Manta founder details attempted Zoom hack by Lazarus that used very real ‘legit faces’
Manta Network co-founder Kenny Li says he was targeted by a highly sophisticated phishing attack on Zoom that used live recordings of familiar people in an attempt to have him download malware.
The meeting seemed real with the impersonated person’s camera on, but the lack of sound and a suspicious prompt to download a script raised red flags, Li said in an April 17 X post.
“I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left.”
Li then asked the impersonator to verify themselves over a Telegram call, however, they didn’t comply and proceeded to erase all messages and block him soon after.
Li believes the North Korean state-backed Lazarus Group was behind the attack.
The Manta Network co-founder managed to screenshot his conversation with the attacker before the messages were deleted, where Li initially suggested moving the call over to Google Meet instead.
Speaking with Cointelegraph, Li said he believes the live shots used in the video call were taken from past recordings of real team members.
“It didn’t seem AI-generated. The quality looked like what a typical webcam quality looks like.”
Li confirmed that the real person’s accounts had been compromised by the Lazarus Group.
Beware of being asked to download anything, says Li
Li advised other members of the crypto community to always be aware of anything they’re asked to download out of the blue.
“The biggest red flag will always be a downloadable. Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don’t do it.”
The Manta executive acknowledged that it could easily fool a crypto executive accustomed to being bombarded with messages and accepting sudden meeting requests.
“These are hacks that play to your emotional connection and potentially mental fatigue.”
Other members of the crypto community share similar stories
Li wasn’t the only to be targeted by the hackers in recent days.
“They also asked me to download Zoom via their link, and said that it’s only for their business. Even though I actually have Zoom on my computer, I couldn’t use it,” a member of ContributionDAO said.
Related: Lazarus Group’s 2024 pause was repositioning for $1.4B Bybit hack
“They claimed it had to be a business version that they had registered. When I requested to switch to Google Meet instead, they refused.”
Crypto researcher and X user “Meekdonald” said a friend of theirs fell victim to the exact same strategy that Li avoided.
Magazine: Meet the hackers who can help get your crypto life savings back
Bitcoin (BTC) $ 103,052.00
Ethereum (ETH) $ 2,347.43
Tether (USDT) $ 0.999859
XRP (XRP) $ 2.41
BNB (BNB) $ 638.27
Solana (SOL) $ 173.60
USDC (USDC) $ 0.999995
Dogecoin (DOGE) $ 0.208323
Cardano (ADA) $ 0.795493
TRON (TRX) $ 0.263658
Lido Staked Ether (STETH) $ 2,341.17
Sui (SUI) $ 4.01
Wrapped Bitcoin (WBTC) $ 102,967.00
Chainlink (LINK) $ 16.33
Avalanche (AVAX) $ 23.70
Wrapped stETH (WSTETH) $ 2,832.95
Stellar (XLM) $ 0.302714
Shiba Inu (SHIB) $ 0.000015
Hyperliquid (HYPE) $ 25.40
Hedera (HBAR) $ 0.202631
Toncoin (TON) $ 3.29
Bitcoin Cash (BCH) $ 415.23
LEO Token (LEO) $ 8.74
USDS (USDS) $ 0.999916
Litecoin (LTC) $ 98.83
Polkadot (DOT) $ 4.69
WETH (WETH) $ 2,341.80
Wrapped eETH (WEETH) $ 2,493.71
Monero (XMR) $ 303.87
Pepe (PEPE) $ 0.000013
Bitget Token (BGB) $ 4.49
Pi Network (PI) $ 0.739737
Binance Bridged USDT (BNB Smart Chain) (BSC-USD) $ 1.00
Coinbase Wrapped BTC (CBBTC) $ 103,018.00
Ethena USDe (USDE) $ 0.999105
WhiteBIT Coin (WBT) $ 30.26
Uniswap (UNI) $ 6.36
Bittensor (TAO) $ 431.12
Aptos (APT) $ 5.72
NEAR Protocol (NEAR) $ 2.93
Dai (DAI) $ 1.00
Ondo (ONDO) $ 1.03
OKB (OKB) $ 54.09
Aave (AAVE) $ 210.65
sUSDS (SUSDS) $ 1.05
Ethereum Classic (ETC) $ 19.20
Cronos (CRO) $ 0.100968
Official Trump (TRUMP) $ 14.30
BlackRock USD Institutional Digital Liquidity Fund (BUIDL) $ 1.00
Internet Computer (ICP) $ 5.31
Kaspa (KAS) $ 0.103265
Gate (GT) $ 22.10
Tokenize Xchange (TKX) $ 32.90
Render (RENDER) $ 4.98
Mantle (MNT) $ 0.768368
VeChain (VET) $ 0.029752
POL (ex-MATIC) (POL) $ 0.256536
Artificial Superintelligence Alliance (FET) $ 0.860657
Ethena (ENA) $ 0.374392
Cosmos Hub (ATOM) $ 4.89
USD1 (USD1) $ 1.01
Lombard Staked BTC (LBTC) $ 102,787.00
Algorand (ALGO) $ 0.236294
Ethena Staked USDe (SUSDE) $ 1.17
Filecoin (FIL) $ 3.03
Sonic (prev. FTM) (S) $ 0.590632
Fasttoken (FTN) $ 4.36
Celestia (TIA) $ 2.89
Arbitrum (ARB) $ 0.379138
Bonk (BONK) $ 0.000022
Jupiter Perpetuals Liquidity Provider Token (JLP) $ 4.52
Worldcoin (WLD) $ 1.14
Jupiter (JUP) $ 0.524196
First Digital USD (FDUSD) $ 0.999672
Stacks (STX) $ 0.973564
Maker (MKR) $ 1,743.52
Binance Staked SOL (BNSOL) $ 182.82
Binance-Peg WETH (WETH) $ 2,347.99
KuCoin (KCS) $ 11.15
Quant (QNT) $ 95.52
Fartcoin (FARTCOIN) $ 1.35
Kelp DAO Restaked ETH (RSETH) $ 2,457.81
Virtuals Protocol (VIRTUAL) $ 2.03
EOS (EOS) $ 0.853437
Flare (FLR) $ 0.019822
NEXO (NEXO) $ 1.28
Story (IP) $ 4.62
Optimism (OP) $ 0.745186
Sei (SEI) $ 0.236969
XDC Network (XDC) $ 0.077349
Immutable (IMX) $ 0.657684
Injective (INJ) $ 11.90
Solv Protocol BTC (SOLVBTC) $ 102,616.00
Rocket Pool ETH (RETH) $ 2,661.76
USDT0 (USDT0) $ 0.998742
uBTC (UBTC) $ 205,397.00
The Graph (GRT) $ 0.110446
Curve DAO (CRV) $ 0.777775
FLOKI (FLOKI) $ 0.000101
Pudgy Penguins (PENGU) $ 0.015164
