Business Sandesh Indian Newspaper | Articles | Opinion Pieces | Research Studies | Findings & News | Sandesh News
Cybersecurity experts have issued fresh warnings about a sophisticated campaign by North Korean-linked hackers, who have stolen over **$300 million** in cryptocurrency through deceptive video calls on platforms like Zoom and Microsoft Teams.
The alerts, highlighted by MetaMask security researcher **Taylor Monahan** and the nonprofit Security Alliance (SEAL), describe an ongoing “long-con” social engineering attack primarily targeting crypto executives, developers, and high-net-worth individuals.
How the Scam Operates
The attacks often begin on Telegram, where hackers hijack accounts of trusted contacts—such as venture capitalists or conference acquaintances—to initiate conversations.
Victims receive invitations to seemingly legitimate meetings, scheduled via tools like Calendly.
During the call, pre-recorded or looped video footage impersonates known industry figures (no deepfakes involved).
Hackers fabricate technical issues, like poor audio, and send a malicious “patch” file disguised as a Zoom or SDK update.
Installing this deploys remote access trojan (RAT) malware, which steals passwords, private keys, wallet data, and even Telegram sessions—enabling chain attacks on the victim’s network.
Funds are swiftly drained, with malware exfiltrating sensitive information for further exploitation.
Scale and Attribution
Monahan estimates losses exceeding $300 million from this specific tactic alone, part of broader DPRK cyber operations that have stolen billions in crypto to fund the regime.
SEAL reports tracking multiple daily attempts, underscoring the campaign’s persistence.
These attacks mark a shift toward human-targeted social engineering, exploiting trust in professional networks rather than pure technical vulnerabilities.
Precautions for Crypto Users
Experts urge immediate vigilance:
– Treat any unsolicited meeting invite or software download request during a call as a potential attack.
– Verify contacts independently; never share private keys or install unverified files.
– If compromised, disconnect from Wi-Fi, power off the device, transfer assets to new wallets via a clean machine, reset passwords, enable 2FA, and wipe the system.
– Secure Telegram by terminating sessions and warning contacts.
This incident highlights the evolving threats in the crypto space, where blockchain security is robust but the “human element” remains exploitable. Users must prioritize caution in online interactions to safeguard assets.
