Cybercriminals affiliated with the Lazarus Group, a North Korean hacking syndicate, recently attempted to breach the security of Kenny Li, co-founder of Manta Network, through a clever scheme involving fake Zoom calls. The incident, which took place on April 17, 2025, revealed how the hackers impersonated a trusted contact on Telegram to schedule a Zoom meeting with Li. During the call, Li became suspicious of unusual prompts, such as requests for camera access and a script file download, prompting him to exit the meeting and delete the messages. Subsequently, he discovered that the contact had blocked him, further confirming the fraudulent nature of the interaction.
This incident highlights an emerging trend of cyberattacks within the cryptocurrency community utilizing Zoom as a vulnerability. Cybersecurity experts have attributed these tactics to the Lazarus Group, who have exploited weaknesses in Web3 infrastructure to target individuals like Li. The hackers deployed a sophisticated strategy by using pre-recorded footage from previous meetings to create a false sense of familiarity during the Zoom call. By displaying familiar faces and mimicking legitimate interactions, the attackers aimed to deceive their targets into downloading a malicious script file that could compromise their cryptocurrency assets.
Similar tactics involving fake Zoom interfaces have been previously reported, with hackers using these methods to trick users into downloading malware that steals sensitive data, including cryptocurrency wallet credentials. The evolution of the Lazarus Group’s techniques from brute force attacks to social engineering underscores the growing sophistication of cyber threats faced by crypto founders and developers. By impersonating trusted contacts and leveraging realistic visuals, these hackers exploit human error to infiltrate secure systems and access valuable assets.
Aside from the attempted breach on Kenny Li, another member of the crypto community, associated with Vow | ContributionDAO, encountered a similar scam involving attackers posing as blockchain team members on April 18, 2025. The perpetrators sought a specific Zoom link before abruptly disappearing when the user suggested switching to Google Meet. These incidents serve as a stark reminder of the increasing complexity and frequency of cyber scams within the crypto space, necessitating heightened vigilance from users to safeguard their assets against potential threats.
In a separate development, KiloEx, a decentralized exchange platform, recently recovered $7.5 million after falling victim to a hack on April 18, 2025. The attacker returned the stolen funds following negotiations for a bounty deal, highlighting the delicate balance between cybersecurity vulnerabilities and the resilience of crypto platforms in responding to breaches. The exploit, attributed to a manipulated price oracle, a common vulnerability in decentralized finance platforms, prompted KiloEx to enlist the services of cybersecurity firms like SlowMist and Sherlock to trace the attack. Despite temporarily suspending operations, the platform assured users that no funds were permanently lost due to the incident.
The KiloEx case underscores the ongoing threats faced by decentralized finance platforms from cybercriminals seeking to exploit vulnerabilities in smart contracts and oracles. While the platform opted not to pursue legal action against the hacker, the incident serves as a cautionary tale for the DeFi sector, emphasizing the importance of robust security measures to mitigate the risks of financial exploitation in the digital asset landscape.