North Korean Hackers Target Crypto Founders with Fake Zoom Attacks
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
A recent report revealed that at least three crypto founders have blocked hacking attempts linked to North Korean attackers using fake Zoom calls. The hackers pose as legitimate contacts and trick victims into downloading malware, which secretly takes control of their computers and grants access to sensitive data.
Experts Reveal How Zoom Call Attacks Exploit Human Psychology
In an X post on March 11, Nick Bax, a member of the white hat hacker group Security Alliance, explained how these hackers manipulate human psychology to carry out crypto fraud.
Having audio issues on your Zoom call? That's not a VC, it's North Korean hackers.
Fortunately, this founder realized what was going on.
The call starts with a few "VCs" on the call. They send messages in the chat saying they can't hear your audio, or suggesting there's an… pic.twitter.com/ZnW8Mtof4F
— Nick Bax.eth (@bax1337) March 11, 2025
He shared a video showing a crypto founder in a Zoom call with what appeared to be venture capitalists (VCs), also known as investors who provide funding to startups and emerging companies, including crypto projects.
The call usually begins with multiple participants seemingly engaged in a discussion. Then, the attackers introduce an audio issue; some claim they can’t hear the target, while others insist there’s a problem on the victim’s end.
They play a stock video of a VC looking disengaged to maintain the illusion. If the target believes the issue and follows their instructions, they are directed to a different Zoom room via a fake link.
They are then asked to install a supposed software patch to fix the audio problem. In reality, this patch is malware, giving the North Korean hackers full access to the victim’s system.
The psychological trick is simple: when faced with an important meeting, victims are eager to resolve technical issues quickly, letting their guard down in the process.
Crypto Founders Share Their Experiences with Zoom Call Attacks
Bax post also revealed that this threat group has stolen tens of millions through crypto fraud, inspiring other cybercriminals to copy their tactics. His post led several crypto founders to share similar experiences.
David Zhang, co-founder of US venture-backed stablecoin Stably, recounted how he was added to a chat with a fake Joan, who posed as the CEO of Openfort. The scammer scheduled a meeting through Zhang’s Google Meet link but later claimed to have an internal meeting conflict.
They then tried to move him to a different meeting platform, using the same fake audio trick, a tactic commonly employed by North Korean hackers.
Another day another North Korean scammer
This time using the same "fake Zoom" scam that's been popular recently
I'll detail what happened to me in this 🧵 pic.twitter.com/X5UZAKJjR0— David Zhang (▲) (@dazhengzhang) March 12, 2025
Giulio Xiloyannis, co-founder of the blockchain gaming company Mon Protocol, described a similar attempt. Scammers approached him and his head of marketing under the pretense of discussing a partnership.
Right before the meeting, they insisted on switching to a Zoom link that simulated an audio failure, attempting to get him to install malware.
This happened to me and @NFTVai today. The project lead was disguised as a Story Protocol project (https://t.co/jfQ2VunSmd) for IP usage and rev sharing (very good fit with @Pixelmon business model and my past investments), at the last minute they asked us to use a ZOOM link and… https://t.co/SVQHxC1kaU pic.twitter.com/LxINrif6Zk
— GiulioX🐉 $MON (@GiulioXdotEth) March 12, 2025
Christoph, co-founder of the blockchain platform Etherisc, reported an identical scam. The attackers sent him a deceptive Zoom link—”zoom.us5web[.]us/*****”—designed to look similar to a real Zoom domain, tricking unsuspecting users.
He questioned why Zoom hadn’t secured these easily misused domains to prevent such attacks, considering the growing threat from North Korean hackers.
Melbin Thomas, founder of Devdock AI, fell for the attack. Believing the audio issue was real, he clicked the malicious link and unknowingly installed the malware. Fortunately, he didn’t enter his password during installation, which may have prevented further damage.
The same thing happened to me. But didnt give my password while the install was happening.
Disconnecte my laptop and I reset to factory settings. But transferred my files to a hard drive. I have not connected the hard drive back to my laptop. Is it still infected? @_SEAL_Org— Melbin (melbin.eth) (@melbint04) March 12, 2025
Crypto fraud is already rampant in 2025. In February, cybersecurity firm Kaspersky exposed hackers using fake GitHub projects to steal cryptocurrency.
Around the same time, Bybit reported a $1.4 billion exploit linked to North Korea’s Lazarus Group.
With hackers now refining their tactics through Zoom calls, crypto founders and industry professionals must stay vigilant, verify links, and remain cautious.
