Headline: North Korean-backed scammers use fake Zoom calls and compromised Telegram accounts to steal crypto — $300M lost so far, researchers warn Security nonprofit Security Alliance (SEAL) says North Korean-affiliated threat actors are now attempting multiple fraudulent Zoom calls against crypto users each day — and the trick is simple, highly targeted, and devastatingly effective. What’s happening - Attackers first take over a victim’s Telegram account and message the victim from a familiar contact, which immediately lowers suspicion. The conversation is steered toward a “catch up” over Zoom. - Before the call, the attackers share a link that’s masked to look legitimate. During the session the victim sees a video of the supposed contact (Monahan says these are real recordings taken from the victims’ hacked accounts or public sources such as podcasts — not deepfakes). - At some point in the call the scammers pretend to have audio problems and send a “patch” file. If the target opens it, their device is infected with malware that can harvest sensitive data — passwords, private keys and other secrets. - The attackers often end the call abruptly, claiming they’ll reschedule, leaving the victim unaware they’ve been compromised. Scale and impact Security researcher Taylor Monahan warns this technique has already netted attackers more than $300 million in stolen crypto. SEAL says the group is now running multiple attempts per day, targeting contact lists harvested from hijacked Telegram accounts. Immediate steps if you clicked a suspicious link or opened a file Monahan recommends these emergency actions: 1. Immediately disconnect the affected device from Wi‑Fi and power it off. 2. From a separate clean device, move any funds to new, secure wallets. 3. Change all passwords and enable two‑factor authentication (2FA) everywhere you can. 4. Perform a full memory/storage wipe and reimage the infected device before reusing it. How to protect your Telegram account - Open Telegram on your phone, go to Settings → Devices, terminate all other sessions. - Change your Telegram password and enable or update multifactor authentication. Monahan stresses this is critical because attackers are using compromised Telegram accounts and the stored contact lists to find new victims. Practical prevention tips for crypto users - Never download or run files sent during a video call, even from contacts — verify via a separate channel first. - Use hardware wallets and keep private keys offline where possible. - Keep devices and software patched, and use strong, unique passwords with 2FA. - Treat unexpected messages from known contacts with caution if they contain links or file attachments. Why it matters These scams combine social engineering (trusted contacts, real video) with malware distribution to bypass basic suspicion. For crypto holders, the results are often irreversible: once private keys are stolen, funds can disappear instantly. SEAL’s warning underscores that attackers are evolving their tactics and using compromised messaging apps as a force multiplier. For more on evolving on‑chain threats and DeFi security, subscribe to our newsletter for weekly analysis and practical defense tips. Read more AI-generated news on: undefined/news
North Korea-linked Scammers Siphon $300M in Crypto Via Fake Zoom Calls, Hacked Telegram
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
