Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Metaverse News

Webaverse Co-founder details how project lost $4M in hotel lobby hack

During a meeting with two individuals claiming to be investors, the co-founder of Webaverse stated that the company’s Trust Wallet had been hacked.

The co-founder of the Web3 metaverse game engine “Webaverse” said that they were hacked for $4 million in crypto after meeting scammers in a Rome hotel lobby who said they were investors.

Co-founder Ahad Shams says that the strangest part of the story is that the crypto was stolen from a newly set up Trust Wallet and that the hack happened at some point during the meeting.

“We connected with ‘Mr. Safra’ over email and video calls and he explained that he wanted to invest in exciting Web3 companies,” explained Shams.

“He explained that he had been scammed by people in crypto before and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to ‘get comfortable’ with who we were each doing business with,” he added.

Even though Shams was skeptical at first, he agreed to meet “Mr. Safra” and his “banker” in person in a Rome hotel lobby, where Shams was to present “proof of funds” for the project, which “Mr. Safra” claimed he required to begin “paperwork.”

“Though we grudgingly agreed to the Trust Wallet ‘proof’, we created a fresh Trust Wallet account at home using a device we didn’t primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway,” said Shams.

“When we met, we sat across from these three men and transferred 4m USDC into the Trust Wallet. ‘Mr Safra’ asked to see the balances on the Trust Wallet app and took out his phone to ‘take some pictures’.”

Shams said that he thought it was okay because “Mr. Safra” didn’t find out any private keys or seed phrases.

However, once “Mr. Safra” left the meeting room to apparently consult with his banking colleagues, he never returned. Then Shams saw funds being stolen away.

“We never saw him again. Minutes later the funds left the wallet.”

Shams said he still doesn’t know how “Mr. Safra” and his scam crew committed the exploit: “The interim update from the ongoing investigations is that we are still unable to confidently establish the attack vector. The investigators have reviewed available evidence and engaged in lengthy interviews with the relevant persons but further technical information is necessary for them to come to confidently establish conclusions.”
“Specifically, we need more information from Trust Wallet regarding activity on the wallet that was drained to reach a technical conclusion and we are actively pursuing them for their records. This will likely provide us with a better picture on how this has transpired,” he added.

Shams has since revealed the Ethereum-based transaction where his Trust Wallet was hacked, saying that the funds were quickly “split into six transactions and sent to six new addresses, none of which had any prior activity.”

Shams said that “the event even haunts me” and that Webaverse’s loss of $4 million is “undoubtedly a setback.”

But he stressed that the $4 million scam and the investigation into it will not change the firm’s short-term plans and commitments:

“We have sufficient runway of 12-16 months based on our current forecasts and we are well underway to deliver on our plans.”

Content Source:

Latest metaverse news and tutorials right at your inbox, every Monday

IMPORTANT DISCLAIMER: All content provided on this website, any hyperlinked sites, social media accounts and other platforms is for general information only and has been procured from third party sources. We make no warranties of any kind regarding this content. None of the content should be interpreted as financial, legal, or other advice meant to be relied on for any purpose. Any use or reliance on this content is done at your own risk and discretion. It is your responsibility to conduct research, review, analyze, and verify the content before relying on it.

Recommended Posts