{"id":1347,"date":"2025-12-15T07:31:37","date_gmt":"2025-12-15T07:31:37","guid":{"rendered":"https:\/\/qloudtechnologies.com\/blog\/?p=1347"},"modified":"2025-12-15T07:31:39","modified_gmt":"2025-12-15T07:31:39","slug":"north-korean-fake-zoom-scams-are-stealing-300m-in-crypto","status":"publish","type":"post","link":"https:\/\/qloudtechnologies.com\/blog\/north-korean-fake-zoom-scams-are-stealing-300m-in-crypto\/","title":{"rendered":"North Korean Fake Zoom Scams Are Stealing $300M in\u00a0Crypto"},"content":{"rendered":"\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><em>Crypto security is no longer just about strong code or secure wallets\u200a\u2014\u200ait\u2019s about how much you trust the people you talk to.<\/em><\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>A new and alarming cyber threat linked to <strong>North Korean hackers<\/strong> is rapidly spreading across the crypto ecosystem. Unlike traditional exploits that target smart contracts or blockchains, this attack targets <strong>human behavior<\/strong>. Using <strong>fake Zoom calls<\/strong>, compromised <strong>Telegram accounts<\/strong>, and realistic video recordings, attackers have already stolen <strong>over $300 million in crypto<\/strong>, according to cybersecurity researchers.<\/p>\n\n\n\n<p>This scam is no longer rare. Experts warn it is now happening <strong>daily<\/strong>, putting traders, founders, developers, and investors at serious risk.<\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udea8 North Korean Fake Zoom Crypto Scams: A Daily\u00a0Threat<\/strong><\/h2>\n\n\n\n<p>The <strong>Security Alliance (SEAL)<\/strong>, a nonprofit cybersecurity organization, reports a sharp increase in <strong>daily scam attempts<\/strong> traced back to North Korean threat actors.<\/p>\n\n\n\n<p>Security researcher <strong>Taylor Monahan<\/strong> revealed that these scams have already resulted in more than <strong>$300 million in losses<\/strong>, making them one of the most effective social-engineering attacks currently targeting crypto users.<\/p>\n\n\n\n<p>What makes this attack especially dangerous is that it doesn\u2019t rely on suspicious links or obvious phishing emails. Instead, it feels <strong>personal, familiar, and legitimate<\/strong><\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u2753 Can Fake Zoom Calls Really Steal Your\u00a0Crypto?<\/strong><\/h2>\n\n\n\n<p>Yes\u200a\u2014\u200aand that\u2019s what makes this attack so effective.<\/p>\n\n\n\n<p>The scam exploits <strong>social trust<\/strong>, not technical vulnerabilities. Victims often lower their guard because the message appears to come from someone they already know.<\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83e\udde0 How the Fake Zoom Crypto Scam\u00a0Works<\/strong><\/h2>\n\n\n\n<p>Here\u2019s how attackers typically execute the scam step by step:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1\ufe0f\u20e3 Compromised Telegram&nbsp;Accounts<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Victims receive a message from a <strong>Telegram contact they recognize<\/strong><\/li>\n\n\n\n<li>The account belongs to a real person but has been <strong>hacked<\/strong><\/li>\n\n\n\n<li>Familiarity creates instant trust<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">2\ufe0f\u20e3 The Zoom Meeting&nbsp;Invite<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The attacker suggests a quick Zoom call to \u201ccatch up\u201d<\/li>\n\n\n\n<li>A link is shared that is <strong>masked to look legitimate<\/strong><\/li>\n\n\n\n<li>On the call, victims may see:<\/li>\n\n\n\n<li>The known contact<\/li>\n\n\n\n<li>Other \u201cteam members\u201d or \u201cpartners\u201d<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>These videos are <\/em><strong><em>not AI deepfakes<\/em><\/strong><em>.<br>&nbsp;According to Monahan, they are <\/em><strong><em>real recordings<\/em><\/strong><em> taken from previous hacks or public sources like podcasts.<\/em><\/p>\n<\/blockquote>\n\n\n\n<h4 class=\"wp-block-heading\">3\ufe0f\u20e3 The Fake Technical Issue<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hackers claim there\u2019s an <strong>audio problem<\/strong><\/li>\n\n\n\n<li>They send a so-called <strong>patch or update file<\/strong><\/li>\n\n\n\n<li>Opening the file silently installs <strong>malware<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">4\ufe0f\u20e3 The Sudden&nbsp;Exit<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The call ends abruptly<\/li>\n\n\n\n<li>Attackers promise to reschedule<\/li>\n\n\n\n<li>Meanwhile, malware begins extracting:<\/li>\n\n\n\n<li>Passwords<\/li>\n\n\n\n<li>Private keys<\/li>\n\n\n\n<li>Wallet data<\/li>\n\n\n\n<li>Browser credentials<\/li>\n<\/ul>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83d\udd13 Why This Scam Is So Dangerous for Crypto\u00a0Users<\/strong><\/h2>\n\n\n\n<p>This attack bypasses many common crypto security defenses:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u274c No malicious smart contract<\/li>\n\n\n\n<li>\u274c No wallet signature request<\/li>\n\n\n\n<li>\u274c No suspicious email link<\/li>\n<\/ul>\n\n\n\n<p>Instead, it targets <strong>operational security (OpSec)<\/strong>\u200a\u2014\u200ahow users communicate and trust.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Key risks&nbsp;include:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Self-custody wallets<\/strong> becoming vulnerable once a device is infected<\/li>\n\n\n\n<li><strong>Hardware wallets<\/strong> offering limited protection if malware controls your system<\/li>\n\n\n\n<li><strong>Telegram takeovers<\/strong> turning victims into attackers without their knowledge<\/li>\n<\/ul>\n\n\n\n<p>Taylor Monahan issued a direct warning:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cIf they hack your Telegram, you need to <\/em><strong><em>tell everyone immediately<\/em><\/strong><em>.<br>&nbsp;You are about to hack your friends. Put your pride aside and <\/em><strong><em>scream about it<\/em><\/strong><em>.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\ud83d\udee1\ufe0f How to Protect Yourself From Fake Zoom Crypto\u00a0Scams<\/strong><\/h3>\n\n\n\n<p>Every crypto user should adopt these precautions:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">\u2705 Before Any&nbsp;Call<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Verify meeting links through a <strong>second communication channel<\/strong><\/li>\n\n\n\n<li>Be cautious of unexpected Zoom requests\u200a\u2014\u200aeven from known contacts<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udeab During a&nbsp;Call<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Never download:<\/li>\n\n\n\n<li>Audio fixes<\/li>\n\n\n\n<li>Zoom patches<\/li>\n\n\n\n<li>Update files shared mid-call<\/li>\n\n\n\n<li>Zoom <strong>does not require manual patch downloads<\/strong><\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd10 Strengthen Your&nbsp;OpSec<\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a <strong>dedicated device<\/strong> for crypto activity<\/li>\n\n\n\n<li>Enable <strong>2FA and passcodes<\/strong> on Telegram<\/li>\n\n\n\n<li>Regularly audit installed apps and browser extensions<\/li>\n<\/ul>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\ud83e\udd16 AI Satoshi\u2019s Analysis<\/strong><\/h2>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>The attack succeeds by exploiting social trust rather than cryptographic weakness, using compromised Telegram accounts and realistic recordings to bypass skepticism. Once malware is installed, self-custody becomes a liability if operational security fails. This highlights that secure systems still depend on secure users and devices.<\/em><\/p>\n<\/blockquote>\n\n\n\n<p><strong>See Also: <\/strong><a href=\"https:\/\/medium.com\/@casi.borg\/creator-quiet-quitting-posting-less-earning-more-through-automation-42900e18982a\" target=\"_blank\" rel=\"noreferrer noopener\">Creator Quiet Quitting: Posting Less, Earning More Through Automation | by Casi Borg | Dec, 2025 | Medium<\/a><\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\ud83d\udd0d What This Means for the Future of Crypto\u00a0Security<\/strong><\/h3>\n\n\n\n<p>This incident reinforces a critical lesson for the crypto industry:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Blockchains can be secure<\/li>\n\n\n\n<li>Cryptography can be robust<\/li>\n\n\n\n<li>But <strong>users remain the weakest link<\/strong><\/li>\n<\/ul>\n\n\n\n<p>As crypto adoption grows, attackers are shifting away from exploiting protocols and toward <strong>exploiting trust<\/strong>.<\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h4 class=\"wp-block-heading\">\ud83d\udd14 Stay Connected for Deeper Crypto&nbsp;Insights<\/h4>\n\n\n\n<p>\ud83d\udd14 <strong>Follow @casi_borg for AI-powered crypto commentary<\/strong><br>&nbsp;\ud83c\udf99\ufe0f <strong>Tune in to CASI x AI Satoshi for deeper blockchain insight<\/strong><br>&nbsp;\ud83d\udcec <strong>Stay updated:<\/strong> linktr.ee\/casi.borg<\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>\ud83d\udcac <strong>Would you recognize a scam if it came from someone you trust?<\/strong><\/p>\n\n\n\n<div style=\"height:7px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u26a0\ufe0f<\/em><strong>Disclaimer:<\/strong> This content is generated with the help of AI and intended for educational and experimental purposes only. <strong>Not financial advice.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Crypto security is no longer just about strong code or secure wallets\u200a\u2014\u200ait\u2019s about how much you trust the people you talk to. A new and alarming cyber threat linked to North Korean hackers is rapidly spreading across the crypto ecosystem. Unlike traditional exploits that target smart contracts or blockchains, this attack targets human behavior. Using [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1348,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[9,1262,4,12,1265],"class_list":["post-1347","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain","tag-blockchain","tag-crypto-scams","tag-cryptocurrency","tag-cybersecurity","tag-hacking"],"_links":{"self":[{"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/1347","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/comments?post=1347"}],"version-history":[{"count":1,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/1347\/revisions"}],"predecessor-version":[{"id":1351,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/1347\/revisions\/1351"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/media\/1348"}],"wp:attachment":[{"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/media?parent=1347"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/categories?post=1347"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qloudtechnologies.com\/blog\/wp-json\/wp\/v2\/tags?post=1347"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}