Crypto VC Partner Loses Life Savings in Sophisticated Phishing Attack

Mehdi Farooq, an investment partner at Hypersphere, a crypto venture capital firm, recently disclosed that he lost a significant portion of his life savings in a targeted phishing attack orchestrated through a fake Zoom call. The attack began with a message on Telegram from Alex Lin, someone Farooq knew, who expressed a desire to catch up. Farooq shared his Calendly link with Lin, who scheduled a meeting for the next day. Minutes before the scheduled call, Lin requested to switch to Zoom Business for compliance reasons, mentioning that one of his LPs, Kent, would be joining. Given Farooq's involvement in managing treasury deals, the request did not raise suspicion.

During the scheduled Zoom call, Farooq found that there was no audio, though both participants appeared on screen. In the chat, they instructed him to update Zoom to fix the issue. Shortly after running the update, his system was compromised, resulting in the draining of six wallets and the complete compromise of his laptop. Farooq later discovered that Alex Lin’s real account had been hijacked and that the attack was linked to a North Korea-affiliated threat actor known as “dangrouspassword.”

The recent breach highlights the growing sophistication of phishing attacks targeting crypto professionals. Last month, scammers impersonating hardware wallet maker Ledger were mailing fake letters to crypto users, urging them to “validate” their wallets or risk losing access to funds. The letters contained QR codes likely leading to phishing sites. In April 2025, $330 million in Bitcoin (BTC) was stolen from an elderly individual through a phishing attack.

This incident underscores the increasing use of advanced technologies by cybercriminals to exploit vulnerabilities in online communication platforms. The attack on Farooq is part of a broader trend where cybercriminals are leveraging AI and deepfake technologies to create convincing phishing schemes. These tactics not only deceive individuals but also exploit the trust placed in familiar communication tools like Zoom. The use of AI in creating fake identities and manipulating video calls makes it difficult for victims to discern the authenticity of the interaction, leading to significant financial losses.

This incident serves as a stark reminder of the importance of vigilance and security measures in the cryptocurrency space. As the value of digital assets continues to rise, so does the attractiveness of these assets to cybercriminals. The use of multi-factor authentication, secure communication protocols, and regular security audits can help mitigate the risk of such attacks. Additionally, educating individuals about the signs of phishing attacks and the importance of verifying the identity of communication partners can provide an additional layer of protection.

The cryptocurrency community must remain proactive in addressing these evolving threats. Collaboration between industry stakeholders, including investment firms, technology providers, and regulatory bodies, is crucial in developing robust security frameworks. By sharing best practices and implementing advanced security technologies, the community can better protect its assets and maintain trust in the digital economy.