1/ This week, an organised crime unit from Rome stole $4M from one of our users.
It was stated, the thief ‘took a picture’ of the user’s Wallet balance to steal the funds.
We’ve done investigating into the events and believe this is how it happened…🧵👇
It was stated, the thief ‘took a picture’ of the user’s Wallet balance to steal the funds.
We’ve done investigating into the events and believe this is how it happened…🧵👇
2/ Original tweet for reference:
We have been investigating the reported activity and speaking with security professionals on this matter. We believe this was caused by a social engineering scam that involved a series of events ahead of that moment
We have been investigating the reported activity and speaking with security professionals on this matter. We believe this was caused by a social engineering scam that involved a series of events ahead of that moment
3/ We believe this social-engineering attack came from an organised crime unit based in Rome, Italy. Other known location of different cases with different wallet providers from the same crime unit have been in Milan and Barcelona.
4/ From all the known cases, the victims who lost their funds were using various kinds of hot & cold wallets, not only on Trust Wallet. For those who used hot wallets, they were using iPhone, Android or MAC.
5/ Multiple parties in the crypto community (other than the victims) have reported that they too were approached by the criminals. In most cases, the criminals claimed to be web3 project investors.
6/ The criminals insisted on meeting in person & demanded to see the proof of funds on a hot wallet when they met face to face.
7/ In the case we’re referring to here, the user’s funds were originally in a multi-sig wallet and the user had been persuaded to send the funds to a new, single Trust Wallet by the criminals a few weeks before they met.
8/ Before the theft takes place, the thief shares a NDA pdf file & (fake in the criminal's case, we suspect this contained malware) KYC information to the victim ahead of the criminal’s proposed business.
9/ They meet the criminal for dinner prior to showing the funds. The new wallets get drained a few minutes after the proofs of funds are shown, and the criminal took a photograph of the proof of funds. Hence why the initial theory of stealing the funds through a photo
10/ What have/will our actions be?
We suggest the victim to report to the law enforcement.
Since the criminal will need off-ramps to withdraw fiat out of the crypto, with proper legal procedure, the law enforcement might be able to stop and potentially retrieve the funds.
We suggest the victim to report to the law enforcement.
Since the criminal will need off-ramps to withdraw fiat out of the crypto, with proper legal procedure, the law enforcement might be able to stop and potentially retrieve the funds.
11/ To put it bluntly we hate scammers and are always willing to support our users on understanding what has happened with their assets. If you have any information or require support yourself please reach out to our customer support team.
support.trustwallet.com
support.trustwallet.com
12/ Furthermore; Trust Wallet mobile apps and extension are security audited and pen-tested by our internal security team as well as external 3rd party security auditors too.
Rest assured if you use Trust Wallet your assets are safe but it is important to remain vigilant.
Rest assured if you use Trust Wallet your assets are safe but it is important to remain vigilant.
13/ How can YOU protect YOURSELF?
When you are traveling, use a reliable wifi from a trustable hotel, avoid using those in airbnb, use your own SIM if possible.
When you are traveling, use a reliable wifi from a trustable hotel, avoid using those in airbnb, use your own SIM if possible.
14/ Be aware of Fake Access Point: it’s important to confirm you’ve got the right network. Hackers love to name the AP like “STARBUCKS_2”, “FREE_Airport_WIFI”, “FREE_Hotel_WIFI” to trick you into connecting to the AP that they set up.
15/ Never use HTTP websites or use your credentials to login on those websites. Hackers might be sniffing the network and will pick up your login credentials just by viewing the network traffic.
We recommend using a VPN service to encrypt your traffic.
We recommend using a VPN service to encrypt your traffic.
16/ Avoid opening any unknown links or files sent to your phone or prompted to download before they are scanned for malware.
17/ Here’s an ultimate overview guide & further links into Trust Wallet security community.trustwallet.com
We'll be sharing more security tips (and more) very soon. Stay vigilant out there fam 💙
We'll be sharing more security tips (and more) very soon. Stay vigilant out there fam 💙
Loading suggestions...