A recent report warned of a novel sophisticated phishing scam targeting unsuspecting cryptocurrency users. The scheme involves bogus Zoom meeting links designed to trick investors into downloading malware in order to steal their assets.

Fraudulent Zoom link steals private data

On Friday, blockchain security company SlowMist warned investors that hackers targeted cryptocurrency users with a sophisticated phishing scam to gain access to their sensitive data. The investigation revealed that malicious criminals used “social engineering techniques and Trojans” to steal the victim’s private keys, wallet details and other sensitive information.

According to the report, several X users posted online about a phishing attack impersonating Zoom meeting links, which resulted in some victims installing malware and losing millions of dollars in assets.

One victim says she was manipulated into clicking a bogus Zoom meeting link and tricked into downloading and installing a malicious program on her computer. This resulted in the theft of USD 1 million USD0++ from the victim’s cryptocurrency wallet.

Victim explains Zoom phishing scam. Source: SlowMist

SlowMist explains that hackers apply a bogus domain resembling the original Zoom meeting link. Additionally, the website closely mimics the Zoom meeting interface, which tricks users into clicking the “Start Meeting” button.

However, this action does not open the Zoom app. Instead, it downloads malware, forcing users to “reinstall” the platform. Once installed, users are tricked into executing a malicious script and entering their system password.

A blockchain security company discovered that this script collects information from the user’s device and sends it to the hacker:

After the malicious code has collected system information, browser data, cryptocurrency wallet data, Telegram data, Notes data and cookie data, it compresses the collected information and sends it to a server controlled by the hacker.

Additionally, the software executes other scripts that collect KeyChain data from the computer and attempt to decrypt it. This allowed the hacker to access the wallet’s mnemonic phrases and private keys, making it easier to steal crypto assets.

SlowMist also tracked associated wallets and discovered that there was over $1 million in cryptocurrencies, including USD0++, MORPHO and ETH, at addresses associated with the hacker. According to the report, on December 23, MORPHO and the recently stolen USD0++ tokens were converted into 296 Ethereum (ETH).

The funds were moved to various crypto platforms, including Binance, Bybit and Gate.io, to try to hide the ill-gotten gains. The security firm advised users to check links carefully before clicking and avoid running unknown software and commands to protect their sensitive data and funds.

Crypto hacks are on the rise in 2024

According to Chainalytic’s latest report, the number of cryptocurrency hacks continued in 2024, representing a 21.07% escalate compared to last year. The industry reported losses to hackers of more than $2.2 billion, marking its third-biggest year for total value stolen.

Moreover, it was the year with the highest number of individual burglaries – by the time the report was prepared, 303 incidents had been recorded. Private key compromises were the largest type of compromise, accounting for 43.8% of incidents, while centralized exchanges (CEX) were the most frequently attacked platforms in the second and third quarters.

This year also saw the largest heists in the industry’s history, with Bitcoin and WazirX DMM exploits taking in approximately $540 million between May and July. Meanwhile, North Korean hackers were responsible for 60% of the total value stolen, with $1.34 billion linked to their attacks.

Ultimately, he noted the need for the industry to address “an increasingly complex and evolving threat landscape,” suggesting a “collaborative approach between the public and private sectors” to effectively address these challenges in the future.

Total crypto market capitalization is at $3.28 trillion in the one-week chart. Source: TOTAL on TradingView

Featured image from Unsplash.com, chart from TradingView.com