Trust Wallet – a multi-chain crypto wallet provider – provided a statement on Wednesday explaining recent events allowing for $4 million to be stolen from one of its users.
The company chalked the theft’s cause up to a social engineering attack by an organized crime unit in Rome, rather than a flaw in its software.
- On Monday, rumors began to circulate about a Trust Wallet user who lost $4 million in funds to a scammer who had merely taken a picture of the user’s balance. No seed phrases – passwords for accessing a wallet’s funds – were anywhere in sight at the time
- Per Trust Wallet’s statement over Twitter, investigations lead it to believe that the hack was part of a string of thefts conducted by the same crime unit. Some thefts involved different wallet providers, in other regions like Milan and Barcelona.
- “Multiple parties in the crypto community (other than the victims) have reported that they too were approached by the criminals. In most cases, the criminals claimed to be web3 project investors.”
- Trust Wallet added that criminals meeting in person always asked for proof of funds within a hot wallet before. The party had convinced victims weeks in advance to move their funds from a multisig wallet into a new, single-key Trust wallet.
- Before the theft, the thief shared an NDA pdf file and (suspected) fake KYC information with the victim, which may have contained malware allowing for funds to be taken.
“Rest assured if you use Trust Wallet your assets are safe but it is important to remain vigilant,” the company concluded.