'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby

Published at: Feb. 7, 2023

The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. 

The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point.

He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time.

The thieves were somehow able to gain access while taking a photo of the wallet’s balance, believes Shams.

The letter which was shared on Twitter on Feb. 7, contains statements from Webarverse and Shams, explaining that they met with a man named “Mr Safra” on Nov. 26 after several weeks of discussions about potential funding.

“We connected with “Mr Safra” over email and video calls and he explained that he wanted to invest in exciting Web3 companies,” explained Shams.

“He explained that he had been scammed by people in crypto before and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added.

full story https://t.co/vdkAHyBaG9

— 0xngmi (aggregatoor arc) (@0xngmi) February 6, 2023

While initially “skeptical,” Sham agreed to meet “Mr Safra” and his “banker” in person in a hotel lobby in Rome, where he would later show the project’s “proof of funds" — who Mr. Safra claimed was his requirement to begin the "paperwork."

“Though we grudgingly agreed to the Trust Wallet ‘proof’, we created a fresh Trust Wallet account at home using a device we didn’t primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway," said Shams. 

However, turns out Sham he was thoroughly mistaken:

“When we met, we sat across from these three men and transferred 4m USDC into the Trust Wallet. “Mr Safra” asked to see the balances on the Trust Wallet app and took out his phone to “take some pictures”.

Shams explained that he thought it was okay because no private keys or seed phrases were revealed to "Mr. Safra."

But after "Mr. Safra" took a photo and stepped out of the meeting room to consult his banking colleagues, the crew vanished and Shams saw the funds siphoned out.

"We never saw him again. Minutes later the funds left the wallet."

Almost immediately after, Shams reported the theft to a local police station in Rome and then filed an Internet Crime Complaint (IC3) form to the U.S. Federal Bureau of Investigation (FBI) a few days later.

Shams said he still has no idea how “Mr. Safra” and his scam crew committed the exploit:

“The interim update from the ongoing investigations is that we are still unable to confidently establish the attack vector. The investigators have reviewed available evidence and engaged in lengthy interviews with the relevant persons but further technical information is necessary for them to come to confidently establish conclusions.”

“Specifically, we need more information from Trust Wallet regarding activity on the wallet that was drained to reach a technical conclusion and we are actively pursuing them for their records. This will likely provide us with a better picture on how this has transpired,” he added.

Cointelegraph reached out to Shams and he confirmed he wasn’t connected to the hotel lobby's WiFi when he revealed the funds on his Trust Wallet.

Related: Just get phishing scammers out of your way

The Webaverse co-founder believes the exploit was carried out in similar fashion to an NFT scam story shared by NFT entrepreneur Jacob Riglin on Jul. 21, 2021.

There, Riglin explained that he met with potential business partners in Barcelona, proved that he had sufficient funds on his laptop, and then within 30-40 minutes the funds were drained.

NFT Scam full story;After the response to my previous tweets about the $90,000 scam I was involved in, I wanted to share more details on it to help warn any others of falling victim to it.I was contacted by a Philippe Maloof from Canbury Properties Limited. He said he had a

— Jacob (@jacobriglin) July 21, 2021

Shams has since shared the Ethereum-based transaction where his Trust Wallet was exploited, noting that the funds were quickly "split into six transactions and sent to six new addresses, none of which had any prior activity."

The $4 million worth of USDC was then almost entirely converted into Ether (ETH), wrapped-Bitcoin (wBTC) and Tether (USDT) via 1inch’s swap address feature.

Shams admitted that “the event haunts me to this day” and that the $4 million exploit is “undoubtedly a setback” for Webaverse.

However, he stressed that the $4 million exploit and pending investigation will have no impact on the firm’s short term commitments and plans:

“We have sufficient runway of 12-16 months based on our current forecasts and we are well underway to deliver on our plans.”
Tags
Nft
Altcoin
Business
Defi
Hacks
Hackers
Phishing
Scams
Fraud
Meetup
Related Posts
Rare Bears Discord phishing attack nabs $800K in NFTs
Recently launched NFT project, Rare Bears, was hit with an attack, after a hacker posted a phishing link in the project's Discord channel, stealing nearly $800,000 in NFTs. Analysis from blockchain security firm Peckshield detailed that the attacker was able to steal 179 NFTs, including Rare Bears and other NFTs from various collections, including CloneX, Azuki, a “mfer” from artist sartoshi, and 6 LAND tokens used for The Sandbox metaverse. According to on-chain analysis, most of the NFTs were sold, netting the hacker 286 ETH, worth over $795,500, most of which was promptly put through Tornado Cash, a crypto mixer …
Nft / March 18, 2022
Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account
Digital artist and popular nonfungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday as part of a phishing scam. Harry Denley, security analyst of MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were, in fact, a phishing scam that would drain the crypto out of users’ wallets if clicked. ⚠️ Beeple's Twitter account has been compromised (ATO) to post a phishing website to steal funds. 0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D 0xF305F6073CFa24f05FF15CA5b387DD91f871b983 pic.twitter.com/0MPNwOPlEu — harry.eth (whg.eth) (@sniko_) May 22, 2022 The scammers were …
Artists / May 23, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move
Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen. The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen. I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ... — KΞVIN R◎SE (,) (@kevinrose) …
Blockchain / Jan. 26, 2023