Michaela
Cybersecurity nonprofit Security Alliance (SEAL) has warned that North Korean hacking groups are carrying out multiple daily crypto scams using fake Zoom meetings, with security researcher Taylor Monahan sharing that losses now exceed $300 million.
Key Points
- North Korean hackers are carrying out multiple daily crypto scams using fake Zoom calls, causing over $300M in losses.
- The scams use real videos and trusted contacts on Telegram to manipulate victims into downloading malware.
- Security experts advise immediate device isolation, password resets, two-factor authentication, and careful account security to prevent further losses.
Monahan explained in a post on X that the scheme typically begins with a message from a Telegram account appearing to belong to someone the victim knows, creating a sense of trust. The interaction then escalates into an invitation for a Zoom call, during which victims are prompted to download malicious software that allows attackers to access passwords, private keys, and other sensitive data.
According to Monahan, attackers send a pre-call link that is disguised to appear legitimate, allowing victims to see familiar faces. She noted the videos are not deepfakes, but real recordings taken from prior hacks or public sources. Once the call starts, the attackers claim there are audio problems and share a so-called patch file, which installs malware when opened. The call is then abruptly ended under the pretense of rescheduling.
Furthermore, Monahaned that by this stage the victim’s device is already compromised, with attackers deliberately avoiding suspicious behavior to delay detection. Over time, the hackers extract cryptocurrency, harvest passwords, seize control of Telegram accounts, and in some cases gain access to company or protocol systems. The compromised accounts are then used to identify and target additional victims within the individual’s network.
Related: Crypto Exec Shoots Down New ‘Meme Coin Era is Over’ Claim as ‘Lazy and Wrong’
The security researcher advised that anyone who clicks a link during a suspicious Zoom call should immediately disconnect from Wi-Fi and power down the affected device. She recommended using a separate device to move funds to new wallets, reset all passwords, enable two-factor authentication, and fully wipe the compromised device before reuse.
Monahan also emphasized the importance of securing Telegram accounts by terminating active sessions, updating passwords, and strengthening multifactor authentication, warning that attackers often exploit compromised accounts to target contacts and expand their scams.
Related: Elon Musk’s Chatbot Grok Spreads False Claims About Bondi Beach Shooting
The rise of these “fake Zoom” scams spotlights the growing sophistication of cybercriminals in the crypto space. Experts say staying vigilant, verifying unexpected messages, and regularly updating security practices are essential steps for anyone handling digital assets. As these attacks evolve, awareness and proactive defense remain the strongest tools for protecting both personal funds and professional networks.
Frequently Asked Questions
MICHAELA
Michaela is a news writer focused on cryptocurrency and blockchain topics. She prioritizes rigorous research and accuracy to uncover interesting angles and ensure engaging reporting. A lifelong book lover, she applies her passion for reading to deeply explore the constantly evolving crypto world.
