Crypto Firms Face Daily ‘Fake Zoom’ Attacks Linked To North Korea, Experts Say

bitcoinistPublicado a 2025-12-16Actualizado a 2025-12-16

North Korean-linked hackers are using fake Zoom calls to drain crypto wallets in what security researchers say has become a near-daily threat to the cryptocurrency community. According to multiple security reports, the campaign has already netted roughly $300 million in stolen funds and shows few signs of slowing.

Fake Zoom Meetings Used To Drain Wallets

According to Security Alliance (SEAL) and other researchers, attackers first contact targets through messaging apps such as Telegram. They then invite victims to a video call that looks legitimate.

During the call, the impostors claim there is a problem with sound or video and offer a “fix” — a file or a link that appears to be an official update. When the victim runs the file, malware installs and begins stealing credentials, browser data, and crypto keys.

Several attacks are reported every day, and many follow the same pattern. Researchers say these staged calls let attackers bypass normal caution because people tend to trust someone they see on camera.

NimDoor, Other Malware Strains Target macOS And Wallets

Based on reports, one strain tied to these schemes is NimDoor, a macOS backdoor that can harvest keychain items, browser-stored passwords, and messaging data.

Security teams link NimDoor and related tools to BlueNoroff, a group connected to the Lazarus Group network. BlueNoroff has a long record of attacking crypto firms and exchanges.

Once the malware is in place, wallets have been emptied within minutes. Victims often discover the theft only after seeing outgoing transactions on the blockchain.

Total crypto market cap currently at $2.93 trillion. Chart: TradingView

Deepfakes And Calendar Invites Make Scams More Convincing

Researchers warn that attackers are not simply using fake names. They are also deploying AI-assisted deepfake video and voice tools to impersonate executives or known contacts.

Attackers sometimes send calendar invites that look like genuine meeting requests from platforms such as Calendly, directing targets to attacker-controlled Zoom links.

The level of social engineering makes the calls seem urgent and official, which reduces the time victims take to question what they are being asked to install.

Attackers Target Individuals And Small Firms Alike

Reports have disclosed that victims include individual traders, startup employees, and small teams at crypto companies. Losses are concentrated but widespread, with estimates around $300,000,000.

Some victims have lost funds tied to browser wallets and hot wallets; others had recovery phrases captured and used to drain accounts.

Security teams urge quick action when a suspicious update is offered during a remote session: They warn not to run it, verify separately, and treat unsolicited meeting fixes as high risk.

Featured image from Unsplash, chart from TradingView

Lecturas Relacionadas

Five Counterparty Risk Architectures: A Settlement-Layer Methodology for Classifying TradFi Models in Crypto Exchanges

**Summary:** This companion piece reframes the five TradFi-on-crypto exchange architectures, previously classified by "architectural fingerprint," through the lens of counterparty risk. The core question is: whose balance sheet bears the loss first in a stress scenario, and has it historically done so? Each of the five models corresponds to a distinct risk holder with its own documented failure modes. * **Model 1 (Stablecoin-Settled CEX Perpetuals):** Risk is held by the stablecoin issuer (e.g., reserve composition, bank connectivity) and the CEX's own book. History includes Tether's banking disconnections (2017) and reserve misrepresentations (CFTC 2021 Order). * **Model 2 (CFD Brokers):** Risk resides on the broker's balance sheet (B-book model). Regulatory differences (e.g., ESMA's mandatory negative balance protection vs. Mauritius FSC's lack thereof) define loss allocation rules, as seen in the 2015 SNB event (Alpari UK insolvency). * **Model 3 (Off-Chain Custody & Transfer Agent Chain):** Risk lies with the off-chain custodian/platform. User asset recovery depends on Terms of Use and corporate structure, exemplified by the Celsius bankruptcy ruling (2023) where Earn Account assets were deemed property of the estate. * **Model 4 (DEX Perpetual Protocols):** No single balance sheet bears risk. Loss absorption relies on a protocol's insurance fund and Auto-Deleveraging (ADL) mechanism, as demonstrated in the GMX V1 (2022) and dYdX v3 YFI (2023) incidents. * **Model 5 (Regulated CCP - DCM-DCO-FCM):** The most institutionalized model concentrates risk in the Central Counterparty (CCP). However, history shows CCPs can employ non-standard tools under extreme stress, such as mass trade cancellation (LME Nickel, 2022) or enabling negative price settlements (CME WTI, 2020). The report argues that regulatory choices and counterparty risk structures are co-extensive, not in an upstream-downstream relationship. It concludes with five separate observation checklists (not predictions) for monitoring the structural vulnerabilities of each risk model.

marsbitHace 15 min(s)

Five Counterparty Risk Architectures: A Settlement-Layer Methodology for Classifying TradFi Models in Crypto Exchanges

marsbitHace 15 min(s)

White House Crypto Advisor Fires Back At Bank CEOs In Stablecoin Rewards Clash

As a key crypto market structure bill nears a markup, the White House's top crypto advisor has criticized bank CEOs for reigniting a debate over stablecoin rewards. This follows a letter from American Bankers Association CEO Rob Nichols urging bank executives to pressure lawmakers to revise the CLARITY Act, claiming its current language inadequately prevents crypto firms from offering "interest-like rewards" on payment stablecoins, which could risk bank deposits and financial stability. The bill prohibits interest-equivalent payments but allows rewards for specific activities like staking. Patrick Witt, a White House digital assets advisor, rebuked the banking CEOs for refusing to attend White House mediation meetings on this issue, which has delayed the bill for months. While Senate sources suggest the banking lobby's push is weak and the committee is focused on other bill aspects, the debate could resurface when the legislation reaches the full Senate.

bitcoinistHace 50 min(s)

White House Crypto Advisor Fires Back At Bank CEOs In Stablecoin Rewards Clash

bitcoinistHace 50 min(s)

Here Are The Major Bitcoin Levels To Watch After Breaking $80,000

Bitcoin has closed a week above $80,000 for the first time since late January, strengthening the bullish case after breaking through the $78,000 to $80,000 bearish order block. The key to future price action now depends on whether bulls can hold two critical levels. The first is the $78,000 floor, which must be defended to confirm the former resistance zone has turned into support. The second is the $82,000 lower-high area; a clean break above it could open the path toward the next major resistance at $90,000. However, a truly bullish trend shift would only be confirmed with a high-timeframe close above the $97,900 "Change of Character" level, which would break the pattern of lower highs formed since late 2025. While currently trading around $81,000, analysis suggests there remains a significant chance Bitcoin retests the $60,000 zone before any sustained upward move.

bitcoinistHace 1 hora(s)

Here Are The Major Bitcoin Levels To Watch After Breaking $80,000

bitcoinistHace 1 hora(s)

Zcash Is Up 1,500% And Its Biggest Backer Says This Is Why

Zcash (ZEC) has surged approximately 1,500%, a rally attributed by prominent backer Josh Swihart to fundamental resets in governance, product strategy, narrative, and organization. Three years ago, Zcash had strong cryptography but weak momentum. Today, shielded transaction adoption has risen dramatically, and over $3 billion in value is held in shielded wallets. Key changes include a governance reset where direct funding to core institutions ended, breaking a perceived "stranglehold" and empowering the broader community. Product focus shifted to user adoption, exemplified by the Zodl wallet, which contributed to shielded supply rising from 11% to about 30%. The narrative moved from "privacy coin" to "unstoppable private money," improving institutional perception and leading to listings and investment. Organizationally, key developers formed the Zcash Open Development Lab (ZODL), raising $25 million to scale adoption. Current priorities are improving user experience, scalability (targeting faster block times), and post-quantum security. Swihart concluded these compounded efforts explain Zcash's accelerated growth.

bitcoinistHace 2 hora(s)

Zcash Is Up 1,500% And Its Biggest Backer Says This Is Why

bitcoinistHace 2 hora(s)

Bitcoin ETF Issuers Are Predicting $1,000,000 Per Coin As Inflows Accelerate

Bitcoin ETF issuers are making bold price predictions, with VanEck's Matthew Sigel projecting Bitcoin could reach $1 million within five years. This forecast, tied to demographic demand, user loyalty, and central bank interest, suggests a potential 1,140% increase from current levels around $80,700. The timing coincides with strong ETF inflows, including a record $1.97 billion in April 2026. Other institutional forecasts, like VanEck's long-term base case of $2.9 million by 2050 and Bitwise's analysis, support the million-dollar thesis, citing Bitcoin's potential as a global reserve asset and store of value.

bitcoinistHace 5 hora(s)

Bitcoin ETF Issuers Are Predicting $1,000,000 Per Coin As Inflows Accelerate

bitcoinistHace 5 hora(s)

Trading

Spot
Futuros
活动图片