Re: Whereas, in real life . . .
Probably luring the victim to Rome, to a certain hotel, cloning his/her hotel room key, or the rfid, or bribing the cleaning lady...
Then, using old-fashioned spying micro cameras or malware, they got the images of the seed phrases necessary to make the transfer of funds to happen.
Better to have camera detectors before conducting cryptocurrency transactions, plus a fresh and clean PC / Macbook.
according to the article, Shams created the new Trust Wallet while still *at home* before the meeting using a "device that Webaverse didn't typically use"... my understanding is also that the hotel lobby was just a convenient public place to meet... Shams wasn't staying there...
the article does not say what the "device that Webaverse didn't typically use" was... that makes me wonder if the device was maybe intercepted in-transit and replaced with a modified one before Shams received it... i also wonder about possible wifi traffic interception to/from the device where the thieves recorded and decoded the traffic and/or maybe stole some session token(s)...
granted, there's not a lot of detail given which is also understandable... we (TINW) don't really want the thieves knowing that their process has been cracked before they are run down... hopefully Shams or someone with him had the wherewithal to get some video/pics and voice recordings of the people they met with...
anyway, those are my initial thoughts during 1st c0ffee of the day...