18-4-2025 – Kenny Li, co-founder of Manta Network, has exposed a cunning phishing assault that nearly ensnared him through a seemingly authentic Zoom call. Writing on X on April 17, Li recounted how cybercriminals, suspected to be the notorious North Korean Lazarus Group, deployed live video footage of familiar colleagues to lure him into downloading malicious software. The ruse was meticulously crafted: the impersonator’s camera was active, displaying a convincing likeness, yet the absence of audio and a dubious prompt to install a script triggered Li’s suspicions. “The visuals were strikingly lifelike, but the silence and request to download a file felt off,” he noted, explaining his swift exit from the call.
Li’s instincts proved prescient. When he sought to authenticate the caller’s identity via Telegram, the impostor rebuffed the request, erased their conversation, and blocked him. Fortunately, Li preserved screenshots of the exchange, which included his suggestion to switch to Google Meet—a proposal the attacker ignored. Li speculated that the video feed was stitched together from archived recordings of genuine team members, rather than AI-generated fabrications. “The quality mirrored a standard webcam, lending it an eerie authenticity,” he observed, confirming that the real individual’s accounts had been hijacked by the Lazarus Group.
The incident underscores the growing audacity of cybercriminals targeting the cryptocurrency sector. Li cautioned that such attacks exploit the trust and mental exhaustion of industry leaders, who are accustomed to a barrage of messages and impromptu meeting requests. He urged vigilance, particularly around unsolicited download prompts. “Any request to install software—be it an update, attachment, or app—should be an immediate red flag,” he warned, stressing the need for heightened caution in an ecosystem ripe for exploitation.
Li’s experience is not isolated. A member of ContributionDAO disclosed a similar encounter, where attackers insisted on downloading a bespoke Zoom version for “business purposes,” despite the user already having the software installed. The perpetrators refused to pivot to Google Meet, a recurring tactic noted in other reports. Crypto researcher “Meekdonald” also shared on X that a colleague succumbed to an identical ploy, highlighting the pervasive threat. As cybercriminals refine their tactics, leveraging emotional manipulation and stolen credentials, the crypto community faces an urgent imperative to bolster its defences against such sophisticated deceptions.
