Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Trust Wallet, a multi-chain non-custodial wallet, tweeted that Ahad Shams, the co-founder of the Web3 metaverse game engine Webverse, said that he did not disclose the mnemonic and was only stolen $4 million worth of cryptocurrency because he was photographed. Trust Wallet believes this is a security incident triggered by a social engineering attack involving an organized crime group from Rome, Italy, with known locations in Milan and Barcelona. It is reported that the theft of Ahad Shams’ funds occurred in November 2022. At that time, it hoped to complete a round of financing for the project. A scammer pretending to be an investor shared an NDA PDF file and KYC information (suspected to contain malware) to prove identity, then had Shams transfer funds to a new non-multisig wallet, and view Ahad Shams trust wallet balance, taking pictures in the process. While no private key or seed phrase was revealed, $4 million in cryptocurrency from the Trust wallet subsequently disappeared, and the crook has never been seen again. Attack method (per SlowMist): Social engineering scam. Reported loss: $ 4,000,000.
- chain
- —
- protocol
- Ahad Shams
- bug_class
- private-key
- date_occurred
- 2022-11-26
- loss_usd
- $4,000,000
- source_id
- sm:ahad-shams::2022-11-26