Beware of Face-to-Face Scams Impersonating Web3 Investors, TrustWallet Explains

Face-to-face fraud targeting Web3 projects

Crypto asset (virtual currency) wallet Trust Wallet explained on the 9th that a wallet user had 520 million yen ($4 million) worth of tokens stolen due to face-to-face fraud.

1/ This week, an organized crime unit from Rome stole $4M from one of our users.

It was stated, the thief ‘took a picture’ of the user’s Wallet balance to steal the funds.

We’ve done investigating into the events and believe this is how it happened…

— Trust – Crypto Wallet (@TrustWallet) February 8, 2023

The asset exfiltration transaction occurred last year, but the victim announced it on his blog on the 6th. There were many incomprehensible parts in the method, and it was developing into a debate that doubted Trust Wallet’s credibility.

The conclusion is that it appears to be a “social engineering scam” by an Italian-based criminal group, and similarities to cases confirmed in Rome, Milan, Spain, etc. have been pointed out.

Social engineering is a method of stealing important information such as passwords required to access software by taking advantage of human psychological gaps and behavioral mistakes.

According to Trust Wallet, an Italian gang of criminals claiming to be Web3 investors have approached people involved in several cryptocurrency projects to meet face-to-face to explain and negotiate.

Ahad Shams, co-founder of Webaverse, who was also victimized this time, also admitted on his blog that project members and scammers held a meeting in Rome at the end of November 2010.

According to Trust Wallet, the culprit used some reason to trick the victim into transferring funds from a “multi-sig wallet,” which requires multiple people’s private keys, to a “single wallet.” He also gave them a PDF of a non-disclosure agreement (NDA) and shared KYC information.

After that, the fraudster asked the victim to prove that he/she had the necessary funds for the transaction, and took a face-to-face photo of the wallet balance. Ultimately, there is a situation where virtual currency is leaked from the victim’s wallet.

Trust Wallet pointed out, “It is highly likely that the PDF file of the NDA passed by the criminal contained malware.” A lot of information is sent to the outside from the device (information communication terminal) infected by the malware, and the private key of the hot wallet stored in the device is also targeted.

connection:Phishing scams by spoofing emails, virtual currency companies call attention to actual cases

Beware of fraud

According to the blockchain data site Etherscan, USDCoin (USDC) worth $4 million was leaked in a transaction on November 26. At the time of writing, the stolen funds have been split between six addresses. One address now holds 83% of stolen assets.

Trust Wallet reported that its mobile app extension had undergone a “security audit and penetration test” by internal and external auditors.

Shams reported the theft to the local police in Rome shortly after the incident was discovered last November, and also notified the FBI. Webaverse says it has a runway (operating budget) of 12 to 16 months.

Other victims of the Italy-based criminal gang used not only hot wallets, but also cold wallets that were cut off from the internet, according to Trust Wallet. In addition, hot wallets are used on a wide variety of devices, including iPhones, Androids, and Macs, and multiple wallet providers have been confirmed to have suffered damage.

NFT Scam full story;

After the response to my previous tweets about the $90,000 scam I was involved in, I wanted to share more details on it to help warn any others of falling victim to it.

I was contacted by a Philippe Maloof from Canbury Properties Limited.

— Jacob (@jacobriglin) July 21, 2021

In the case of generative NFT artist Jacob Riglin magazine, while studying in Barcelona, ​​he had $90,000 worth of assets stolen by a scammer posing as a real estate company. He said that in order to negotiate the sale of NFT, he contacted three people at a restaurant and took a picture of the wallet screen for asset proof.

17/ Here’s an ultimate overview guide & further links into Trust Wallet security https://t.co/imdwZWsl9K

We’ll be sharing more security tips (and more) very soon. Stay vigilant out there fam

— Trust – Crypto Wallet (@TrustWallet) February 8, 2023

Trust Wallet warned users not to carelessly click on links or open files sent to their phones or prompted to download.

connection:Azuki’s official SNS was hijacked and disguised as a virtual land sale

The post Beware of Face-to-Face Scams Impersonating Web3 Investors, TrustWallet Explains appeared first on Our Bitcoin News.