Hypersphere Partner Loses Life Savings in Sophisticated Zoom Phishing Attack

Investment partner at the venture firm Hypersphere, Mehdi Farouk, became a victim of a phishing attack through a fraudulent Zoom call.

According to him, the incident began with a message on Telegram from his acquaintance, Alex Lin. Since they had interacted before, the request for a call did not raise any suspicions. Farouk shared a link to his Calendly, and the participant scheduled a meeting.

Just before the call, the scammer requested to switch to Zoom Business for «compliance reasons.» He also mentioned that another acquaintance of Farouk would join the conversation. This gave no cause for concern, as the investor was involved in treasury transactions.

During the Zoom call, there was no sound. In the chat, Farouk was advised to update the application to resolve the issue. Once he initiated the «update,» his system was compromised.

*»Six wallets have been drained (it’s my fault for not keeping everything in check). My laptop is completely out of order. Years of savings disappeared in a matter of minutes,»* he wrote.

Farouk added that during the attack, the scammer continued to communicate with him calmly on Telegram, while Lin’s account had been hacked.

The entrepreneur mentioned that white hat hackers reached out to offer their assistance. It turned out that the attack was carried out by a North Korea-linked group called DangerousPassword.

As a reminder, in March, North Korean hackers attacked cryptocurrency entrepreneurs via Zoom. According to Nick Bax from Security Alliance, this method enabled the scammers to steal «tens of millions of dollars.»

On April 14, hackers stole $100,000 from Jake Gallen, the CEO of the NFT platform Emblem Vault, through the video service.

Later, Manta Network co-founder Kenny Li revealed details of an attempted hack, allegedly orchestrated by the North Korean hacking group Lazarus Group.