Mehdi Farooq, an investment partner at venture firm Hypersphere, fell victim to a phishing attack through a fake Zoom call.
One minute I was prepping for a Zoom call. Ten minutes later, large part of my life savings were gone.
It started with a message on Telegram from Alex Lin — someone I knew. He wanted to catch up.
I shared my Calendly link.
He booked a slot for the next day.A few minutes… pic.twitter.com/xJia0HtE2j
— Mehdi Farooq (@MehdiFarooq2) June 19, 2025
According to him, the attack began with a Telegram message from his acquaintance Alex Lin. Since they had communicated before, the request for a call did not raise suspicions. Farooq shared his Calendly link, and the contact scheduled a meeting.
Just before the call, the scammer requested to switch to Zoom Business supposedly for “compliance reasons.” He also mentioned that another acquaintance of Farooq would join the conversation. This did not raise suspicions as the investor was engaged in treasury deals.
During the Zoom call, there was no sound. In the chat, Farooq was advised to update the application to fix the issue. Upon launching the “update,” his system was compromised.
“Six wallets emptied (my fault for not keeping everything under control). My laptop completely crashed. Years of savings vanished in minutes,” he wrote.
Farooq added that during the attack, the scammer continued to calmly communicate with him on Telegram, and Lin’s account had been hacked.
The entrepreneur stated that he was contacted by white-hat hackers who offered their assistance. It was revealed that the attack was orchestrated by the North Korean-linked group DangerousPassword.
In March, North Korean hackers targeted crypto entrepreneurs via Zoom. According to Nick Bax from Security Alliance, the method allowed scammers to steal “tens of millions of dollars.”
On April 14, hackers stole $100,000 from Emblem Vault’s NFT platform head Jake Gallen through the video service.
Later, Manta Network co-founder Kenny Li disclosed details of an attempted hack, allegedly organized by the North Korean hacker group Lazarus Group.