TL;DR
- Kenny Li, co-founder of Manta Network, revealed an elaborate phishing attempt executed through a fake Zoom call.
- The attackers, linked to North Korea’s Lazarus Group, used video footage of his real team to gain trust.
- Li recognized the warning signs and exited the call just in time, urging the crypto community to remain vigilant against these evolving threats.
On April 17, Kenny Li, co-founder of Manta Network, shared on X a chilling account of a phishing attack that nearly compromised his digital security. The scam unfolded via a Zoom call that appeared to involve genuine colleagues. While the visuals seemed disturbingly real, the lack of audio and a strange prompt to download a script file raised red flags. Li quickly exited the call and contacted the supposed colleague via Telegram. The person then deleted the chat and blocked him, confirming the deception.
Increasingly Sophisticated and Targeted Attacks
The attack bore all the hallmarks of the Lazarus Group, a hacker collective tied to the North Korean regime known for its high-profile exploits in the crypto space. Unlike conventional scams, this one preyed on the exhaustion and trust habits of leaders in the blockchain world. Li suspects that the attackers used previously recorded footage from actual Zoom meetings instead of AI-generated deepfakes, making the deception harder to spot. His proposal to switch the call to Google Meet was ignored, an evasive behavior seen in similar incidents reported by others.
Advanced Tech and Social Engineering Tactics
Some in the crypto community believe that in other cases, deepfake technology may have been used to create the illusion of authenticity. The Lazarus Group is no stranger to using cutting-edge tools and social engineering to penetrate systems. Earlier this year, they were linked to the Bybit hack, where instead of attacking the exchange directly, they exploited its custody partner. A similar method was used in the $235 million WazirX breach, showcasing the group’s ability to adapt.
Other professionals in the field have shared nearly identical experiences. A member of “ContributionDAO” reported being urged to install a “custom” version of Zoom, while crypto researcher “Meekdonald” noted that a colleague actually fell for a similar scheme. These accounts confirm that hackers are refining their psychological tactics and leveraging real identities to infiltrate even the most secure environments. Despite the danger, the crypto community can transform these threats into opportunities to strengthen its security protocols. Far from being a reason to distrust the sector, these episodes underscore the urgent need to educate, share alerts, and promote more secure decentralized tools.
