Crypto theft via wallet balance photo is (probably) impossible

The story sounds like something straight out of a crime thriller. Ahad Shams, a co-founder of Webaverse and no novice to the world of IT, believes that a photo taken by a scammer led to the theft of his crypto wallet funds.

The perpetrator posed as an investor in a Web3 company and insisted on a face-to-face meeting in Rome. He demanded proof that Webaverse had funds to develop the project and asked that they be transferred to a Trust Wallet, which he claimed he knew how to use. Shams agreed, but took precautions by creating a new Trust Wallet on a separate device that had never interacted with the fake investor.

Over dinner, Shams transferred $4 million in USDC to the scammer, who then asked him to take a photo of the wallet's balance. Although Shams was surprised, he agreed, as the seed phrase wasn't visible on the screen. The scammers then excused themselves and disappeared, and shortly thereafter, the funds from Shams' Trust Wallet were withdrawn. 

Upon discovering the incident, Shams reported it to Rome police and the FBI.

Representatives from Trust Wallet responded quickly, stating that it's not possible to steal a user's funds with a photo alone. They believe that Italian mafia scammers duped Shams, as they had previously committed thefts from various crypto wallets. A crucial detail is that before the theft, the scammers sent Shams a pdf file containing NDA and likely fake KYC information that contained malicious software enabling them to take funds from Trust Wallet.

The stolen USDC was laundered very carefully, with the scammers splitting the stablecoins into six transactions and sending them to six previously unused addresses. Nearly all the USDC was converted into Ethereum, Wrapped Bitcoin, and Tether. The stolen crypto was then transferred through another 14 addresses before finally being redirected to four new ones.

Despite Trust Wallet's explanations, the crypto community continues to be baffled. 

Firstly, Shams found mention of the same type of scam from two years ago. This was when NFT entrepreneur Jacob Riglin, founder of Dream Lab, reported that he had $90,000 in crypto stolen from him. The scammers also asked Riglin to take a photo of his balance to verify that he had funds. 

Secondly, if the scam involves malicious software, why did the scammers insist on a face-to-face meeting? Moreover, Shams claims he did not install the scammers' pdf file on the phone with the wallet. 

Thirdly, let's examine the theory of Ouriel Ohayon, the CEO of the crypto wallet ZenGo. He tested the plausibility of accessing the seed phrase in an open wallet without any additional security checks (such as a PIN or biometrics). The results confirmed that it is, in fact, possible. It only takes a few seconds to access the settings and password.