Crypto Investor Loses Savings in Sophisticated Phishing Attack

Mehdi Farooq, an investment partner at Hypersphere, a venture capital firm focused on cryptocurrency, revealed on Thursday that he had fallen victim to a targeted phishing attack orchestrated through a fake Zoom call, resulting in the loss of a significant portion of his life savings. The attack began with a message on Telegram from someone Farooq knew, Alex Lin, who expressed a desire to catch up. Farooq shared his Calendly link with Lin, who then scheduled a meeting for the next day.

Minutes before the scheduled call, Lin requested to switch to Zoom Business for compliance reasons, mentioning that another familiar individual, Kent, would be joining. Given Farooq's involvement in managing treasury deals, the request did not raise any suspicion. However, during the call, Farooq found that there was no audio, and the participants instructed him to update Zoom to fix the issue. Shortly after running the update, his system was compromised, leading to the draining of six wallets and the complete compromise of his laptop.

Throughout the attack, the impersonator continued to chat on Telegram as if nothing was wrong, even joking about catching up later. The hackers eventually drained years of savings in minutes. Farooq later discovered that Alex Lin’s real account had been hijacked and that the attack was linked to a North Korea-affiliated threat actor known as “dangrouspassword.”

This incident highlights the growing sophistication of phishing attacks targeting crypto professionals. Earlier this year, scammers impersonating hardware wallet maker Ledger mailed fake letters to crypto users, urging them to validate their wallets or risk losing access to funds. The letters contained QR codes likely leading to phishing sites. In April 2025, $330 million in Bitcoin (BTC) was stolen from an elderly individual through a phishing attack.

The use of AI and deepfake technology in these scams has become increasingly prevalent, making it difficult for even seasoned professionals to discern genuine communications from fraudulent ones. The incident involving Mehdi Farooq underscores the need for enhanced security measures and heightened vigilance within the industry. The use of multi-factor authentication, regular security audits, and employee training on recognizing phishing attempts are essential steps in mitigating these risks.