North Korean Hackers Target Crypto Founders with Fake Zoom Scams

Crypto founders have recently reported a surge in fake ZoomZM-- hacking attempts, allegedly orchestrated by North Korean hackers. These attempts involve sophisticated social engineering tactics designed to steal sensitive data from unsuspecting victims. The scam typically begins with an invitation to a Zoom meeting or partnership discussion. Once the call starts, the scammers feign audio issues and display a stock video of a bored venture capitalist. They then send a link to a new call, instructing the target to install a patch to fix their audio or video. This patch is actually malware designed to exploit human psychology, making the victim less cautious and more likely to install the malicious software.

Nick Bax, a member of the white hat hacker group the Security Alliance, highlighted the method used by these scammers, which has resulted in millions of dollars being stolen from victims. Bax detailed the process on a social media post, where he explained how the scammers exploit the trust and urgency felt by the target during the fake meeting. Several crypto founders have come forward to share their experiences with this scam, providing insights into how the hackers operate.

Giulio Xiloyannis, co-founder of the blockchain gaming Mon Protocol, recounted an attempt by scammers to dupe him and his marketing head with a fake partnership meeting. He was alerted to the ruse when he was prompted to use a Zoom link that claimed to have audio issues, aiming to make him install malware. Xiloyannis noticed inconsistencies in the participants, which raised his suspicions and prevented him from falling victim to the scam.

David Zhang, co-founder of a US venture-backed stablecoin, was also targeted. The scammers used his GoogleGOOGL-- Meet link but then made up an excuse about an internal meeting, asking him to join a different call. Zhang noted that the site acted like a normal Zoom call but was unsure of the behavior on a desktop. He mentioned that the scam was not built for mobile operating systems, which likely saved him from being compromised.

Melbin Thomas, founder of Devdock AI, a decentralized AI platform for Web3 projects, also fell victim to the scam. He was unsure if his technology was still at risk after the incident. Thomas mentioned that he disconnected his laptop and reset it to factory settings but transferred his files to a hard drive, which he has not reconnected to his laptop. This precautionary measure was taken to ensure that his data remained secure.

These incidents highlight the growing threat posed by North Korean hackers in the crypto space. The Lazarus Group, a notorious hacking collective, is suspected to be behind some of the biggest cyber thefts in Web3, including the Bybit $1.4 billion hack and the $600 million Ronin network hack. The group has been known to use mixers to move crypto assets following high-profile hacks, making it difficult to trace the stolen funds. This latest wave of fake Zoom hacking attempts underscores the need for increased vigilance and security measures within the crypto community to protect against such sophisticated attacks.