Hackers Exploit Zoom to Steal $100,000 from Emblem Vault CEO

Jake Gallen, the head of the NFT platform Emblem Vault, reported a loss of over $100,000 in cryptocurrency due to hackers who exploited Zoom.

Working with @_SEAL_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs.

Below I will share details about that person, my experience, and this malicious software known as GOOPDATE ↓ https://t.co/xXoeSWLUXA

— jake (@jakegallen_) April 14, 2025

According to him, the incident occurred during a video call with a member of the crypto community who posed as the owner of a mining platform.

Gallen reported that the fraudsters installed the malicious software GOOPDATE on his computer. Several cryptocurrency wallets were compromised, leading to the loss of Bitcoin and Ethereum.

To analyze the attack, Gallen collaborated with The Security Alliance (SEAL). The company’s specialists determined that the group ELUSIVE COMET, which employs social engineering to install malware and steal cryptocurrency, was responsible.

Gallen stated that he joined a Zoom meeting with a crypto enthusiast boasting 26,000 followers on X. During the video call, the perpetrator used the remote access feature to install the program.

SEAL specialists tested Zoom and confirmed that by default, the platform allows guests to request remote access to a computer.

A researcher known as samczsun told Cointelegraph that for a successful attack, the perpetrator must convince the victim to manually grant such access.

Later, hackers breached Gallen’s account on X and attempted to use it to lure new victims through direct messages. They also gained access to a Ledger hardware wallet, despite Gallen having used it only a few times over three years.

SEAL experts link the ELUSIVE COMET group to Aureon Capital, which is responsible for “millions of dollars in stolen funds” and poses a significant risk to users due to its “carefully crafted backstory.”

In March, North Korean hackers targeted crypto entrepreneurs via Zoom. According to Nick Bax from Security Alliance, the method allowed fraudsters to steal “tens of millions of dollars.”