A recent report warned about a new sophisticated phishing scam targeting unsuspected crypto users. The scheme involves fake Zoom meeting links to trick investors into downloading malicious software to steal their assets.
Fake Zoom Link Steals Private Data
On Friday, Blockchain security firm SlowMist warned investors that hackers had been targeting crypto users with a sophisticated phishing scam to access their sensitive data. The investigation revealed that malicious actors used “social engineering and trojan techniques” to steal the victim’s private keys, wallet data, and other sensitive information.
According to the report, several X users posted online about a phishing attack disguised as Zoom meeting links, with some victims installing malicious software and losing assets worth millions of dollars.
One victim narrates being manipulated into clicking a fake Zoom meeting link and tricked into downloading and installing the malicious program on their computer. This resulted in the theft of 1 million USD0++ from the victim’s crypto wallet.
Victim explains Zoom phishing scam. Source: SlowMist
SlowMist explains that hackers use a fake domain resembling the original Zoom meeting link. Additionally, the website closely mimics the Zoom meeting interface, which deceives users into clicking the “Launch Meeting” button.
However, this action doesn’t open the Zoom app. Instead, it downloads the malicious software, leading users to “Reinstall” the platform. After being installed, users are tricked into executing a malicious script and entering their system password.
The blockchain security firm found that this script collects information from the user’s device and sends it to the hacker:
After the malicious code collects system information, browser data, cryptocurrency wallet data, Telegram data, Notes data, and Cookie data, it compresses the gathered information and sends it to a server controlled by the hacker.
Additionally, the software executes other scripts that collect KeyChain data from the computer to try to decrypt it. This allowed the hacker to access wallet mnemonic phrases and private keys, facilitating the theft of crypto assets.
SlowMist also tracked the related wallets, finding that over $1 million in crypto, including USD0++, MORPHO, and ETH, sat in the addresses linked to the hacker. Per the report, the MORPHO and the recently stolen USD0++ tokens had been swapped to 296 Ethereum (ETH) on December 23.
The funds were transferred to various crypto platforms, including Binance, Bybit, and Gate.io, to try and disguise the ill-gotten profits. The security firm advised users to carefully verify links before clicking and avoid executing unknown software and commands to protect their sensitive data and funds.
Crypto Hacks Rise In 2024
According to a recent Chainalysis report, crypto hacks persisted in 2024, rising 21.07% from last year. The industry saw over $2.2 billion lost to hackers, recording the third-largest year by total value stolen.
Additionally, it became the year with the most individual hacks, registering 303 incidents by the time of the report. Private key compromises were the largest compromise type, accounting for 43.8% of the incidents, while centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3.
This year also saw some of the largest heists in the industry’s history, with the DMM Bitcoin and WazirX exploits taking around $540 million between May and July. Meanwhile, North Korean hackers were responsible for 60% of the total value stolen, with $1.34 billion linked to their attacks.
Ultimately, it noted the industry’s need to address the “increasingly complex and evolving threat landscape,” suggesting a “collaborative approach between the public and private sectors” to combat these challenges effectively in the future.
Total crypto market capitalization is at $3.28 trillion in the one-week chart. Source: TOTAL on TradingView
Featured Image from Unsplash.com, Chart from TradingView.com
