Haunts me to this day Crypto project hacked for $4M in a hotel lobby

 Haunts me to this day  Crypto project hacked for $4M in a hotel lobby

The co-founder of Webaverse said they somehow got their crypto hacked from their Trust Wallet during a meeting with two people claiming to be investors. 3989 Total views 18 Total shares Listen to article 0:00 News Own this piece of history

Collect this article as an NFT The co-founder of Web3 metaverse game engine Webaverse has revealed they were victims of a $4 million crypto hack after meeting with scammers posing as investors in a hotel lobby in Rome.

The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point.

He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time.

The thieves were somehow able to gain access while taking a photo of the wallets balance, Shams believes.

The letter, which was shared on Twitter on Feb. 7, contains statements from Webaverse and Shams, explaining that they met with a man named Mr. Safra on Nov. 26 after several weeks of discussions about potential funding.

We connected with Mr. Safra over email and video calls and he explained that he wanted to invest in exciting Web3 companies, explained Shams.

He explained that he had been scammed by people in crypto before and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to get comfortable with who we were each doing business with, he added.

full story https://t.co/vdkAHyBaG9 0xngmi (aggregatoor arc) (@0xngmi) February 6, 2023

While initially skeptical, Shams agreed to meet Mr. Safra and his banker in person in a hotel lobby in Rome, where Shams was to show the projects proof of funds, which Mr. Safra claimed he needed to begin the paperwork.”

Though we grudgingly agreed to the Trust Wallet proof, we created a fresh Trust Wallet account at home using a device we didnt primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway,” said Shams.When we met, we sat across from these three men and transferred 4m USDC into the Trust Wallet. Mr Safra asked to see the balances on the Trust Wallet app and took out his phone to take some pictures.

Shams explained that he thought it was OK because no private keys or seed phrases were revealed to Mr. Safra.

But once Mr. Safra stepped out of the meeting room to supposedly consult his banking colleagues, he never returned. Then Shams saw the funds siphoned out.We never saw him again. Minutes later the funds left the wallet.

Almost immediately after, Shams reported the theft to a local police station in Rome and filed an Internet Crime Complaint (IC3) form to the U.S. Federal Bureau of Investigation a few days later.

Shams said he still has no idea how Mr. Safra and his scam crew committed the exploit:The interim update from the ongoing investigations is that we are still unable to confidently establish the attack vector. The investigators have reviewed available evidence and engaged in lengthy interviews with the relevant persons but further technical information is necessary for them to come to confidently establish conclusions.

Specifically, we need more information from Trust Wallet regarding activity on the wallet that was drained to reach a technical conclusion and we are actively pursuing them for their records. This will likely provide us with a better picture on how this has transpired, he added.

Cointelegraph reached out to Shams and he confirmed he wasnt connected to the hotel lobbys WiFi when he revealed the funds on his Trust Wallet.

Related: Just get phishing scammers out of your way

The Webaverse co-founder believes the exploit was carried out in a similar fashion to an NFT scam story shared by NFT entrepreneur Jacob Riglin on July 21, 2021.

There, Riglin explained that he met with potential business partners in Barcelona, proved that he had sufficient funds on his laptop, and then within 30 to 40 minutes the funds were drained.

NFT Scam full story;

After the response to my previous tweets about the $90,000 scam I was involved in, I wanted to share more details on it to help warn any others of falling victim to it.

I was contacted by a Philippe Maloof from Canbury Properties Limited. He said he had a Jacob (@jacobriglin) July 21, 2021

Shams has since shared the Ethereum-based transaction where his Trust Wallet was exploited, noting that the funds were quickly split into six transactions and sent to six new addresses, none of which had any prior activity.”

The $4 million worth of USDC was then almost entirely converted into Ether (ETH), wrapped-Bitcoin (wBTC)and Tether (USDT)via 1inchs swap feature.

Shams admitted that the event haunts me to this day and that the $4 million exploit is undoubtedly a setback for Webaverse.

However, he stressed that the $4 million exploit and pending investigation will have no impact on the firms short term commitments and plans:We have sufficient runway of 12-16 months based on our current forecasts and we are well underway to deliver on our plans.

Cointelegraph has reached out to Trust Wallet for comment. #Altcoin #Fraud #Phishing #Business #Hackers #Meetup #Scams #Hacks #DeFi #NFT

Add reaction

Add reaction Related News How do you assess the value of an NFT? Google Ads-delivered malware drains NFT influencers entire crypto wallet Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move Hackers breach Azukis Twitter account, stealing $758K in 30 minutes Developers seek solutions for Web3-related scams from internet browsers

admin