In recent days, an alarming trend has emerged within the cryptocurrency community: attempts by alleged North Korean hackers to infiltrate the operations of crypto founders through fake Zoom calls. Reports from at least three notable crypto founders illustrate how these sophisticated scams operate, emphasizing the urgent need for vigilance in the digital realm.
Nick Bax, a member of the white hat hacker group the Security Alliance, brought attention to this scheme in a post on March 11. He revealed that scammers employing a deceptive approach have successfully siphoned millions of dollars from unsuspecting victims. Typically, the fraudsters initiate contact with their target under the pretense of offering a meeting or a partnership opportunity. Once the call is in progress, they conjure false audio issues, using stock videos of uninterested venture capitalists to maintain the ruse. They then send a link to what appears to be a new call, leading victims to unwittingly download malware.
Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.
Fortunately, this founder realized what was going on.
The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an… pic.twitter.com/ZnW8Mtof4F
— Nick Bax.eth (@bax1337) March 11, 2025
Bax noted, “It’s a fake link and instructs the target to install a patch to fix their audio/video,” highlighting how such tactics exploit human psychology, pressuring individuals to act hastily during perceived meetings with prestigious investors.
The seriousness of this threat was echoed by several other crypto founders who shared their experiences with the scam. Giulio Xiloyannis, co-founder of Mon Protocol, recounted how he was approached for a partnership meeting but recognized the scam just before being prompted to utilize an untrustworthy Zoom link. His familiarity with the parties involved clued him in, as he noted the unusual names of participants that didn’t align with the scheduled attendees.
A similar experience was shared by David Zhang, co-founder of the stablecoin Stably, who described how the perpetrators used a Google Meet link but diverted him to a fraudulent internal meeting. While he engaged with the call on a tablet, he speculated about the potential for more sophisticated techniques targeting desktop users.
Melbin Thomas, the founder of Devdock AI, expressed lingering concerns regarding his system’s security after encountering the scam. Despite taking precautionary measures like disconnecting his laptop and resetting it to factory settings, he remained unsure about the safety of his transferred files.
This incident is part of a broader surge in cybercrime associated with cryptocurrency, as reflected in a joint warning issued on January 14 by the US, Japan, and South Korea regarding the rising threat posed by North Korean hackers. Organizations like the notorious Lazarus Group are implicated in some of the most significant cyber thefts within the crypto space, including high-profile hacks such as the Bybit and Ronin network breaches.
As such threats continue to evolve, it is crucial for individuals and businesses in the crypto sector to remain informed and proactive about their cybersecurity measures. Awareness of the tactics employed by these cybercriminals is the first step toward safeguarding sensitive information and assets.
