Cyber Incident Victim: Webaverse

On November 26, 2022, Webaverse co-founder Ahad Shams met individuals posing as investors—a man identifying himself as "Mr. Safra" and his associates—in a hotel lobby in Rome. The meeting followed weeks of email and video call discussions during which Mr. Safra claimed interest in investing in Web3 companies, requested Know Your Customer (KYC) documentation, and insisted on an in-person meeting to establish trust. Shams reluctantly agreed to demonstrate "proof of funds" using a newly created Trust Wallet account on a secondary device, believing this precaution would protect the assets since no private keys or seed phrases would be shared. During the meeting, Shams transferred $4 million in USDC stablecoin into the wallet. Mr. Safra then asked to photograph the wallet’s balance screen using his phone. Shortly after Mr. Safra excused himself to consult colleagues, he disappeared, and the funds were drained from the wallet within minutes.

Shams immediately reported the theft to local Roman authorities and later submitted an Internet Crime Complaint (IC3) to the U.S. Federal Bureau of Investigation. Blockchain analysis revealed the stolen USDC was split into six transactions, sent to previously inactive addresses, and converted to Ether, wrapped Bitcoin, and Tether via the 1inch decentralized exchange. Trust Wallet’s CEO stated their internal investigation indicated the theft was likely orchestrated by organized crime rather than a vulnerability in the wallet application, citing similar in-person scams in Rome. Webaverse disclosed the incident publicly in February 2023, noting ongoing investigations had not yet conclusively determined the attack vector but emphasized collaboration with Trust Wallet to analyze wallet activity logs. The $4 million loss was described as a significant setback, though the company affirmed its operational runway remained intact for 12–16 months, allowing continued development of its platform.