{"id":548700,"date":"2023-02-07T06:04:08","date_gmt":"2023-02-07T03:04:08","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/haunts-me-to-this-day-crypto-project-hacked-for-4m-in-a-hotel-lobby\/"},"modified":"2023-02-07T06:04:08","modified_gmt":"2023-02-07T03:04:08","slug":"haunts-me-to-this-day-crypto-project-hacked-for-4m-in-a-hotel-lobby","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/haunts-me-to-this-day-crypto-project-hacked-for-4m-in-a-hotel-lobby\/","title":{"rendered":"# &#8216;Haunts me to this day&#8217; \u2014 Crypto project hacked for $4M in a hotel lobby"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3f9cbed10fb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3f9cbed10fb\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/haunts-me-to-this-day-crypto-project-hacked-for-4m-in-a-hotel-lobby\/#%E2%80%9D_%E2%80%98Haunts_me_to_this_day_%E2%80%94_Crypto_project_hacked_for_4M_in_a_hotel_lobby_%E2%80%9C\" >&#8221; &#8216;Haunts me to this day&#8217; \u2014 Crypto project hacked for $4M in a hotel lobby &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_%E2%80%98Haunts_me_to_this_day_%E2%80%94_Crypto_project_hacked_for_4M_in_a_hotel_lobby_%E2%80%9C\"><\/span>&#8221; &#8216;Haunts me to this day&#8217; \u2014 Crypto project hacked for $4M in a hotel lobby &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDIvZjU0MjIyN2MtZGI5MC00NzA1LWIyOWMtZTFkNjJmYjZhZTE2LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a4050f8>The co-founder of  Web3 metaverse <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> engine \u201cWebaverse\u201d has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome.\u00a0<\/p>\n<p>The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point.<\/p>\n<p>He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. <\/p>\n<p>The thieves were somehow able to gain access while taking a photo of the wallet\u2019s balance, believes Shams.<\/p>\n<p>The letter which was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/docs.google.com\/document\/d\/1qmAwMN6s2x3xOB5spyaHCTkzFjZWnUW3RU0nbuUFIy0\/edit\">shared<\/a> on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> on Feb. 7, contains statements from Webarverse and Shams, explaining that they met with a man named \u201cMr Safra\u201d on Nov. 26 after several weeks of discussions about potential funding. <\/p>\n<p>\u201cWe connected with \u201cMr Safra\u201d over email and video calls and he explained that he wanted to invest in exciting Web3 companies,\u201d explained Shams. <\/p>\n<p>\u201cHe explained that he had been scammed by people in crypto before and so he collected our IDs for KYC, and stipulated as a requirement that we fly into Rome to meet him because it was important to meet IRL to \u2018get comfortable\u2019 with who we were each doing business with,\u201d he added. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">full story <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/vdkAHyBaG9\">https:\/\/t.co\/vdkAHyBaG9<\/a><\/p>\n<p>\u2014 0xngmi (aggregatoor arc) (@0xngmi) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xngmi\/status\/1622614933740322817?ref_src=twsrc%5Etfw\">February 6, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>While initially \u201cskeptical,\u201d Sham agreed to meet \u201cMr Safra\u201d and his \u201cbanker\u201d in person in a hotel lobby in Rome, where he would later show the project\u2019s \u201cproof of funds&#8221; \u2014 who Mr. Safra claimed was his requirement to begin the &#8220;paperwork.&#8221;<\/p>\n<p>\u201cThough we grudgingly agreed to the Trust Wallet \u2018proof\u2019, we created a fresh Trust Wallet account at home using a device we didn\u2019t primarily use to interact with them. Our thinking was that without our private keys or seed phrases, the funds would be safe anyway,&#8221; said Shams.\u00a0<\/p>\n<p>However, turns out Sham he was thoroughly mistaken:<\/p>\n<blockquote><p>\u201cWhen we met, we sat across from these three men and transferred 4m USDC into the Trust Wallet. \u201cMr Safra\u201d asked to see the balances on the Trust Wallet <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> and took out his phone to \u201ctake some pictures\u201d.<\/p><\/blockquote>\n<p>Shams explained that he thought it was okay because no private keys or seed phrases were revealed to &#8220;Mr. Safra.&#8221;<\/p>\n<p>But after &#8220;Mr. Safra&#8221; took a photo and stepped out of the meeting room to consult his banking colleagues, the crew vanished and Shams saw the funds siphoned out.<\/p>\n<blockquote><p>&#8220;We never saw him again. Minutes later the funds left the wallet.&#8221;<\/p><\/blockquote>\n<p>Almost immediately after, Shams reported the theft to a local police station in Rome and then filed an Internet Crime Complaint (IC3) form to the U.S. Federal Bureau of Investigation (FBI) a few days later.<\/p>\n<p>Shams said he still has no idea how \u201cMr. Safra\u201d and his scam crew committed the exploit:<\/p>\n<blockquote><p>\u201cThe interim update from the ongoing investigations is that we are still unable to confidently establish the attack vector. The investigators have reviewed available evidence and engaged in lengthy interviews with the relevant persons but further technical information is necessary for them to come to confidently establish conclusions.\u201d<\/p><\/blockquote>\n<p>\u201cSpecifically, we need more information from Trust Wallet regarding activity on the wallet that was drained to reach a technical conclusion and we are actively pursuing them for their records. This will likely provide us with a better picture on how this has transpired,\u201d he added.<\/p>\n<p>Cointelegraph reached out to Shams and he confirmed he wasn\u2019t connected to the hotel lobby&#8217;s WiFi when he revealed the funds on his Trust Wallet.<\/p>\n<p>Cointelegraph also reached out to Trust Wallet for a comment on the matter but did not recieve an immediate response.<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Just get phishing scammers out of your way<\/em><\/strong><\/p>\n<p>The Webaverse co-founder believes the exploit was carried out in similar fashion to an NFT scam story shared by NFT entrepreneur Jacob Riglin on Jul. 21, 2021.<\/p>\n<p>There, Riglin explained that he met with potential business partners in Barcelona, proved that he had sufficient funds on his laptop, and then within 30-40 minutes the funds were drained.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">NFT Scam full story;<\/p>\n<p>After the response to my previous tweets about the $90,000 scam I was involved in, I wanted to share more details on it to help warn any others of falling victim to it.<\/p>\n<p>I was contacted by a Philippe Maloof from Canbury Properties Limited. He said he had a<\/p>\n<p>\u2014 Jacob (@jacobriglin) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/jacobriglin\/status\/1417797276613947393?ref_src=twsrc%5Etfw\">July 21, 2021<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Shams has since <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/etherscan.io\/tx\/0xef7880b675a449c6c3db38ae9a625025f61f2d4340bfa5d7a30ade26a34ed81d\">shared<\/a> the Ethereum-based transaction where his Trust Wallet was exploited, noting that the funds were quickly &#8220;split into six transactions and sent to six new addresses, none of which had any prior activity.&#8221;<\/p>\n<p>The $4 million worth of USDC was then almost entirely converted into Ether (ETH), wrapped-Bitcoin <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.coingecko.com\/en\/coins\/wrapped-bitcoin\">(wBTC)<\/a> and Tether (USDT) via 1inch\u2019s swap address feature.<\/p>\n<p>Shams admitted that \u201cthe event haunts me to this day\u201d and that the $4 million exploit is \u201cundoubtedly a setback\u201d for Webaverse.<\/p>\n<p>However, he stressed that the $4 million exploit and pending investigation will have no impact on the firm\u2019s short term commitments and plans:<\/p>\n<blockquote><p>\u201cWe have sufficient runway of 12-16 months based on our current forecasts and we are well underway to deliver on our plans.\u201d<\/p><\/blockquote>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/haunts-me-to-this-day-crypto-project-hacked-for-4m-in-a-hotel-lobby\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; &#8216;Haunts me to this day&#8217; \u2014 Crypto project hacked for $4M in a hotel lobby &#8220; The co-founder of Web3 metaverse game engine \u201cWebaverse\u201d has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome.\u00a0 The bizarre aspect of the story,&#8230;<\/p>\n","protected":false},"author":1,"featured_media":548701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2023-02\/f542227c-db90-4705-b29c-e1d62fb6ae16.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74868,74882,126871,95118,117,71006,70944,75134,71101],"class_list":["post-548700","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-defi","tag-hacks","tag-meetup","tag-nft","tag-business","tag-fraud","tag-hackers","tag-phishing","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548700","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=548700"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/548700\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/548701"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=548700"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=548700"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=548700"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}