More

    Crypto project hacked for $4M in a hotel lobby

    The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto hack after meeting with scammers posing as investors in a hotel lobby in Rome.

    The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point.

    He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time.

    The thieves were somehow able to gain access while taking a photo of the wallet’s balance, believes Shams.

    The letter which was shared on Twitter on Feb. 7, contains statements from Webarverse and Shams, explaining that they met with a man named “Mr. Safra” on Nov. 26 after several weeks of discussions about potential funding.

    “We connected with “Mr. Safra” over email and video calls and he explained that he wanted to invest in exciting Web3 companies,” explained Shams.

    “He explained that he had been scammed by people in crypto before and so he collected our IDs for KYC and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added.

    While initially “skeptical,” Sham agreed to meet “Mr. Safra” and his “banker” in person in a hotel lobby in Rome, where he would later show the project’s “proof of funds” — who Mr. Safra claimed was his requirement to begin the “paperwork.”

    “Though we grudgingly agreed to the Trust Wallet ‘proof’, we created a fresh Trust Wallet account at home using a device we didn’t primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway,” said Shams.

    However, turns out Sham was thoroughly mistaken:

    “When we met, we sat across from these three men and transferred 4m USDC into the Trust Wallet. “Mr Safra” asked to see the balances on the Trust Wallet app and took out his phone to “take some pictures”.

    Shams explained that he thought it was okay because no private keys or seed phrases were revealed to “Mr. Safra.”

    But after “Mr. Safra” took a photo and stepped out of the meeting room to consult his banking colleagues, the crew vanished and Shams saw the funds siphoned out.

    “We never saw him again. Minutes later the funds left the wallet.”

    Almost immediately after, Shams reported the theft to a local police station in Rome and then filed an Internet Crime Complaint (IC3) form to the U.S. Federal Bureau of Investigation (FBI) a few days later.

    Shams said he still has no idea how “Mr. Safra” and his scam crew committed the exploit:

    “The interim update from the ongoing investigations is that we are still unable to confidently establish the attack vector. The investigators have reviewed available evidence and engaged in lengthy interviews with the relevant persons but further technical information is necessary for them to come to confidently establish conclusions.”

    “Specifically, we need more information from Trust Wallet regarding activity on the wallet that was drained to reach a technical conclusion and we are actively pursuing them for their records. This will likely provide us with a better picture of how this has transpired,” he added.

    Cointelegraph reached out to Shams and he confirmed he wasn’t connected to the hotel lobby’s WiFi when he revealed the funds on his Trust Wallet.

    Also read: https://cryptoblogs.net/heres-how-volatile-market-puts-cardano-coin-at-risk-of-8-fall/

    The Webaverse co-founder believes the exploit was carried out in a similar fashion to an NFT scam story shared by NFT entrepreneur Jacob Riglin on Jul. 21, 2021.

    There, Riglin explained that he met with potential business partners in Barcelona, proved that he had sufficient funds on his laptop, and then within 30-40 minutes the funds were drained.

    Shams has since shared the Ethereum-based transaction where his Trust Wallet was exploited, noting that the funds were quickly “split into six transactions and sent to six new addresses, none of which had any prior activity.”

    The $4 million worth of USDC was then almost entirely converted into Ether (ETH), wrapped-Bitcoin (wBTC), and Tether (USDT) via 1inch’s swap address feature.

    Shams admitted that “the event haunts me to this day” and that the $4 million exploit is “undoubtedly a setback” for Webaverse.

    However, he stressed that the $4 million exploit and pending investigation will have no impact on the firm’s short-term commitments and plans:

    “We have sufficient runway of 12-16 months based on our current forecasts and we are well underway to deliver on our plans.”

    Stay in the Loop

    Get the daily email from CryptoNews that makes reading the news actually enjoyable. Join our mailing list to stay in the loop to stay informed, for free.

    Latest stories

    - Advertisement - spot_img

    You might also like...

    bitcoin
    Bitcoin (BTC) $ 26,899.21
    ethereum
    Ethereum (ETH) $ 1,667.16
    tether
    Tether (USDT) $ 1.00
    bnb
    BNB (BNB) $ 215.63
    xrp
    XRP (XRP) $ 0.535782
    usd-coin
    USDC (USDC) $ 1.00
    staked-ether
    Lido Staked Ether (STETH) $ 1,667.02
    dogecoin
    Dogecoin (DOGE) $ 0.062061
    cardano
    Cardano (ADA) $ 0.24909
    solana
    Solana (SOL) $ 20.25
    tron
    TRON (TRX) $ 0.089505
    the-open-network
    Toncoin (TON) $ 2.21
    polkadot
    Polkadot (DOT) $ 4.08
    litecoin
    Litecoin (LTC) $ 66.21
    matic-network
    Polygon (MATIC) $ 0.524766
    bitcoin-cash
    Bitcoin Cash (BCH) $ 234.32
    chainlink
    Chainlink (LINK) $ 7.95
    wrapped-bitcoin
    Wrapped Bitcoin (WBTC) $ 26,853.19
    shiba-inu
    Shiba Inu (SHIB) $ 0.000007
    dai
    Dai (DAI) $ 1.00
    true-usd
    TrueUSD (TUSD) $ 0.9991
    leo-token
    LEO Token (LEO) $ 3.68
    uniswap
    Uniswap (UNI) $ 4.39
    avalanche-2
    Avalanche (AVAX) $ 9.14
    stellar
    Stellar (XLM) $ 0.114411
    monero
    Monero (XMR) $ 146.11
    okb
    OKB (OKB) $ 43.14
    ethereum-classic
    Ethereum Classic (ETC) $ 15.88
    binance-usd
    BUSD (BUSD) $ 1.00
    cosmos
    Cosmos Hub (ATOM) $ 7.13
    hedera-hashgraph
    Hedera (HBAR) $ 0.049583
    filecoin
    Filecoin (FIL) $ 3.36
    lido-dao
    Lido DAO (LDO) $ 1.65
    internet-computer
    Internet Computer (ICP) $ 3.14
    crypto-com-chain
    Cronos (CRO) $ 0.050542
    quant-network
    Quant (QNT) $ 90.51
    maker
    Maker (MKR) $ 1,452.87
    mantle
    Mantle (MNT) $ 0.398614
    aptos
    Aptos (APT) $ 5.40
    vechain
    VeChain (VET) $ 0.016987
    arbitrum
    Arbitrum (ARB) $ 0.904023
    near
    NEAR Protocol (NEAR) $ 1.12
    optimism
    Optimism (OP) $ 1.33
    kaspa
    Kaspa (KAS) $ 0.048103
    aave
    Aave (AAVE) $ 66.11
    rocket-pool-eth
    Rocket Pool ETH (RETH) $ 1,808.19
    the-graph
    The Graph (GRT) $ 0.087356
    algorand
    Algorand (ALGO) $ 0.102119
    whitebit
    WhiteBIT Coin (WBT) $ 5.19
    usdd
    USDD (USDD) $ 0.998469
    immutable-x
    ImmutableX (IMX) $ 0.580209
    xdce-crowd-sale
    XDC Network (XDC) $ 0.048703
    blockstack
    Stacks (STX) $ 0.477993
    frax
    Frax (FRAX) $ 0.997167
    havven
    Synthetix Network (SNX) $ 2.06
    elrond-erd-2
    MultiversX (EGLD) $ 25.14
    eos
    EOS (EOS) $ 0.580804
    the-sandbox
    The Sandbox (SAND) $ 0.314963
    theta-token
    Theta Network (THETA) $ 0.642523
    tezos
    Tezos (XTZ) $ 0.677815
    bitget-token
    Bitget Token (BGB) $ 0.452217
    injective-protocol
    Injective (INJ) $ 7.52
    bitcoin-sv
    Bitcoin SV (BSV) $ 31.58
    axie-infinity
    Axie Infinity (AXS) $ 4.59
    thorchain
    THORChain (RUNE) $ 1.97
    radix
    Radix (XRD) $ 0.057546
    decentraland
    Decentraland (MANA) $ 0.316176
    render-token
    Render (RNDR) $ 1.54
    fantom
    Fantom (FTM) $ 0.192924
    neo
    NEO (NEO) $ 7.35
    gatechain-token
    Gate (GT) $ 3.74
    kava
    Kava (KAVA) $ 0.627779
    paxos-standard
    Pax Dollar (USDP) $ 1.00
    ecash
    eCash (XEC) $ 0.000025
    compound-ether
    cETH (CETH) $ 33.52
    flow
    Flow (FLOW) $ 0.449229
    pax-gold
    PAX Gold (PAXG) $ 1,865.51
    curve-dao-token
    Curve DAO (CRV) $ 0.520942
    tether-gold
    Tether Gold (XAUT) $ 1,851.35
    apecoin
    ApeCoin (APE) $ 1.22
    kucoin-shares
    KuCoin (KCS) $ 4.55
    frax-ether
    Frax Ether (FRXETH) $ 1,663.26
    rocket-pool
    Rocket Pool (RPL) $ 21.83
    frax-share
    Frax Share (FXS) $ 5.73
    iota
    IOTA (MIOTA) $ 0.152058
    chiliz
    Chiliz (CHZ) $ 0.059495
    first-digital-usd
    First Digital USD (FDUSD) $ 0.999748
    tokenize-xchange
    Tokenize Xchange (TKX) $ 4.93
    rollbit-coin
    Rollbit Coin (RLB) $ 0.118393
    huobi-token
    Huobi (HT) $ 2.41
    sui
    Sui (SUI) $ 0.479951
    gala
    GALA (GALA) $ 0.014226
    bittorrent
    BitTorrent (BTT) $ 0.00000038768387
    mina-protocol
    Mina Protocol (MINA) $ 0.375283
    klay-token
    Klaytn (KLAY) $ 0.115038
    terra-luna
    Terra Luna Classic (LUNC) $ 0.000062
    casper-network
    Casper Network (CSPR) $ 0.031983
    gmx
    GMX (GMX) $ 38.49
    dydx
    dYdX (DYDX) $ 1.95
    coinbase-wrapped-staked-eth
    Coinbase Wrapped Staked ETH (CBETH) $ 1,744.52