Trust Wallet reveals a scheme to steal cryptocurrencies from photos

It has become known how a cryptocurrency hacker stole cryptocurrency from a Trust Wallet wallet using only a photo of the balance. As a reminder, Ahad Shams, one of the founders of the Webaverse virtual reality project, told a story where a fake investor managed to steal $ 4 million worth of crypto assets.

In order to avoid unpleasant situations in the future, Trust Wallet published a guide on Twitter on how not to fall for cryptocurrency criminals and explained the scheme that Webaverse CEOs fell for.

«We believe the theft was caused by a social engineering fraud that involved a series of events leading up to the crime itself. This hacking attack was carried out by an organized crime unit in Rome. Other participants in the crime were located in Milan and Barcelona,» the crypto wallet developers said.

Interestingly, the victims who lost their funds used different types of hot and cold wallets, not just Trust Wallet. The criminals always insisted on a personal meeting, and when they finally met with the victim, they demanded confirmation of the availability of funds on the hot wallet.

«In the case of Webaverse, the user’s funds were initially on a wallet with several signatures. The criminals convinced the user to send the funds to a new wallet a few weeks before the meeting. Before the theft takes place, the thief usually provides the victim with a pdf of a confidentiality agreement and fake KYC information (usually with malware). Then the real meeting takes place, and the criminal takes a photo of the crypto wallet balance, which is supposedly how the victim confirms that his project controls the crypto wallet. The account is emptied a few minutes after the startup owners prove their financial stability. Thephoto is only needed to lull the victim’s vigilance so that they don’t realize what's going on,» Trust Wallet said.

The crypto wallet developers also gave some tips on how to protect yourself from such crypto fraud:

• use secure Wi-Fi when traveling
• do not make transactions on public Wi-Fi networks (for example, when renting a house through Airbnb)
• use your own SIM card to access the mobile Internet
• be aware of fake Wi-Fi access points — hackers like to name their own access points «STARBUCKS₂», «FREE_Airport_WIFI», «FREE_Hotel_WIFI»
• use trusted VPNs to encrypt traffic
• avoid opening any unknown links or files sent to your phone or offered for download before they have been scanned for malware.