North Korean Hackers Exploit Zoom to Target Crypto Entrepreneurs

North Korean hackers are orchestrating fake Zoom calls with crypto project founders, posing as venture capitalists, to steal confidential information.

Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.

Fortunately, this founder realized what was going on.

The call starts with a few “VCs” on the call. They send messages in the chat saying they can’t hear your audio, or suggesting there’s an… pic.twitter.com/ZnW8Mtof4F

— Nick Bax.eth (@bax1337) March 11, 2025

According to Nick Bax from Security Alliance, this method has allowed scammers to steal “tens of millions of dollars.”

Scammers initiate contact with offers of funding or partnerships. Once the call begins, messages about audio issues appear in the chat, while the victim typically sees a “venture capitalist” waiting to communicate.

The fraudsters provide a link to another Zoom conference, where they suggest installing a patch to fix the issue.

“They exploit human psychology—you think you’re meeting important venture capitalists and rush to fix the audio, which makes you less cautious than usual. Once you install the file, you’re defeated,” explained the expert.

Upon realizing the mistake, one should immediately disconnect the device from the internet, turn it off, and consult specialists, advised Bax.

Co-founder of the gaming Web3 protocol Mon Protocol, Giulio Xiloyannis, confirmed that scammers attempted to deceive him and the head of marketing in this manner. Hackers disguised the interlocutor as the CEO of Story Protocol, who immediately reported audio issues.

Xiloyannis was asked to follow a new Zoom link and offered to run a fix.

“The moment I saw partners from Gumicryptos and Superstate talking, I knew something was wrong,” the entrepreneur recounted.

Co-founder and CTO of the Stably project, David Zhang, commented on a similar situation: 

“Another day, another North Korean scammer.”

Another day another North Korean scammer
This time using the same “fake Zoom” scam that’s been popular recently
I’ll detail what happened to me in this ? pic.twitter.com/X5UZAKJjR0

— David Zhang (▲) (@dazhengzhang) March 12, 2025

He took the call on a tablet, and the scammers’ tools, including the “fake Zoom,” apparently were not adapted for mobile OS. As a result, the scammers got confused and ended the communication.

Zhang admitted he is unsure how it would have ended had he been on a computer.

Founder of the Devdock AI platform, Melbin Thomas, suggested he might have suffered from the hackers’ actions.

The same thing happened to me. But didnt give my password while the install was happening.
Disconnecte my laptop and I reset to factory settings. But transferred my files to a hard drive. I have not connected the hard drive back to my laptop. Is it still infected? @_SEAL_Org

— Melbin (melbin.eth) (@melbint04) March 12, 2025

“The same thing happened to me. But I didn’t give my password while the installation was happening,” he wrote in response to Bax’s post.

Thomas turned off his laptop and reset it to factory settings. He immediately transferred his files to an external hard drive, but this did not provide full assurance that the virus was not activated.

Earlier, hackers from the North Korean group Lazarus Group launched a new vector of attacks on cryptocurrencies via the GitHub platform for developers.