{"id":17975,"date":"2025-12-15T11:25:59","date_gmt":"2025-12-15T11:25:59","guid":{"rendered":"https:\/\/bitunikey.com\/news\/north-korean-fake-zoom-hustle-drains-300m-from-crypto-execs-wallets\/"},"modified":"2025-12-15T11:26:41","modified_gmt":"2025-12-15T11:26:41","slug":"north-korean-fake-zoom-hustle-drains-300m-from-crypto-execs-wallets","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/north-korean-fake-zoom-hustle-drains-300m-from-crypto-execs-wallets\/","title":{"rendered":"North Korean \u2018fake Zoom\u2019 hustle drains $300m from crypto execs\u2019 wallets"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">North Korean hackers hijack Telegram, stage fake Zoom calls and deploy RAT malware to drain crypto wallets in a $300m long\u2011con campaign.\u200b<\/p>\n<div id=\"cn-block-summary-block_50b8a554badc408c7f9e11c67cc33564\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Attackers hijack trusted Telegram accounts, then lure crypto executives into fake Zoom or Teams calls using spoofed calendar invites.\u200b<\/li>\n<li>Pre\u2011recorded video of known industry figures masks RAT\u2011laden \u201cpatch\u201d files that give hackers full system control and wallet access.\u200b<\/li>\n<li>The scheme forms part of North Korea\u2019s wider campaign that has stolen over $2 billion in crypto, including the record Bybit breach.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>North Korean cyber criminals have stolen over $300 million through a sophisticated social engineering campaign that impersonates trusted industry figures in fake video meetings, according to a security alert issued by MetaMask security researcher Taylor Monahan.<\/p>\n<h2 class=\"wp-block-heading\">North Korean hackers go \u2018long con\u2019<\/h2>\n<p>The scheme, described as a \u201clong con\u201d operation, targets cryptocurrency executives through compromised communication channels, Monahan stated in the alert.<\/p>\n<p>The attack begins when hackers gain control of a trusted Telegram account, typically belonging to a venture capitalist or conference contact known to the victim, according to the researcher. Attackers exploit previous chat history to establish legitimacy before directing victims to video calls on Zoom or Microsoft Teams through disguised calendar links.<\/p>\n<p>During the meeting, victims view what appears to be a live video feed of their contact. The feed is often a recycled recording from a podcast or public appearance, according to the alert.<\/p>\n<p>The <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/coinfomania.com\/crypto-hack-in-north-korea-targets-investors-via-zoom-scams\/\" target=\"_blank\">attack<\/a> culminates when the impersonator simulates a technical problem. After citing audio or video issues, the attacker instructs the victim to download a specific script or update a software development kit. The file contains malicious software, the researcher reported.<\/p>\n<p>Once installed, the malware\u2014often a Remote Access Trojan (RAT)\u2014grants attackers complete system control, according to the alert. The RAT drains cryptocurrency wallets and extracts sensitive data, including internal security protocols and Telegram session tokens, which are then used to target additional victims in the network.<\/p>\n<p>Monahan stated that the operation \u201cweaponizes professional courtesy,\u201d exploiting the psychological pressure of business meetings to induce errors in judgment. The researcher advised that any request to download software during a call should be considered an active attack signal.<\/p>\n<p>The fake meeting strategy forms part of a broader campaign by North Korean actors, who have stolen an estimated $2 billion from the cryptocurrency industry over the past year, including the Bybit breach, according to industry reports.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>North Korean hackers hijack Telegram, stage fake Zoom calls and deploy RAT malware to drain crypto wallets in a $300m long\u2011con campaign.\u200b Summary Attackers hijack trusted Telegram accounts, then lure&hellip;<\/p>\n","protected":false},"author":1,"featured_media":2659,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-17975","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=17975"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17975\/revisions"}],"predecessor-version":[{"id":17976,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/17975\/revisions\/17976"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/2659"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=17975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=17975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=17975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}