Lazarus hackers use Zoom to steal crypto wallet funds
Zoom scam drains ex-Animoca exec’s crypto funds
Mehdi Farooq, an investment partner at Hypersphere and former executive at Animoca Brands, disclosed that he lost a significant portion of his life savings in a phishing attack orchestrated by the North Korean-linked Lazarus Group.
The incident involved a fake Zoom update delivered through a convincing social engineering scheme that began on the messaging platform Telegram.
Crypto wallets drained within minutes
Farooq shared his experience on X, where he explained that the attack began when he received a message from someone posing as Alex Lin, a real professional acquaintance. Lin invited Farooq to catch up via Zoom, allegedly to include a mutual contact. The fake Zoom call appeared legitimate, with live video but no audio, and soon prompted Farooq to install an update for “technical reasons.” The installation, however, turned out to be malware.
Loading...
Moments after installing the malicious software, Farooq discovered that six of his cryptocurrency wallets had been drained. It was later confirmed that Lin’s account had been compromised and the attackers had impersonated him. The entire operation was subsequently traced to the Lazarus Group, a North Korean state-sponsored cybercrime syndicate known for targeting crypto industry professionals.
The Lazarus Group has previously been implicated in high-profile hacks, including the Ronin Network, Bybit, and Harmony Bridge exploits, draining billions in digital assets globally. Cybersecurity experts have noted that the group’s use of video conferencing tools for phishing campaigns represents a growing trend in sophisticated social engineering attacks.
Rising threats and the need for vigilance
This incident underscores the evolving tactics employed by cybercriminals, particularly those backed by nation-states. The blend of social trust and familiar platforms like Zoom raises new concerns for digital asset holders and investment professionals alike.
As cryptocurrency adoption grows, so too does the need for increased personal cybersecurity and organizational defenses. Farooq’s experience serves as a stark reminder to always verify links and never install software from unofficial sources, even during seemingly routine interactions.
We also remind you that Lazarus Group hackers use new methods to steal crypto developers data.
