Ex-Animoca Exec Falls Victim to North Korean Hackers in Shocking Zoom Phishing Scam

Crypto Wallets Drained After Fake Update

Hold onto your hats, folks! Mehdi Farooq, a former big shot at Animoca Brands and now an investment partner at Hypersphere, just got his crypto wallets wiped clean in a slick phishing attack that's got the fingerprints of North Korea's notorious Lazarus group all over it. Farooq spilled the beans on X, revealing how he lost a chunk of his life savings in this wild Zoom hack.

So, here's how it went down. Farooq gets a Telegram message from Alex Lin, someone he knows from the biz. Lin wants to catch up, and Farooq, being the pro he is, throws out his Calendly link to set up a call. Sounds normal, right? Wrong.

The day of the meeting, Lin hits him up again, saying they need to switch to Zoom Business for some bogus "compliance reasons." Oh, and guess what? Kent, another guy Farooq knows, is supposedly joining in. The plot thickens.

When the Zoom meeting kicks off, it looks legit. Both Lin and Kent are on camera, but there's no audio. They start chatting in the Zoom chat, saying they're having tech issues and telling Farooq to update his Zoom client. Big mistake. Within minutes of installing that fake update, six of Farooq's crypto wallets are drained dry.

It's only after the fact that Farooq realizes Lin's account was hijacked. Turns out, this whole thing was a Lazarus operation, those North Korean hackers who just won't quit.

"It was surreal and completely violating," Farooq wrote. "But in the darkest moment, whitehat hackers stepped up — complete strangers offering help when I was at my lowest. Turns out I was compromised by DPRK affiliated threat known as dangrouspassword."

A Growing Threat to Crypto Leaders

This isn't an isolated incident, folks. Manta Network co-founder Kenny Li just barely dodged a similar bullet. The attackers pulled the same trick, impersonating known contacts on a Zoom call, using fake video feeds, and pushing a shady Zoom update. Luckily, Li smelled something fishy and suggested switching platforms, causing the hackers to bail and erase their tracks.

Security gurus are sounding the alarm, saying this kind of attack is Lazarus's signature move. They pose as trusted contacts, fake tech glitches, and slip malware disguised as Zoom updates. It's a tried-and-true method that's stolen millions in crypto.

And get this — other big names in the crypto world, like founders from Mon Protocol, Stably, and Devdock AI, are reporting similar phishing attempts. These attacks are spreading like wildfire and hitting their targets with laser precision.

Nick Bax from the Security Alliance broke down this scam in a recent post. "Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers. Fortunately, this founder realized what was going on. The call starts with a few 'VCs' on the call. They send messages in the chat saying they can't hear your audio, or suggesting there's an..."

Stay sharp out there, crypto world. The hackers are coming for you, and they're not playing around.