Phishing Attack in the Cryptocurrency Sector
In a troubling incident that underscores the growing dangers in the cryptocurrency sector, Mehdi Farooq, an investment partner at the venture capital firm Hypersphere, took to social media on Thursday to share his experience of losing a significant amount of his life savings due to a phishing scheme disguised as a Zoom meeting.
The Incident
The saga began when Farooq received a seemingly innocuous message on Telegram from Alex Lin, a former acquaintance who expressed a desire to reconnect. Given their past interactions, the outreach felt routine, prompting Farooq to send Lin a link to book a meeting using Calendly. The next day, moments before the planned call, Lin requested a switch to Zoom Business, citing compliance protocols and mentioning that another familiar figure, an LP named Kent, would also join the discussion. Because Farooq had been handling treasury transactions, he didn’t question the request.
Upon joining the Zoom call, Farooq encountered unexpected issues—no audio, despite both participants being visible on screen. The impersonators advised him to update Zoom for better functionality. Shortly after he complied with their instructions and initiated the update, Farooq’s computer was infiltrated. He later recounted the grim aftermath:
“Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely.”
Throughout the ordeal, the impersonator maintained communication with Farooq via Telegram, feigning normalcy and even joking about future meetups. Tragically, hackers drained his savings—accumulated over years—in mere minutes. Investigation revealed that the account belonging to Alex Lin had been compromised as well. Furthermore, Farooq noted that this cyberattack was linked to a threat actor associated with North Korea known as “dangrouspassword.”
The Broader Implication
Farooq recently joined Hypersphere, where he focuses on venture investments. His career prior to this included a three-year tenure at Animoca Brands. Attempts to reach Farooq for more details were unsuccessful before publication.
This incident highlights a troubling trend: phishing attacks are becoming increasingly sophisticated, especially within the cryptocurrency industry. Just last month, Mike Belshe, the CEO of BitGo, reported that scammers have taken to sending fraudulent letters, impersonating Ledger, a hardware wallet producer. These letters urged recipients to “validate” their wallets, presenting QR codes that directed users to phishing websites. Earlier this year, onchain investigator ZackXBT confirmed that an elderly individual fell victim to a phishing campaign that resulted in a loss of $330 million in Bitcoin.
As cybersecurity threats evolve, professionals in the crypto world must remain vigilant against such deceptive tactics to protect their assets.
