‘Just a minute ago, I was preparing for a Zoom meeting. Ten minutes later, most of my savings disappeared.’ The cryptocurrency community must stay highly alert! The incidence of using online video conferences for phishing attacks has recently surged again, particularly the attack actions initiated by North Korean hacker groups have drawn attention.
Hypersphere partner Mehdi Farooq detailed on X the incident where he had 'most of his savings' stolen. This unfortunate event highlights how hackers exploit the social networks of victims to steal cryptocurrency assets, and this disturbing threat is spreading.
Mehdi Farooq shared his experience of being scammed on the 19th:
The issue began when a friend of mine named 'Alex Lin' sent me a message on Telegram saying he wanted to chat. So I shared my Calendly link with him, and he scheduled a meeting for the next day. The next day, just a few minutes before the meeting started, he requested to switch to Zoom Business for the video conference, citing 'compliance reasons,' and mentioned that another LP named Kent would also join, whom I actually knew. Considering our company had done a lot of bond trading, and LPs would indeed be interested, I didn’t find this request strange at the time. Later I joined the Zoom video meeting but found there was no sound. However, I could see both of them, and they messaged in the chat box asking, 'Can you hear us?' I couldn’t hear anything, so they asked me to update Zoom to resolve the issue.
It was just when I was updating Zoom that the problem arose! Six wallets were stolen! My laptop was completely hacked! Years of savings just vanished in minutes. Later I found out that Alex's Telegram account had long been hacked. The worst part was that while my wallet was being stolen, the hacker was still messaging me on Telegram as if nothing had happened. He even joked, 'Let’s talk in Singapore.'
At my lowest point, I received help from a white hat hacker, who confirmed that I was attacked by the North Korean hacker group 'dangerouspassword.'
North Korean hackers use AI deepfake technology for 'phishing' during Zoom video calls.
Earlier, another X user @notaboutdollar also posted about this threat and urged everyone to be cautious of fake conversation requests, and not to let their computers be compromised. The hacking methods described by @notaboutdollar were similar to those faced by Mehdi Farooq.
Scammers will forge Zoom or Google Meet meeting links, impersonating trusted friends or even well-known figures to send you video conference requests. During the process, they will claim your microphone is broken and then ask you to execute instructions or download so-called 'fixes' (malicious updates), which effectively give them complete access to your device. Once they enter your device, they can steal everything from you, including wallets, documents, passwords, and more.
@notaboutdollar also mentioned 'other variants of such scams,' where hackers typically use real names and personal profile pictures, mainly from accounts that have been hacked on Discord or Telegram. They manipulate these accounts of people you know or trust that have already been compromised, pretending to help you resolve airdrop, staking, or security issues, or using screen-sharing traps, where they trick you into sharing your screen and opening sensitive applications or wallets.
Citing a report from iThome on the 20th about cybersecurity, it was noted that North Korean hackers are using deepfake technology to target the Web3 industry. They approach employees of cryptocurrency companies, sending messages to 'target individuals' on Telegram, enticing them to click on links disguised as Google Meet, which were created using the online meeting scheduling tool Calendly. However, when the employee clicks as instructed, they are redirected to a fake Zoom domain controlled by the attackers. When this employee joins the Zoom group meeting, multiple deepfake figures appear in the video, mimicking the company's executives and external partners, attempting to establish trust with the employee. During the process, they request the employee to download a specific Zoom extension, but this is actually a problematic script that, when executed, downloads a second stage of malicious payload.
Security experts warn that these attacks exploit people's increasing reliance on remote communication tools, especially among cryptocurrency enthusiasts who frequently conduct high-value transactions online. Hackers use social engineering and combine it with malware disguised as software updates to carry out attacks, and strict security measures should be implemented immediately:
Avoid downloading updates during calls: Never install software updates prompted during video calls unless verified through official channels.
Verify meeting invitations: Confirm the authenticity of the meeting organizer through secure, independent communication methods.
Use secure platforms: Choose web-based video conferencing (e.g., using Zoom through a browser) instead of downloadable applications to reduce the risk of malware.
Enable two-factor authentication (2FA): Protect cryptocurrency wallets with 2FA and store private keys offline.
Monitor accounts: Regularly check wallet activity for unauthorized transactions.
Is a massive 'wave of attacks' about to happen next?
Blockbeat previously reported on the leak of approximately 16 billion login credentials, which is likely to exacerbate the theft risk specifically targeting cryptocurrency users. As of the 20th, the overall market value of cryptocurrencies has reached 3.3 trillion dollars, remaining an enticing target for cybercriminals, and the losses caused by such scams may continue to rise.
As technology advances, the complexity of these phishing attacks will also multiply. In this constantly changing threat landscape, cryptocurrency investors must prioritize implementing various security measures to protect their assets. If a report is made, although law enforcement and cryptocurrency exchanges will cooperate to track down the hackers, the decentralized nature of these attacks complicates the work. It is strongly recommended to stay informed and proactively protect one’s digital wealth in the face of increasing cybercrime.
This article is reprinted with permission from: (Blockbeat)
Original title: (Most cryptocurrency savings stolen! Victim recounts being 'phished' during a video conference)
Original author: Anfi
‘Just participating in a Zoom meeting, and almost all my cryptocurrency was stolen! Victim recounts their scam experience’ was first published in ‘Crypto City’