It should be noted that there are more than enough scammers in the cryptocurrency industry, but they are being hunted. The latter is bearing fruit. For example, the day before FBI representatives announced about seizure of 86 ethers, expensive NFT tokens and Audemars Piguet watches from a fraudster who had previously stolen it all.

The funny thing is that the fraudster himself helped track him down. He published photos of the watches and they helped to track him down.

Bored Ape Yacht Club’s NFT collection representative

How cryptocurrencies are stolen

The Webaverse team, along with Shams, published an open letter giving details of the incident. Basically, it all started with a contact with a certain Mr Safra, who posed as a wealthy investor.

The Webaverse management had been talking to him for weeks about a major investment in the project. This is how Shams comments on what happened.

Safra explained that he had been scammed in the crypto-sphere before, so he received a photo of our IDs to confirm our identity and set a condition that we should fly to Rome to meet him personally, because he supposedly had to “make sure” with whom he was doing business.


Note that scammers quite often comment on the subject of scamming in order to separate themselves from it in this way. Particularly amusing in this context right now is a Twitter thread by Sam Bankman-Fried, founder of the cryptocurrency exchange FTX. At the end of October 2022, he posted a series of tweets about phishing, including the phrase "in the cryptocurrency world, fraud is becoming more and more sophisticated.

Two weeks later his platform goes bankrupt and Sam is accused of misusing FTX users' money. According to the investigation, Bankman-Fried and his colleagues created a backdoor to discreetly transfer crypto-assets of exchange users to the accounts of a trading company, Alameda Research. The money was then used to buy real estate, investments and donations to politicians. The latter, by the way, are now demanding a refund.


FTX founder Sam Bankman-Fried’s tweet about crypto fraud

According to Cointelegraph sources, Shams was initially sceptical but still agreed to the meeting. It was scheduled in the lobby of a local hotel, where Safra and his “financier” were waiting for the Webaverse co-founder. They asked for “proof of funds” to “start filling in the paperwork”.

The scam victim continues the story.

Although we reluctantly accepted the “proof” on Trust Wallet, we created a new account using a device that was insulated from interaction with the scammers. We thought that without our private keys or sido phrases, the funds would be safe anyway.

It is important to note that Trust Wallet is a hot wallet, which means that its interface is constantly connected to the internet, which creates the risk of hacking. In this case the private keys are stored inside the programme and can be accessed online. In order to keep the private keys off the Internet, cold storage like the Ledger hardware wallets we are familiar with should be used.

Transaction with stolen funds

The proof of funds was the transfer of funds to the Trust Wallet. Here’s Shams’ quote.

When we met, we sat across from the three men and transferred 4 million USDC to the Trust Wallet. Mr Safra asked to see the balance on the app and then pulled out his phone to “take some pictures”.

Trust Wallet

Shams gave the opportunity to take pictures of his own device – after all, what could go wrong? Safra then stepped back to supposedly consult with his subordinates. After that, the mysterious investor never returned and Shams discovered that all the coins from his wallet were missing. Shams immediately reported the theft to the local police station in Rome, and a few days later filed an internet crime complaint form with the US Federal Bureau of Investigation (FBI).

The victim still doesn’t know how “Mr Safra” and his team of crooks managed to pull off the theft. Here is his comment.

An interim update on the progress of the investigation is that we still cannot establish with certainty the vector of the attack. Investigators have reviewed the available evidence and conducted lengthy interviews with the individuals involved, but more technical information is needed to come to confident conclusions.

The Webaverse co-founder believes that the coins were stolen along similar lines to an incident previously shared on Twitter by NFT investor Jacob Riglin. He too was meeting with potential business partners in Barcelona and showing that he had enough money in his wallet in his laptop. The coins were then mysteriously transferred to a new wallet within 30-40 minutes.

Cryptocurrency hacker

Riglin admitted that he briefly went to the toilet during a meeting that took place in an expensive restaurant. In doing so, his laptop was left open on the table. However, the investor is not sure that the fraudsters directly interacted with the device, which means that the vector of their attack in this case also remained undisclosed.

Ahad Shams added that Webaverse will contact Trust Wallet to get the technical details of the possible hack in order to solve the case. So far, representatives of the software have said that the problem here is rather not with the wallet. But alas, similar stories have happened before.


We think it's still up to the developers to figure out how it's hacked. In the meantime, cryptocurrency investors should be aware of the golden rule when dealing with digital assets. In addition to keeping private keys off the internet, they should also avoid interacting with coins in public. In addition, the very idea of meeting someone to demonstrate a transaction is terrifying, as it could end up a trivial robbery with the prospect of injury. So crypto holders should make transfers in secluded places and also ideally not to disclose their hobby to outsiders.


Follow the developments in our millionaires cryptochat. There we talk about other important developments that are helping the blockchain industry become more popular.