Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus

by

When Zoom Calls Turn into Financial Black Holes: A Cautionary Tale! šŸ˜±šŸ’ø

In a turn of events that could only be described as a plot twist worthy of a second-rate melodrama, an ex-Animoca executive found himself the unwitting star of a rather unfortunate episode involving a Zoom hack. Yes, dear reader, it appears that our hero, Mehdi Farooq, had his crypto wallets drained faster than you can say “phishing scam” after downloading a rather dubious Zoom update. The culprits? None other than the infamous North Korean hacking group, Lazarus. Quite the cast of characters, wouldnā€™t you agree? šŸŽ­

It all began innocently enough when Farooq received a message from a chap named Alex Lin, a professional acquaintance who, one might say, was about as trustworthy as a cat in a room full of rocking chairs. Lin suggested a catch-up, and our protagonist, ever the accommodating sort, shared his Calendly link to schedule a call. Little did he know, this was the beginning of a rather slippery slope.

Fast forward to the day of the meeting, and Lin, in a stroke of genius that would make even the most seasoned con artist proud, suggested they switch to Zoom Business ā€œfor compliance reasons.ā€ Apparently, one of his limited partners, Kentā€”who Farooq also knewā€”would be joining. How very convenient! šŸ•µļøā€ā™‚ļø

The Zoom meeting, which looked as legitimate as a three-dollar bill, had both participants with their cameras on, but curiously, there was no audio. A classic case of ā€œtechnical difficulties,ā€ they claimed, and before you could say ā€œfool me once,ā€ they had Farooq updating his Zoom client. Within minutes, six of his crypto wallets were as empty as a politicianā€™s promises. šŸ’”

ā€œIt was surreal and completely violating. But in the darkest moment, whitehat hackers stepped up ā€” complete strangers offering help when I was at my lowest. Turns out I was compromised by DPRK affiliated threat known as dangrouspassword,ā€ wrote Farooq, likely while shaking his head in disbelief.

This unfortunate incident echoes a recent close call for Manta Network co-founder Kenny Li, who narrowly dodged a similar fate. Li recounted how the attackers impersonated known contacts during a Zoom call, complete with fake video feeds and a suspicious insistence on a Zoom update. When Li suggested switching platforms, the attackers promptly blocked him and erased their messages. Talk about a disappearing act! šŸŽ©āœØ

Security analysts, those ever-watchful sentinels of the digital realm, have noted that this particular attack vectorā€”where hackers masquerade as trusted contacts, feign technical glitches, and push malware disguised as Zoom updatesā€”is a hallmark of Lazarus operations. Itā€™s like a bad sequel that just keeps getting made, stealing millions in crypto along the way.

Other crypto industry leaders, including founders from Mon Protocol, Stably, and Devdock AI, have reported similar phishing attempts, highlighting just how widespread and targeted these attacks have become. Itā€™s enough to make one reconsider the merits of digital currency altogether! šŸ’»šŸ’°

Nick Bax from the Security Alliance broke down this scam in a March 11 X post, offering a rather humorous take on the situation:

Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.

Fortunately, this founder realized what was going on.

The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s anā€¦

ā€” Nick Bax.eth (@bax1337) March 11, 2025

Read More

2025-06-20 11:22