In the world of cryptocurrency, there has been another high-profile attack: THORChain co-founder John-Paul Torbjornsen (known as JP Thor) lost about $1.3 million due to a sophisticated phishing scam involving deepfake on Zoom and a hacked Telegram account. This was reported on September 12, 2025, by analysts from PeckShield and other blockchain researchers.
The attackers, likely linked to North Korea, used a hacked Telegram account to send a fake link to a Zoom meeting with deepfake video that imitated trusted individuals. During the "meeting," JP Thor clicked on the malicious link, allowing the attackers to access his forgotten MetaMask wallet through a zero-day exploit of iCloud and keychain. The wallet contained staking assets that had not been used for years. The stolen funds include $1.03 million in Kyber Network tokens and $320 thousand in THORSwap tokens, which the attackers converted to Ethereum and sent to addresses linked to previous North Korean attacks.
THORChain and THORSwap immediately responded: the team sent an on-chain message with a reward proposal for the return of funds without legal consequences within 72 hours. The company emphasized that the THORChain protocol was not affected, and the attack only impacted a personal wallet. Blockchain detectives like ZachXBT are tracking the funds, but part of it has already been laundered through Kyber and other protocols.
This incident is part of a wave of attacks from North Korea in 2025, where over $2 billion was stolen from the crypto industry, including the Bybit hack of $1.5 billion. Experts advise using hardware wallets, avoiding suspicious links, and enabling two-factor authentication. This event highlights the risks for key figures in DeFi, despite progress in security.
#THORChain #CryptoHack #DeepfakeScam #NorthKoreaHack #BlockchainSecurity #CryptoNews #DeFi
Subscribe to #MiningUpdates for fresh news from the world of crypto and mining!
