Trust Wallet says user’s $4M hack was done via social engineering
Trust Wallet said the criminals had always insisted on physical meetings and posed as web3 project investors.
Crypto wallet Trust Wallet said an organized crime unit in Rome social engineered its user who lost $4 million, according to a Feb. 8 Twitter thread.
The hacking victim, Ahad Shams, claimed the hacker perpetrated the theft by taking a picture of his wallet’s balance — adding that there was no way the criminals could have accessed the wallet’s private key because it was freshly created.
Trust wallet explains the scam
According to Trust Wallet, the organized crime unit has perpetrated these scams across different locations in Milan and Barcelona. It noted that victims, in all cases, were using various hot and cold wallet service providers on different kinds of devices.
Trust Wallet said the criminals had always insisted on physical meetings and posed as web3 project investors.
In Shams’ case, Trust Wallet said it was highly likely that the scammers had made him download malware in the guise of an NDA PDF file and KYC information sent to him.
This would have allowed the hackers to steal the funds after getting the proof of funds, the Trust Wallet team claimed.
The wallet provider told users its mobile app extensions were “security audited and pen-tested” by internal and external auditors.
Meanwhile, it advised the victim to report to law enforcement agencies and advised users on ways to protect themselves from attacks.
However, not everyone agrees with the Trust Wallet response. One user noted that the victim claimed they did not open the pdf on the phone. Others point to the incident as another reason to use cold wallets.