**Investment Partner Loses Crypto Savings to High-Profile Phishing Scam Using Zoom**
On Thursday, Mehdi Farooq, an investment partner at crypto venture capital firm Hypersphere, disclosed losses exceeding six cryptocurrency wallets, representing a substantial portion of his life savings, in a sophisticated phishing attack. The operation commenced via a fake Telegram message from “Alex Lin,” an individual Farooq identified as someone he knew.
Farooq recounted the sequence of events. Lin initiated contact reportedly seeking to reconnect. After establishing communication, Farooq provided a Calendly link for scheduling a meeting, which Lin arranged for the subsequent day.
Approximately 60 minutes before the scheduled conference call, the meeting moved to Zoom Business. A key red flag was raised by the request for the Zoom update and the assertion that a partner, supposedly “Kent,” would attend.
Farooq described joining the Zoom call discovering the audio was disabled, despite both participants displaying on-screen. A prompt suggestion to update Zoom to resolve the audio issue confirmed by the chat unleashed the attack. Shortly thereafter, his system was fully compromised and his wallets were drained.
“My laptop compromised completely,” Farooq stated in a post on X.
The impersonator maintained operational composure during the breach, continuing the conversation on Telegram as if monitoring the situation. Post-operation, they allegedly sent a message joking about arranging future meetings outside the country.
Digital forensics confirmed the attacker user ID corresponded to an account “Alex Lin” which had been compromised. Farooq identified the threat actor responsible as “dangrouspassword,” an APT affiliated with North Korea.
Farooq joined Hypersphere, focusing on trading, venture, and liquid finance crypto opportunities, earlier this year after nearly three years at Animoca Brands.
CoinTelegraph attempted to reach Farooq but reported no response by publication.
Escalating Sophistication in Crypto Phishing Incidents
Cybersecurity analysts note this incident occurs against a backdrop of increasing targeted phishing campaigns aimed at cryptocurrency professionals.
Earlier this year, BitGo CEO Mike Belshe announced scammers impersonating hardware wallet manufacturer Ledger and utilizing the United States Postal Service to distribute physical chains containing QR code-based phishing lures.
Furthermore, on-chain analyst ZackXBT confirmed a significant $330 million theft from an elderly individual via phishing attack, one of several high-profile incidents.
Related: (Crypto Startup Flatiron Raises New Funding Round From Previous Investors)
New variants of social engineering, leveraging trusted communication channels like Telegram and meeting platforms such as Zoom, underscore a targeted shift in threat methodology.
