Webaverse discloses $4 million theft via a mysterious social engineering attack

The metaverse gaming company Webaverse disclosed on February 6 that they had suffered a $4 million theft several months earlier. They outlined what appeared to be a complex scam in which individuals posing as venture capitalists convinced them to meet in person in a hotel lobby in Rome, transfer funds to a new crypto wallet, and show it to them. The Webaverse team appeared to believe that the scammers somehow managed to steal funds from the wallet solely by taking photographs of the new Trust Wallet, with no QR codes or private keys showing.

Trust Wallet published a thread about the theft, characterizing it as a social engineering scam perpetrated by an "organized crime unit from Rome". However, they didn't clearly address the claims about funds being stolen via a photograph of the Trust Wallet. Trust Wallet seemed to suggest they believed that the theft may have been perpetrated via malware transmitted in a PDF containing KYC information.

Webaverse described the incident as "undoubtedly a setback", but expressed belief that they would be able to continue operating.