YEREVAN (CoinChapter.com) — At least three crypto founders have reported attempts by North Korean hackers to steal sensitive data using fake Zoom calls. The hackers impersonate venture capitalists (VCs) or business partners and trick victims into installing malware that can compromise their devices.
On March 11, cybersecurity expert Nick Bax from Security Alliance shared details about the scam in an X post. He explained that North Korean hackers invite victims to a video call, claim they have audio issues, and send a new Zoom link. The new link prompts the target to install a patch, which is actually malware.
“They exploit human psychology. You think you’re meeting with important VCs and rush to fix the audio, making you less cautious,” Bax said.
“Once you install the patch, you’re rekt.”
Mon Protocol Co-Founder Spots the Cyber Scam
Giulio Xiloyannis, co-founder of Mon Protocol, said hackers tried to deceive him and his head of marketing through a fake Zoom call. They proposed a partnership meeting, but at the last minute, they sent a different Zoom link that required software installation.
“The moment I saw a Gumicryptos partner speaking and a Superstate one, I realized something was off,” Xiloyannis said. The attack failed because he noticed inconsistencies in the meeting setup and recognized the scam tactic used by North Korean hackers.
Stably Co-Founder Avoids Malware Attack
David Zhang, co-founder of Stably, also encountered the fake Zoom call scam. The attackers initially joined his Google Meet link but later told him to switch to another meeting due to an internal issue. Zhang said the fake meeting site mimicked Zoom’s interface and could have prompted malware installation on a desktop device. However, he joined the call from a tablet, which may have prevented the attack.
“It probably tried to determine the OS before prompting the user to do something, but it just wasn’t built for mobile OSes,” Zhang said.
Devdock AI Founder Fears Malware Infection
Melbin Thomas, founder of Devdock AI, also experienced the scam but stopped before providing any login details. He disconnected his laptop and performed a factory reset to prevent further risks.
“I didn’t give my password while the installation was happening,” Thomas said.
“I reset my laptop but transferred my files to a hard drive. I haven’t reconnected it yet. Is it still infected?”
Lazarus Group and North Korean Crypto Hackers
Additionally, the United States, Japan, and South Korea issued a joint warning on Jan. 14 about cyber threats from North Korea. Lazarus Group, a well-known North Korean hacking organization, is linked to major cryptocurrency hacks, including the Bybit $1.4 billion hack and the $600 million Ronin Network attack. Blockchain security firm CertiK recently detected 400 Ether (ETH), worth around $750,000, being transferred to Tornado Cash, a crypto mixer often used for money laundering after crypto scams and malware attacks.