Source: Cointelegraph.com NewsAt least three crypto founders have reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls over the past few days.\u00a0
\nNick Bax, a member of the white hat hacker group the Security Alliance, said in a March 11 X post the method used by North Korean scammers had seen millions of dollars stolen from suspecting victims.\u00a0
\nGenerally, the scammers will contact a target with a meeting offer or partnership, but once the call starts, they send a message feigning audio issues while a stock video of a bored venture capitalist is on the screen; they then send a link to a new call, according to Bax.\u00a0<\/p>\n
Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers. Fortunately, this founder realized what was going on.The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an\u2026 pic.twitter.com\/ZnW8Mtof4F\u2014 Nick Bax.eth (@bax1337) March 11, 2025<\/p>\n
\u201cIt\u2019s a fake link and instructs the target to install a patch to fix their audio\/video,\u201d Bax said.\u00a0 Source: Cointelegraph.com NewsAt least three crypto founders have reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls over the past few days.\u00a0… <\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"_links":{"self":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124965"}],"collection":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=124965"}],"version-history":[{"count":0,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=\/wp\/v2\/posts\/124965\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=124965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=124965"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptospotters.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=124965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\u201cThey exploit human psychology, you think you\u2019re meeting with important VCs and rush to fix the audio, causing you to be less careful than you usually are. Once you install the patch, you\u2019re rekt.\u201d\u00a0
\nThe post prompted several crypto founders to detail their experiences with the scam.
\nGiulio Xiloyannis, co-founder of the blockchain gaming Mon Protocol, said scammers tried to dupe him and the head of marketing with a meeting about a partnership opportunity.\u00a0\u00a0
\nHowever, he was alerted to the ruse when, at the last minute, he was prompted to use a Zoom link that \u201cpretends to not be able to read your audio to make you install malware.\u201d
\n\u201cThe moment I saw a Gumicryptos partner speaking and a Superstate one I realized something was off,\u201d he said.\u00a0
\nSource: Giulio XiloyannisDavid Zhang, co-founder of US venture-backed stablecoin Stably, was also targeted. He said the scammers used his Google Meet link but then made up an excuse about an internal meeting, asking him to join that meeting instead.
\n\u201cThe site acted like a normal Zoom call. I took the call on my tablet though, so not sure what the behavior would\u2019ve been on desktop,\u201d Zhang said.\u00a0
\n\u201cIt probably tried to determine the OS before prompting the user to do something, but it just wasn\u2019t built for mobile Oses.\u201d\u00a0
\nSource: David ZhangMelbin Thomas, founder of Devdock AI, a decentralized AI platform for Web3 projects, said he was also hit with the scam and was unsure if his tech was still at risk.\u00a0\u00a0
\n\u201cThe same thing happened to me. But I didn\u2019t give my password while the installation was happening,\u201d he said.\u00a0
\n\u201cDisconnected my laptop and I reset to factory settings. But transferred my files to a hard drive. I have not connected the hard drive back to my laptop. Is it still infected?\u201d\u00a0
\nRelated: Fake Zoom malware steals crypto while it\u2019s \u2018stuck\u2019 loading, user warns
\nThis comes after the US, Japan and South Korea on Jan. 14 issued a joint warning against the growing threat presented by cryptocurrency hackers associated with North Korean hackers.\u00a0
\nGroups such as the Lazarus Group are prime suspects in some of the biggest cyber thefts in Web3, including the Bybit $1.4 billion hack and the $600 million Ronin network hack.
\nThe Lazarus Group has been moving crypto assets using mixers following a string of high-profile hacks, according to blockchain security firm CertiK, which detected a deposit of 400 Ether (ETH) worth around $750,000 to the Tornado Cash mixing service.\u00a0
\nMagazine: Lazarus Group\u2019s favorite exploit revealed \u2014 Crypto hacks analysisRead More<\/a><\/p>","protected":false},"excerpt":{"rendered":"