Raising capital in the crypto environment can bring unique and unparalleled challenges. Look no further than the ever-curious case of Webaverse, a company that builds game engines and MMOs (massive multiplayer online games) inspired by the characteristics of the metaverse.
The Webaverse team suffered a brutal attack after experiencing a ~$4M social engineering exploit. However, this isn’t your ‘run of the mill’ hack – or at least, it hasn’t been presented that way. While the details of the execution of the hack are still in question, one thing is certain: it is the result of a sophisticated ‘long game’ of social engineering supported by fake KYC info, fraudulent websites, and above all with in-person meetings.
Exploitation Reaches a New Level
Today, an inquisitive mind can’t be curious enough – and diligence just can’t be diligent enough. We covered the exploit that led to the theft of more than a dozen Bosen Ape Yacht Club NFTs just two months ago, and another recent story with the same stroke tells us that one thing is certain: with the amount of dollars in today’s crypto landscape, hackers and exploiters are willing to go far beyond Big deal for digital assets scam.
December’s NFT heist featured fake casting directors using fake websites, fake email domains, fake pitch decks, and more – all to build trust, and carefully combat efforts. The result was over $1M in direct losses for the owner.
This ‘similar but different’ story appeared this week, first raised by respected coder DefiLlama 0xngmi.

The Webaverse hack has curious minds inquiring how keys were stolen to a wallet containing approximately $4M in stablecoins. Primary stablecoin USDT has seen reduced dominance as some users have moved to non-stablecoin assets. | Source: CRYPTOCAP:USDT on TradingView.com
A Curious Case of Insanity
Linked to 0xngmi’s tweet is the official statement from the Webaverse team, a 4-page Google Doc compiled by company founder and CEO Ahad Shams. Shams detailed that in November 2022, after several weeks of dialogue with a crew of sophisticated scammers who were potential investors, a meeting was held between them in Rome.
Fraudsters ask for ‘proof of funds,’ and Shams tries to protect himself by only revealing images of the Trust Wallet he holds and independently with the funds, admitting that no key or important account details are exposed and the wallet itself. -made, self-controlled and self-custodied one used only this opportunity.
Efforts to prevent another incident were made from Shams around this interaction, but in this case, the measures taken by Shams to protect the organization’s funds seemed inadequate.
For the most part, as Shams notes, this isn’t a situation where DAOs or other public pools are bothering users. It is the only company that provides information on crypto thoughts that are curious about unpleasant situations that do not result from a lack of diligence or care. However, this does not mean that Shams did not make mistakes along the way.
In fact, common logic would now suggest that we are missing an important piece of the puzzle here.
Trust Wallet CEO Eowyn Chen posted a tweet in response on Friday. Don’t be surprised if market sleuths uncover more at the right time.
Sad to hear about the Webaverse theft case. After participating in the investigation team, we have high confidence that the case of theft was not caused @TrustWallet app, but the possibility of organized crime. Unfortunately, there are some private OTC scams in Europe, especially in Rome. https://t.co/KbIPjz01uB
— Eowync.eth 💙 (@EowynChen) February 6, 2023