Trust Wallet, a crypto asset wallet, announced on February 9th that one of its users had fallen victim to a face-to-face fraud that resulted in the theft of tokens worth 52 million yen ($4 million). The exfiltration of assets took place last year, but the victim only made the announcement on his blog on February 6th. This has sparked a debate and raised questions about Trust Wallet’s credibility.

Investigations have revealed that the fraud was likely carried out by an Italian criminal group using a method known as “social engineering”. This method takes advantage of human weaknesses and mistakes to steal important information, such as passwords for accessing software.

According to Trust Wallet, the Italian gang posed as Web3 investors and approached individuals involved in various cryptocurrency projects with the intention of holding face-to-face meetings to explain and negotiate. Ahad Shams, co-founder of Webaverse, who was also a victim of the scam, wrote on his blog that he and the scammers held a meeting in Rome in November 2010.

Trust Wallet explained that the culprit convinced the victim to transfer funds from a multi-sig wallet to a single wallet by giving a fake reason and providing a PDF of a non-disclosure agreement (NDA) and KYC information. After the transfer, the fraudster requested the victim to show proof of funds and took a photo of the wallet balance. This ultimately led to the loss of the virtual currency.

The wallet provider believes that the PDF of the NDA was infected with malware, which allowed the criminal to access the private key of the hot wallet stored on the device. Trust Wallet also noted that hot wallets on various devices, including iPhones, Androids, and Macs, have been affected, not just those of its users, but multiple wallet providers as well.

Trust Wallet has undergone a security audit and penetration test by internal and external auditors, but the company is still warning users to be cautious and not to click on links or open files sent to their phones or prompted for download. According to blockchain data site Etherscan, $4 million in USDC was leaked in a transaction on November 26, with the stolen funds split between six addresses, with one address holding 83% of the stolen assets.

Other victims of the Italian criminal group had not only used hot wallets, but also cold wallets that were offline, according to Trust Wallet. Shams reported the theft to the police in Rome and the FBI shortly after the incident was discovered last November. Webaverse has a runway of 12 to 16 months.

Trust wallet also provided the guide. be aware of scammers and whatever you are doing with your funds, and online activities do it carefully. 

stay tuned at for more news!