Scammers steal $4 million in crypto during face-to-face encounter • The Register
Ahad Shams, co-founder of Web3 metaverse game engine startup Webaverse, discovered in late November 2022 that someone had stolen $4 million of his cryptocurrency — during a real-world interaction.
Stolen crypto is not uncommon: billions of digi-dollars were stolen last year, some by criminal gangs or nations like North Korea.
What made this case different is that the fraudsters stole the money from a newly created Trust Wallet account when Shams and a Webaverse colleague met in the lobby of a hotel in Rome. By the premature end of the meeting, the money—and the crooks—were gone.
We thought it was odd, but no private keys or seed phrases were shown, so we humored them
In a detailed statement posted on Twitter this week, Shams outlined how the scammers posed as potential investors, courted him over several weeks, arranged the meeting in Rome, convinced him to move $4 million in crypto to the new Trust Wallet account, and eventually disappeared , followed by the funds minutes later.
“We’re not 100 percent sure technically how this happened yet, but in short, the scammers convinced us to move funds into a new wallet (which we created and controlled) in order to provide ‘proof of funds’ .wrote Shams.
Not the first victim
What he found in the wake of the theft and the subsequent investigation is that such fraud attempts, while not typical, are not unheard of. He pointed to one Twitter thread from 2021 where NFT entrepreneur Jacob Riglin, founder of Dream Lab, wrote that $90,000 in crypto was stolen from him in a similar scheme involving a meeting in Barcelona.
Also in that case, Riglin was persuaded to open his crypto wallet and show it to the scammers, again to show the “investors” that he had the money to make the deal.
In the Webaverse case, Shams wrote that he was working to close a Series A fundraising round when he was contacted by a man who called himself the lawyer of a person — “Joseph Safra” — who wanted to invest in Webaverse. The email appeared to be from a legitimate law firm – Shams checked the website – and the lawyer sent him information about your client (KYC), which eventually turned out to be fake.
After weeks of negotiations via e-mail and video calls with the lawyer and “Mr. Safra,” Shams agreed to meet them in Rome. The madman posing as Safra said he needed proof of funds and suggested a Trust Wallet account would be sufficient proof.
Meeting at a hotel in Rome
Shams said he and a colleague met with Safra and his lawyer for dinner and then the next day to close the deal. He had created a new Trust Wallet account while still at home, using a device that Webaverse didn’t normally use. The idea was that without Shams’ private keys or seed phrases, the funds would be safe.
“We sat opposite these men and transferred 4M USDC [USD Coin] into Trust Wallet,” Shams wrote. “‘Mr Safra’ asked to see the balances on the Trust Wallet app and took out his phone to ‘take some photos’. We thought it was weird, but since no private keys or seed phrases were shown, we humored them.”
He said Safra was satisfied but had to go outside to discuss it with his colleagues.
“We never saw him again,” Shams wrote. “Minutes later the money left the wallet. I was in shock … I had absolutely no idea how these guys had stolen the money from us.”
He said he has reported the theft to Rome police and the FBI. The ongoing investigation — including by a private attorney hired by the Webaverse co-founder — has not determined exactly how the crypto was stolen. They are still working to get more information from Trust Wallet about what happened to the wallet when the fund was drained.
Others targeted
The lawyer also said the group that defrauded Shams had contacted other of his clients earlier in 2022, which was proven by matching signatures on documents. In addition, investigators have put crypto exchanges about the crooks.
Webaverse is also offering rewards to anyone who can help track down the scammers or recover the stolen money.
The laundering of the stolen money was extensive. Investigators found that the funds taken from Shams’ wallet were divided into six transactions that were sent to six previously unused addresses. Almost all USDC was converted to Ethereum, Wrapped Bitcoin (wBTC) and Tether (USDT) and then run through a pool of 14 addresses.
From there, the funds were sent to four new addresses, with around 83 per cent currently sitting at one of the addresses.
Shams wrote that while the crypto theft hurt his company — like losing $4 million — Webaverse has enough money for the next 12 to 16 months and wants to raise more money. And as the investigation continues, he looks ahead.
“The incident haunts me to this day, but it has not broken me,” Shams wrote. ®