{"id":3499,"date":"2025-06-20T08:26:11","date_gmt":"2025-06-20T08:26:11","guid":{"rendered":"https:\/\/bitunikey.com\/news\/ex-animoca-exec-loses-life-savings-in-zoom-hack-tied-to-lazarus\/"},"modified":"2025-06-20T08:26:13","modified_gmt":"2025-06-20T08:26:13","slug":"ex-animoca-exec-loses-life-savings-in-zoom-hack-tied-to-lazarus","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/ex-animoca-exec-loses-life-savings-in-zoom-hack-tied-to-lazarus\/","title":{"rendered":"Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus"},"content":{"rendered":"

<\/p>\n

\n

Ex-Animoca exec had his crypto wallets drained after downloading a fake Zoom update during a phishing attack linked to North Korean hacking group Lazarus.<\/p>\n

Mehdi Farooq, an investment partner at Hypersphere and ex-Animoca Brands exec, revealed in a post on X<\/a> on Thursday that he lost a large portion of his life savings in a Zoom hack linked to the North Korean hacking group Lazarus. <\/p>\n

The scam began when Farooq received a Telegram message from Alex Lin, a professional acquaintance. Lin asked to catch up, and Farooq shared his Calendly link to schedule a call. <\/p>\n

The next day, shortly before the meeting, Lin messaged again, asking to switch the call to Zoom Business \u201cfor compliance reasons,\u201d explaining that one of his limited partners, Kent \u2014 whom Farooq also knew \u2014 would be joining.<\/p>\n

The Zoom meeting appeared legitimate. Both participants had their cameras on, but there was no audio. In the Zoom chat, they said they were having technical issues and asked Farooq to update his Zoom client. Within minutes of installing the fake update, six of Farooq\u2019s crypto wallets were drained. <\/p>\n

It was only afterward that Farooq realized Lin\u2019s account had been hacked. The scheme was later linked to Lazarus, a North Korean state-sponsored hacking group.<\/p>\n

\n

\u201cIt was surreal and completely violating. But in the darkest moment, whitehat hackers stepped up \u2014 complete strangers offering help when I was at my lowest. Turns out I was compromised by DPRK affiliated threat know as dangrouspassword,\u201d wrote<\/a> Farooq. <\/p>\n<\/blockquote>\n

<\/p>\n

This incident echoes a recent phishing attempt targeting Manta Network co-founder Kenny Li, who narrowly avoided a similar fate. Li recounted that the attackers impersonated known contacts during a Zoom call, used fake video feeds, and insisted on a suspicious Zoom update download. Suspecting foul play, Li suggested switching communication platforms, prompting the attackers to block him and erase messages.<\/p>\n

Security analysts say that this attack vector \u2014 where hackers pose as trusted contacts, fake technical glitches, and push malware disguised as Zoom updates \u2014 is a hallmark of Lazarus operations and has been used repeatedly to steal millions in crypto. <\/p>\n

Other crypto industry leaders, including founders from Mon Protocol<\/a>, Stably<\/a>, and Devdock AI<\/a>, have reported similar phishing attempts, highlighting how widespread and targeted these attacks have become. <\/p>\n

Nick Bax from the Security Alliance broke down this scam in a March 11 X\u00a0post<\/a>.\u00a0<\/p>\n

\n
\n
\n

Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers. <\/p>\n

Fortunately, this founder realized what was going on.<\/p>\n

The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an\u2026 pic.twitter.com\/ZnW8Mtof4F<\/a><\/p>\n

\u2014 Nick Bax.eth (@bax1337) March 11, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n

<\/p><\/div>\n