Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus

2025/06/20 16:13

Ex-Animoca exec had his crypto wallets drained after downloading a fake Zoom update during a phishing attack linked to North Korean hacking group Lazarus.

Mehdi Farooq, an investment partner at Hypersphere and ex-Animoca Brands exec, revealed in a post on X on Thursday that he lost a large portion of his life savings in a Zoom hack linked to the North Korean hacking group Lazarus.

The scam began when Farooq received a Telegram message from Alex Lin, a professional acquaintance. Lin asked to catch up, and Farooq shared his Calendly link to schedule a call.

The next day, shortly before the meeting, Lin messaged again, asking to switch the call to Zoom Business “for compliance reasons,” explaining that one of his limited partners, Kent — whom Farooq also knew — would be joining.

The Zoom meeting appeared legitimate. Both participants had their cameras on, but there was no audio. In the Zoom chat, they said they were having technical issues and asked Farooq to update his Zoom client. Within minutes of installing the fake update, six of Farooq’s crypto wallets were drained.

It was only afterward that Farooq realized Lin’s account had been hacked. The scheme was later linked to Lazarus, a North Korean state-sponsored hacking group.

This incident echoes a recent phishing attempt targeting Manta Network co-founder Kenny Li, who narrowly avoided a similar fate. Li recounted that the attackers impersonated known contacts during a Zoom call, used fake video feeds, and insisted on a suspicious Zoom update download. Suspecting foul play, Li suggested switching communication platforms, prompting the attackers to block him and erase messages.

Security analysts say that this attack vector — where hackers pose as trusted contacts, fake technical glitches, and push malware disguised as Zoom updates — is a hallmark of Lazarus operations and has been used repeatedly to steal millions in crypto.

Other crypto industry leaders, including founders from Mon Protocol, Stably, and Devdock AI, have reported similar phishing attempts, highlighting how widespread and targeted these attacks have become.

Nick Bax from the Security Alliance broke down this scam in a March 11 X post.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

Share Insights

How are you, hacker? 🪐 What’s happening in tech today, August 19, 2025? The HackerNoon Newsletter brings the HackerNoon homepage straight to your inbox. On this day, Computer Pioneer Gordon Bell was born in 1934, Sputnik 5 launched by USSR in 1960, World’s First Geostationary Satellite was Launched in 1964, and we present you with these top quality stories. From Y Combinators Youngest Solo Founder Says Digital Identity Is The Internets Biggest Infrastructure to Building a Go Dependency Scanner From Scratch, let’s dive right in. Y Combinators Youngest Solo Founder Says Digital Identity Is The Internets Biggest Infrastructure By @johnwrites [ 6 Min read ] Y Combinators youngest solo founder Kirill Avery discusses digital identity crisis, AI bot threats, privacy concerns, and decentralized solutions. Read More. Building a Go Dependency Scanner From Scratch By @rezmoss [ 8 Min read ] Build a Go dependency scanner with the standard library: parse go.mod, query OSV for vulnerabilities, and analyze licenses. Read More. How I Cut Agentic Workflow Latency by 3-5x Without Increasing Model Costs By @rohitjacob [ 6 Min read ] Learn how to speed up and optimize agentic workflows with smart step-cutting, parallelization, caching, and model right-sizing. Read More. Can AI Save Centuries of Kurdish History? By @webfonts [ 4 Min read ] Digitizing fragile Kurdish archives with Tesseract OCR: challenges, dataset creation, and a new tool to preserve Kurdish heritage. Read More. 🧑‍💻 What happened in your world this week? It's been said that writing can help consolidate technical knowledge, establish credibility, and contribute to emerging community standards. Feeling stuck? We got you covered ⬇️⬇️⬇️ ANSWER THESE GREATEST INTERVIEW QUESTIONS OF ALL TIME We hope you enjoy this worth of free reading material. Feel free to forward this email to a nerdy friend who'll love you for it.See you on Planet Internet! With love, The HackerNoon Team ✌️

LEARN$0,01918-2,68%

MORE$0,10033-1,51%

TOP$0,000096--%

Hackernoon

2025/08/20 00:02

Ex-Animoca exec loses life savings in Zoom hack tied to Lazarus

You May Also Like

Cold Wallet Pays USDT for Referrals While Ripple Eyes $6.3 Target and Bonk Burns Trillions in Crypto Strategy

The cumulative trading volume of US spot Bitcoin ETF has exceeded the $1 trillion mark

The HackerNoon Newsletter: Can AI Save Centuries of Kurdish History? (8/19/2025)

Trending News

Cold Wallet Pays USDT for Referrals While Ripple Eyes $6.3 Target and Bonk Burns Trillions in Crypto Strategy

The cumulative trading volume of US spot Bitcoin ETF has exceeded the $1 trillion mark

The HackerNoon Newsletter: Can AI Save Centuries of Kurdish History? (8/19/2025)

SharpLink Acquires Additional 143,593 Ethereum, Expanding Holdings to $3.18 Billion

Ai&Meme Daily, a picture to understand the popular Ai&Memes in the past 24 hours (2025.5.7)