A sophisticated scam attack with #Zoom has just been revealed, with the victim being Kenny Li – co-founder of Manta Network, a Layer-2 project on Ethereum. Even more concerning: the group behind it is likely the Lazarus Group, a notorious hacker organization backed by the North Korean state. This incident is shaking the crypto community.
"Video calls with no one speaking" – the deadly Zoom trap
Kenny Li shared that he was invited to a Zoom call by someone he knew well. In the meeting, familiar faces appeared on the screen – looking completely authentic. But strangely, no one said anything, and a notification popped up requesting to download a script file to fix the audio issue.
"I could see their faces clearly, everything looked very real. But I couldn't hear anything... and they told me to download a script file. I immediately left the meeting," Kenny wrote on X.
When in doubt, he requests to switch to Google Meet. The impersonator refuses. Just a few minutes later, all messages are deleted and Kenny's account is blocked. According to security experts, this is a typical tactic of the Lazarus Group.
Attacks using deepfake, malware, and psychological manipulation
This incident is not isolated. According to the security research team at Paradigm and Google Threat Intelligence Group (GTIG), the Lazarus Group is upgrading its attack methods, combining deepfake video, malware, and social engineering skills to target founders and high-level leaders in the crypto industry.
A typical scenario is as follows:
Messages indicate there is an audio issue when calling Zoom.
Familiar faces appear, creating a sense of safety.
The victim is then asked to download an 'audio patch.'
The downloaded file is actually malware, which then controls the device or steals sensitive information.
"They exploit human psychology – when you believe you are interacting with someone familiar, you are more easily caught off guard. But once you install malware, you've lost," – Nick Bax from SEAL warns.
Many other founders are also targets
Not just Kenny Li. Giulio Xiloyannis – co-founder of the Web3 platform MON Protocol – almost became a victim as well. An #Hacker impersonating a partner in the project lured him to switch to Zoom during a meeting. But fortunately, Giulio noticed the anomaly and shared his experience on social media to warn the community.
Organized global attack campaigns
According to reports from Google and cybersecurity groups, Lazarus is just one of many branches within North Korea's state-sponsored hacker network. Other groups include:
AppleJeus – specializes in impersonating employers to install malware.
APT38 – specializes in large-scale financial theft.
TraderTraitor – impersonates developers to spread malware through npm packages, fake CVs, or programming documents.
Currently, many developers are impersonating American, British, German, and even Serbian nationalities to infiltrate Web3 development groups worldwide. This is part of an effort to raise foreign currency for the North Korean government through digital asset theft activities.
How should the crypto community respond?
According to Samczsun – a security expert at Paradigm, the Web3 industry is facing an increasing threat. Crypto businesses need to:
Use two-factor authentication (2FA).
Establish least privilege access.
Isolate work devices.
Do not download files from suspicious calls.
Proactively contact emergency support teams like SEAL 911 when encountering issues.
Contact with Binance users and the crypto market
This incident highlights the increasing danger of sophisticated scam tactics in the Web3 world. With millions of users participating in DeFi, NFT, or Layer-2 projects like Manta Network, identifying new hacker tricks is extremely important.
Users on Binance and other major platforms need to be vigilant, especially with:
Video calls from strangers or impersonating acquaintances.
Requests to download files or open external links during meetings.
Meetings where participants 'say nothing' but still appear on screen.
Binance has repeatedly warned users about the risks of sophisticated scams. As the Lazarus Group continues to change tactics, the community needs to continuously update and share warnings to protect assets together.
Risk Warning
This article aims to provide important security information in the field of cryptocurrency. However, users need to understand that:
The crypto market poses many risks, not just regarding prices but also cybersecurity. Always verify sources, be cautious with attachments, and do not share wallet information or private keys with anyone. Crypto is not suitable for everyone – think carefully before investing or participating in Web3 platforms.
