February 11 News, Google’s security team Mandiant disclosed that a North Korea-linked hacker group is using deepfake videos and fake Zoom calls to carry out highly targeted social engineering attacks against the cryptocurrency industry, and is deploying multiple malicious programs to steal assets and data.
The investigation shows that this operation was launched by the cyber threat group UNC1069. The group has been active since at least 2018 and shifted its focus from traditional finance to the Web3 space after 2023, targeting executives of crypto financial technology companies, software developers, and venture capital professionals. The incident began when an industry executive’s Telegram account was hijacked. The attacker impersonated the individual to contact targets, build trust, and then send fake Calendly video meeting invitations.
After victims clicked the link, they were directed to a fake Zoom domain controlled by the attacker. During the call, the attacker played a deepfake video of what appeared to be the CEO of another crypto company, and claimed there was an “audio malfunction,” tricking the target into running a supposed troubleshooting command on their computer. These commands triggered an infection chain on macOS and Windows systems, silently deploying up to seven malicious software programs.
Mandiant confirmed that these tools can steal Keychain credentials, browser cookies, login information, Telegram sessions, and local sensitive files. Researchers believe that the attackers aim both to directly acquire crypto assets and to gather intelligence for future scams. Deploying so many tools on a single device indicates a carefully planned targeted infiltration.
This incident is not isolated. By 2025, similar AI conference scams had caused losses exceeding $300 million; throughout the year, cyber operations related to North Korea stole approximately $2.02 billion in digital assets, a 51% increase. Chainalysis also pointed out that scam groups utilizing on-chain AI services are significantly more efficient than traditional methods.
As the barrier to deepfake technology continues to lower, the crypto industry faces unprecedented security challenges. Experts warn that online meetings involving funds and system permissions must strengthen multi-factor authentication and device isolation; otherwise, they could become the next attack vector.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Ledger Security Team Discovers MediaTek Processor Vulnerability That Could Lead to Wallet Mnemonic Theft
The team behind the crypto wallet Ledger has discovered a vulnerability in the secure boot chain of MediaTek processors. Attackers can extract encryption keys through physical access, affecting approximately 25% of Android phones. The vulnerability can be fixed with a patch, but it highlights the risks of storing keys on insecure devices. Users are advised to update promptly.
GateNews5h ago
AI code failure: Stop idolizing AI; Claude's coding caused a DeFi platform to lose $1.78 million
Moonwell Lending Protocol experienced a security incident on-chain due to an oracle configuration error, leading to a severe underestimation of cbETH asset prices. This event was caused by a logic error in AI-generated code, which was exploited by liquidation bots for profit. Although no traditional hacking was involved, users suffered a loss of $1.78 million. The incident highlights the oversight in AI programming review processes and emphasizes the importance of human oversight in the context of technological automation.
PANews6h ago
The Ministry of Industry and Information Technology releases OpenClaw intelligent agent security risk prevention recommendations, proposing four response strategies for financial transaction scenarios.
On March 11, the Ministry of Industry and Information Technology issued recommendations on preventing security risks associated with the open-source intelligent agent OpenClaw, emphasizing its potential risks in financial transactions. The "Six Musts and Six Don'ts" response strategy was proposed, such as implementing network isolation, secondary confirmation, and strengthening supply chain audits to prevent erroneous transactions and account hijacking.
GateNews7h ago
Aave experiences $27 million in abnormal liquidations, with 34 accounts being liquidated; the official promises full compensation
Aave experienced an abnormal liquidation on March 11th, with approximately $27 million in lending positions liquidated due to an internal security module CAPO parameter misconfiguration, resulting in a 2.85% underestimation of wstETH valuation. The liquidation affected 34 accounts, with about 10,938 wstETH forcibly closed. Chaos Labs has committed to fully compensate affected users and emphasized the need to improve risk management mechanisms. This incident highlights the risks posed by internal configuration errors within decentralized finance systems.
動區BlockTempo8h ago
Lido responds to liquidation event: a DeFi lending protocol oracle error caused the liquidation, unrelated to the Lido protocol
Lido responded to the liquidation event on March 10 caused by the CAPO oracle price error, stating that there will be no bad debt and that affected users will be fully compensated. The Lido Earn product was unaffected, and user funds are safe.
GateNews8h ago
BWA Chairman Dilip Chenoy Advocates Investor Education and Responsible Crypto Ecosystem
BWA Chairman Dilip Chenoy participated in the Q & A.
He called for thorough independent verification before crypto investment.
The immediate step for victims is to register a complaint with the authorities.
Dilip Chenoy, Chairman of Bharat Web3 Association (BWA), interacted with the media and pa
TheNewsCrypto11h ago
