The co-founder of metaverse game engine Web3 “Webaverse” has revealed that they were the victim of a $4 million cryptocurrency hack after meeting with scammers posing as investors in a Rome hotel lobby.
The strange thing about the story, according to co-founder Ahad Shams, is that the cryptocurrencies were stolen from a newly created fiat wallet and that the hack took place during the meeting at some point.
He claims that the thieves could not have seen the private key, nor was he connected to a public WiFi network at the time.
The thieves somehow gained access while taking a picture of the wallet balance, Shams believes.
LThe letter, shared on Twitter on February 7, contains statements from Webaverse and Shams, explaining that they met with a man named “Mr. Safra” on November 26 after several weeks of talks about possible funding..
“We contacted Mr. Safra via email and video calls and he explained that he wanted to invest in exciting Web3 companies,” Shams explained..
“He explained that he had been scammed by people using cryptocurrency before and so he collected our IDs for KYC, and made it a requirement that we fly to Rome to meet him because it was important to meet in person to ‘get comfortable’ with who we were doing business with every one,” he added.
full story https://t.co/vdkAHyBaG9
— 0xngmi (aggregator arc) (@0xngmi) February 6, 2023
Although initially skeptical, Shams agreed to meet “Mr. Safra” and his “banker” in person in a Rome hotel lobby, where Shams was to show “proof of funds” for the project, which “Mr. Safra” claimed he needed to get started. the paper work”.
“Although we reluctantly agreed to the Trust Wallet ‘trial’, we created a new Trust Wallet account at home using a device we didn’t primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway,” Shams said.
“When we met, we sat across from these three men and transferred 4 million USDC into the Trust Wallet. Mr. Safra ‘asked to see the balances in the Trust Wallet app and pulled the phone away from him to ‘take some pictures.’”
Shams explained that it was okay with him because no private keys or seed phrases were revealed to “Mr. Safra.”.
But once “Mr. Safra” left the meeting room to supposedly consult his banking colleagues, he never returned. Then Shams saw the funds siphoned off.
“We never saw him again. Minutes later the funds left the wallet.”
Almost immediately after, Shams reported the theft to a local Rome police station and filed an Internet Crime Report (IC3) form with the US Federal Bureau of Investigation a few days later..
Shams said he still has no idea how “Mr. Safra” and his team of scammers pulled off the feat.:
“The interim update from the ongoing investigations is that we cannot yet establish the attack vector for sure. The researchers have reviewed the available evidence and have had lengthy interviews with the relevant people, but more technical information is needed before they can confidently draw conclusions.”
“Specifically, we need more information from Trust Wallet regarding activity at the time it was drained to reach a technical conclusion, and we are actively seeking them out for their records.. This will probably provide us with a better picture of how this has occurred,” she added.
Cointelegraph contacted Shams and confirmed that he was not connected to the hotel lobby WiFi. when you disclosed the funds in your Trust Wallet.
The Webaverse co-founder believes the exploit was carried out similar to an NFT scam story shared by NFT entrepreneur Jacob Riglin on July 21, 2021..
There, Riglin explained that he met with potential business partners in Barcelona, proved that he had sufficient funds on his laptop, and then within 30 to 40 minutes, the funds were drained.
NFT Scam full story;
After the response to my previous tweets about the $90,000 scam I was involved in, I wanted to share more details on it to help warn any others of falling victim to it.
I was contacted by a Philippe Maloof from Canbury Properties Limited. He said he had a
—Jacob (@jacobriglin) July 21, 2021
Full NFT Scam Story;
Following the response to my previous tweets about the $90,000 scam I got involved in, I wanted to share more details about it to help warn anyone else about falling victim to it.
I was contacted by Philippe Maloof of Canbury Properties Limited. He said that he had a
Shams has since shared the Ethereum-based transaction in which his Trust Wallet was exploited.noting that the funds were quickly “split into six transactions and sent to six new addresses, none of which had any prior activity.”
The $4 million in USDC was then converted almost entirely into Ether (ETH), wrapped-Bitcoin (wBTC) and Tether (USDT) via the 1inch exchange feature..
Shams admitted that “the event haunts me to this day” and that the $4 million feat is “certainly a setback” for Webaverse.
However, he insisted that the $4 million exploit and the pending investigation will not affect the company’s short-term commitments and plans:
“We have enough headroom in 12-16 months based on our current forecasts and are on track to meet our plans..”
Cointelegraph has reached out to Trust Wallet for comment on the situation, but did not respond prior to press time.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.