Webaverse, a metaverse project, went through this scam in late November 2022.
Technical investigation of how $4M USDC was swept is not concluded yet.
Crypto hacks and scams of recent times devised different strategies to sweep away users’ funds. This frenzy season of hacks is about to archive an unsolved scam. On Monday, a $4 million crypto hack linked to the Web3 metaverse game project Webaverse was revealed to the public on Twitter.
a crypto scam stole 4m by just taking a photo of a trust wallet screen, with no seed phrases or any private info on sight pic.twitter.com/yOQGbReF1I
— 0xngmi (aggregatoor arc) (@0xngmi) February 6, 2023
An anonymous dev publicized this hack by releasing a letter from the project’s co-founder Ahad Shams. This letter sketched this tragic activity from the co-founder’s perspective. Significantly, the event’s chronology began with the scammers’ theft initiation in a hotel lobby in Rome in late November 2022.
Scammers Disguised as Investors
Webaverse co-founder Ahad Shams revealed the whole narrative through the letter as he was one of the direct victims. Notably, this hack occurred during a client’s meeting in a hotel lobby. The victim, the Webaverse team, and the scammers, disguised clients, had an “IRL meeting” after months of discussion. As per sources, it is reported that the scammers had demanded the IDs of the Webaverse members for KYC purposes.
During the meeting, the scammers required Webaverse team to share “proof-of-funds” by wiring crypto funds into a Trust Wallet account. Reportedly, $4 million worth USD Coin (USDC) was stolen from this Webaverse Trust Wallet.
As per the letter, the “private company, not a DAO” filed a report to the local police in Rome and also to the FBI demanding a keen probe. Also, Webaverse approached popular crypto investigators such as “@wassilawyer” and prominent firms to uncover how the hack occurred. Months of delay in reporting the loss of funds pushes Webaverse into skeptical speculations.
Ahad Shams, Co-founder of Webaverse, stated:
“We refrained from making this public in order to avoid affecting the investigation. We wanted to deal with it professionally and relevant safeguards were put in place, such that even I was not privy to the details of the investigation.”
Webaverse suspects that either private key leakage or exposure to public WiFi would have been the root cause of this hack. Thus, the team awaits a thoroughly analyzed report from Trust Wallet to decipher the actual behind-the-scenes of this hack. The investigator, wassilawyer, revealed that several other crypto projects are on the radar of the scammers affiliated with this hack.