Manta founder details attempted Zoom hack by Lazarus that used very real ‘legit faces’
Manta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware.
The meeting seemed real with the impersonated person’s camera on, but the lack of sound and a suspicious prompt to download a script raised red flags, Li said in an April 17 X post.
“I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left.”
Li then asked the impersonator to verify themselves over a Telegram call, however, they didn’t comply and proceeded to erase all messages and block him soon after.
Li believes the North Korean state-backed Lazarus Group was behind the attack.
The Manta Network co-founder managed to screenshot his conversation with the attacker before the messages were deleted, where Li initially suggested moving the call over to Google Meet instead.
Speaking with Cointelegraph, Li said he believes the live shots used in the video call were taken from past recordings of real team members.
“It didn’t seem AI-generated. The quality looked like what a typical webcam quality looks like.”
Li confirmed that the real person’s accounts had been compromised by the Lazarus Group.
Beware of being asked to download anything, says Li
Li advised other members of the crypto community to always be aware of anything they’re asked to download out of the blue.
“The biggest red flag will always be a downloadable. Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don’t do it.”
The Manta executive acknowledged that it could easily fool a crypto executive accustomed to being bombarded with messages and accepting sudden meeting requests.
“These are hacks that play to your emotional connection and potentially mental fatigue.”
Other members of the crypto community share similar stories
Li wasn’t the only to be targeted by the hackers in recent days.
“They also asked me to download Zoom via their link, and said that it’s only for their business. Even though I actually have Zoom on my computer, I couldn’t use it,” a member of ContributionDAO said.
Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack
“They claimed it had to be a business version that they had registered. When I requested to switch to Google Meet instead, they refused.”
Crypto researcher and X user “Meekdonald” said a friend of theirs fell victim to the exact same strategy that Li avoided.
Magazine: Meet the hackers who can help get your crypto life savings back
Bitcoin (BTC) $ 107,287.00
Ethereum (ETH) $ 2,513.56
Tether (USDT) $ 1.00
XRP (XRP) $ 2.29
BNB (BNB) $ 665.38
Solana (SOL) $ 170.71
USDC (USDC) $ 0.999758
Dogecoin (DOGE) $ 0.218915
Cardano (ADA) $ 0.743389
TRON (TRX) $ 0.271182
Lido Staked Ether (STETH) $ 2,512.88
Wrapped Bitcoin (WBTC) $ 107,151.00
Hyperliquid (HYPE) $ 37.51
Sui (SUI) $ 3.50
Wrapped stETH (WSTETH) $ 3,020.00
Chainlink (LINK) $ 15.00
Avalanche (AVAX) $ 22.30
Stellar (XLM) $ 0.281037
Shiba Inu (SHIB) $ 0.000014
LEO Token (LEO) $ 8.91
Bitcoin Cash (BCH) $ 411.65
Hedera (HBAR) $ 0.183319
Monero (XMR) $ 411.05
Toncoin (TON) $ 2.93
Litecoin (LTC) $ 94.41
WETH (WETH) $ 2,513.97
Polkadot (DOT) $ 4.41
USDS (USDS) $ 0.999779
Bitget Token (BGB) $ 5.31
Wrapped eETH (WEETH) $ 2,683.35
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Pi Network (PI) $ 0.770150
Pepe (PEPE) $ 0.000013
Ethena USDe (USDE) $ 1.00
WhiteBIT Coin (WBT) $ 32.24
Coinbase Wrapped BTC (CBBTC) $ 107,310.00
Aave (AAVE) $ 262.31
Dai (DAI) $ 0.999902
Bittensor (TAO) $ 416.32
Uniswap (UNI) $ 6.02
NEAR Protocol (NEAR) $ 2.66
Aptos (APT) $ 5.07
OKB (OKB) $ 51.89
Jito Staked SOL (JITOSOL) $ 205.58
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Ondo (ONDO) $ 0.912982
Cronos (CRO) $ 0.094065
Ethereum Classic (ETC) $ 17.96
Kaspa (KAS) $ 0.103409
Internet Computer (ICP) $ 5.07
Ethena Staked USDe (SUSDE) $ 1.17
Tokenize Xchange (TKX) $ 32.61
Gate (GT) $ 21.16
Official Trump (TRUMP) $ 12.49
Mantle (MNT) $ 0.734077
Render (RENDER) $ 4.54
VeChain (VET) $ 0.026472
USD1 (USD1) $ 0.998334
Cosmos Hub (ATOM) $ 4.65
Artificial Superintelligence Alliance (FET) $ 0.803400
Ethena (ENA) $ 0.355068
POL (ex-MATIC) (POL) $ 0.228884
Lombard Staked BTC (LBTC) $ 106,835.00
Worldcoin (WLD) $ 1.33
sUSDS (SUSDS) $ 1.05
Fasttoken (FTN) $ 4.41
Arbitrum (ARB) $ 0.381805
Filecoin (FIL) $ 2.77
Algorand (ALGO) $ 0.214116
First Digital USD (FDUSD) $ 0.998616
Celestia (TIA) $ 2.47
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.57
Binance-Peg WETH (WETH) $ 2,514.19
Bonk (BONK) $ 0.000019
Jupiter (JUP) $ 0.517102
Binance Staked SOL (BNSOL) $ 179.62
KuCoin (KCS) $ 11.19
Sonic (prev. FTM) (S) $ 0.437716
Fartcoin (FARTCOIN) $ 1.36
Stacks (STX) $ 0.857943
Kelp DAO Restaked ETH (RSETH) $ 2,624.13
NEXO (NEXO) $ 1.26
Optimism (OP) $ 0.722209
Virtuals Protocol (VIRTUAL) $ 1.88
Injective (INJ) $ 12.50
Flare (FLR) $ 0.018510
Rocket Pool ETH (RETH) $ 2,856.38
USDT0 (USDT0) $ 1.00
Story (IP) $ 4.17
Sei (SEI) $ 0.213587
Immutable (IMX) $ 0.609819
EOS (EOS) $ 0.734557
XDC Network (XDC) $ 0.067414
dogwifhat (WIF) $ 1.04
Solv Protocol BTC (SOLVBTC) $ 107,161.00
The Graph (GRT) $ 0.104801
Curve DAO (CRV) $ 0.735186
Maker (MKR) $ 1,617.64
Marinade Staked SOL (MSOL) $ 221.15
Mantle Staked Ether (METH) $ 2,679.98
