In recent days, at least three founders in the cryptocurrency space have reported thwarting an attempt by suspected North Korean hackers to steal confidential information through counterfeit Zoom calls.
Nick Bax, a member of the ethical hacker collective known as the Security Alliance, revealed on March 11 that the tactics employed by these North Korean scammers have resulted in millions of dollars being swindled from unsuspecting victims.
Typically, these fraudsters initiate contact by proposing a meeting or partnership. However, once the call begins, they create a false narrative about audio issues while displaying a stock video of an uninterested venture capitalist. They then direct the victim to a malicious link for a new call, as outlined by Bax.
“If you’re experiencing audio issues during your Zoom call, it’s likely not an actual VC on the line; it’s North Korean hackers,” he stated.
“Luckily, this particular founder caught on to the deceit.”
The call usually features several so-called ‘VCs’ who chat saying they can’t hear properly or mention issues with the audio.
Bax added, “It’s a deceptive link that instructs the target to install a patch to resolve the audio/video problems.”
“They manipulate human psychology; you believe you’re conversing with important VCs, which leads to you hastily fixing the audio and becoming less vigilant. Once you install the patch, you’re compromised.”
This warning prompted various crypto founders to share their encounters with the scam.
Giulio Xiloyannis, co-founder of the blockchain gaming platform Mon Protocol, noted that scammers attempted to mislead both him and his marketing head with an invitation for a discussion about a potential partnership. However, he became suspicious when he was unexpectedly asked to use a Zoom link that “falsely claimed it couldn’t access your audio to instigate malware installation.”
“The moment I spotted a representative from Gumicryptos and another from Superstate, I realized something was amiss,” he commented.
Source: Giulio Xiloyannis
David Zhang, co-founder of Stably, a US venture-backed stablecoin, was also a target. He reported that the scammers used his Google Meet link but invented an excuse about an internal meeting, persuading him to join that instead.
“The site mimicked a normal Zoom call. I joined from my tablet, so I can’t speak to how it would have functioned on a desktop,” Zhang said.
“It likely attempted to assess the operating system before urging the user to take action, but it appeared not to be optimized for mobile systems.”
Source: David Zhang
Melbin Thomas, the founder of Devdock AI, which focuses on decentralized AI solutions for Web3 projects, disclosed that he too fell victim to the scam and was left questioning whether his technology was still in danger.
“I experienced the same scenario. Fortunately, I didn’t share my password during the installation process,” he explained. “I disconnected my laptop and restored it to factory settings. I transferred my files to an external hard drive but have not reconnected it to my laptop. Is it still compromised?”
This development follows a joint warning issued by the US, Japan, and South Korea on January 14 about the escalating threat posed by cryptocurrency hackers linked to North Korea.
Groups like the Lazarus Group are considered primary suspects in some of the largest cyber thefts within the Web3 space, including the $1.4 billion heist at Bybit and the $600 million breach of the Ronin network.
The Lazarus Group has been observed moving cryptocurrency assets using mixers after a series of prominent hacks, according to blockchain security firm CertiK, which noted a deposit of 400 Ether (ETH), valued at approximately $750,000, into the Tornado Cash mixer service.