In recent developments, ex-Animoca executive Mehdi Farooq came forward to reveal that he was the victim of an elaborate phishing attack which has been traced back to the notorious North Korean hacking group Lazarus. The sophisticated attack led to Farooq, who is now an investment partner at Hypersphere, losing a significant portion of his life savings as his cryptocurrency wallets were drained.
The Lead Up to the Attack
For Farooq, the process leading up to this unfortunate incident commenced with a seemingly routine communication. Alex Lin, a familiar and professional contact, initiated a conversation on the messaging platform, Telegram. Eager to catch up, Farooq proceeded to share his Calendly link to promptly arrange a meeting.
On the day of the arranged meeting, Lin suggested switching the platform of communication to Zoom Business citing compliance reasons and also informed Farooq that his limited partner, Kent, would be joining the call. This change of plans didn’t raise a red flag, probably due to the plausible explanation and the familiarity with both parties.
The Zoom Attack
Simulating a typical Zoom meeting, the initial setup was legitimate in appearance. Moreover the fact that both participants activated their cameras played well into convincing Farooq that nothing was amiss. A turn of events came when no audio feed was available on the call. Through the chat feature on Zoom, Lin and Kent communicated difficulties with their audio setup and suggested Farooq updated his Zoom client.
Trusting the authenticity of his meeting counterparts, Farooq carried out the suggested solution. Unfortunately, this led to a rapid downward spiral as, within minutes of installing this falsified update, Farooq’s crypto wallets were drained. It was only after the damage had been done, that Farooq discovered Lin’s account wasn’t under his control, but being operated by malevolent hackers.
The Lazarus Connection
This phishing incident soon revealed links to Lazarus Group— a hacking group believed to be connected with the North Korean state. Describing the incident as “surreal and completely violating,” Farooq shared that when he was at his lowest, ‘whitehat’ hackers stepped up to offer help. This collaboration exposed the notorious Lazarus Group and their evident and high-risk pattern of dramatizing technical issues and pushing malware through hijacked accounts.
Similar Attacks on Crypto-Industry Leaders
Farooq is not the only victim of such attacks. Similar experiences have been reportedly shared by other leaders in the cryptocurrency industry. Founders from Mon Protocol, Stably, and Devdock AI have also reported similar phishing attempts. The modus operandi remains consistent – hijack trusted accounts, fake technical issues, and solicit malware downloads.
Analysis of the Scam Attacks
Security analysts, professionals who study patterns in cybercrime, have recognized this technique as a signature move by the Lazarus Group. One such analysis was put forward by Nick Bax from the Security Alliance. Laying bare the methodology of these scams, he pointed out how hackers pose as familiar contacts, orchestrate problems with communication tools and coerce their targets into downloading malicious software. Bax’s post is a stark reminder of how significant and damaging these seemingly small glitches during virtual meetings can be.
As a safeguarding measure, it is advised whether professional or personal, always maintain healthy skepticism towards sudden changes, unfamiliar follow-up requests or unanticipated software updates. Safeguard your sensitive data, practice good internet hygiene and stay vigilant about the credibility of communication.
