Crypto Founders Report Deluge of North Korean Fake Zoom Hacking Attempts
At least three crypto founders have reported foiling an attempt from alleged North Korean hackers to steal sensitive data through fake Zoom calls over the past few days. The scammers, known for their sophisticated tactics, used a familiar ruse to lure unsuspecting victims into installing malware on their devices.
The Method Behind the Madness
According to Nick Bax, a member of the white hat hacker group the Security Alliance, the method used by North Korean scammers had seen millions of dollars stolen from suspecting victims. The scam typically begins with a meeting offer or partnership invitation, followed by fake audio issues and a stock video of a bored venture capitalist on screen.
"It's a fake link and instructs the target to install a patch to fix their audio/video," Bax said in a March 11 X post. "Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers."
The Scammers' M.O.
According to Giulio Xiloyannis, co-founder of the blockchain gaming Mon Protocol, scammers tried to dupe him and the head of marketing with a meeting about a partnership opportunity. However, he was alerted to the ruse when, at the last minute, he was prompted to use a Zoom link that "pretends to not be able to read your audio to make you install malware."
"The moment I saw a Gumicryptos partner speaking and a Superstate one I realized something was off," Xiloyannis said.
Another Targeted Founder
David Zhang, co-founder of US venture-backed stablecoin Stably, was also targeted. He said the scammers used his Google Meet link but then made up an excuse about an internal meeting, asking him to join that meeting instead.
"The site acted like a normal Zoom call. I took the call on my tablet though, so not sure what the behavior would've been on desktop," Zhang said. "It probably tried to determine the OS before prompting the user to do something, but it just wasn’t built for mobile Oses."
A Close Call
Melbin Thomas, founder of Devdock AI, a decentralized AI platform for Web3 projects, was also hit with the scam. He said he was unsure if his tech was still at risk.
"The same thing happened to me. But I didn’t give my password while the installation was happening," Thomas said. "Disconnected my laptop and I reset to factory settings. But transferred my files to a hard drive. I have not connected the hard drive back to my laptop. Is it still infected?"
A Growing Threat
This comes after the US, Japan and South Korea on Jan. 14 issued a joint warning against the growing threat presented by cryptocurrency hackers associated with North Korean hackers.
Groups such as the Lazarus Group are prime suspects in some of the biggest cyber thefts in Web3, including the Bybit $1.4 billion hack and the $600 million Ronin network hack.
The Lazarus Group has been moving crypto assets using mixers following a string of high-profile hacks, according to blockchain security firm CertiK, which detected a deposit of 400 Ether (ETH) worth around $750,000 to the Tornado Cash mixing service.