const addrLower = address.toLowerCase();
+    if (!allowedBitcoinHrp.some((p) => addrLower.startsWith(p))) {
+      throw new Error(
+        `Invalid Bitcoin address HRP: ${address}. Expected one of: ${allowedBitcoinHrp.join(', ')}`
+      );
+    }
   } else if (which === 'lightning') {
     const query = uri.split('?')[1] ?? '';
     const params = new URLSearchParams(query);
@@ -490,6 +498,14 @@ export async function getAddressFromQRCode(which: addressType): Promise<string>
     if (!ln) {
       throw new Error(`No lightning invoice found in uri: ${uri}`);
     }
+    // Accept BOLT11 HRPs across networks: mainnet (lnbc), testnet (lntb), signet (lntbs), regtest (lnbcrt)
+    const allowedLightningHrp = ['lnbc', 'lntb', 'lntbs', 'lnbcrt'];
+    const lnLower = ln.toLowerCase();
+    if (!allowedLightningHrp.some((p) => lnLower.startsWith(p))) {
+      throw new Error(
+        `Invalid lightning invoice HRP: ${ln}. Expected one of: ${allowedLightningHrp.join(', ')}`
+      );
+    }
     address = ln;
   } else {
     throw new Error(`Unknown address type: ${which}`);