North Korea-Linked Hackers Steal $300 Million of Crypto Via Fake Zoom Meeting. On Sunday, a post on X surfaced, claiming that hackers had stolen nearly $300 million worth of cryptocurrency assets via a fake Zoom meeting by impersonating an industry expert.
MetaMask security researcher Taylor Monahan said this campaign breaks away from the recent wave of attacks built around AI deepfakes. Rather than using synthetic audio or video, the actors take a far simpler approach. They hijack legitimate Telegram accounts and rely on looped clips pulled from real interviews to make the interaction look authentic.
The turning point usually comes when the attacker introduces a fake technical problem. Claiming issues with audio or video, they pressure the victim to restore the connection by downloading a script or installing what’s described as a software development kit (SDK). That file is where the compromise happens.
OOnce installed, the malware, most often a Remote Access Trojan (RAT), hands over full control of the system. Wallets are wiped out, sensitive data is pulled, and internal security details are exposed. Telegram session tokens are also harvested, allowing the attackers to reuse the victim’s account and move laterally to the next target.
Monahan warned that the effectiveness of this method lies in how it exploits professional behavior. The setting of a “business call” creates urgency and lowers skepticism, turning a routine troubleshooting request into a serious security failure.
For anyone working in the industry, he said, a request to download software during a live call should now be treated as a clear sign of an active attack. This fake-meeting tactic forms part of a broader campaign tied to DPRK-linked actors, who are estimated to have stolen close to $2 billion from the crypto sector over the past year, including funds linked to the Bybit breach.
Also Read: North Korean Hackers Suspected of $21M Crypto Theft
Crypto Story in 2025 so Far
It isn’t the first crypto theft of December 2025. So far, six exploits have been recorded on different chains, including ETH, BSC, and others, as per the REKT database. These include WaveX, Goldfinch Finance, USPD, DMi, MUBARA, and Eden Network, which have collectively lost $430k. The respective losses for WaveX, Goldfinch Finance, USPD, DMi, MUBARA, and Eden Network are $330k, $200k, $124k, $55k, and $54k.
Industry data shows that the crypto market has suffered losses of more than $9.16 billion over the past year due to DeFi scams, hacks, and exploits.
The damage was largely driven by major incidents involving Mantra and Bybit, which reported losses of $5.50 billion in April and $1.4 billion in February 2025, respectively.
Conclusion
This incident highlights how DPRK-linked exploiters continue to shift tactics, blending simple social engineering with malware to sharp effect. As crypto losses mount across chains and platforms, the fake meeting attack shows that even basic trust assumptions can be exploited at scale.
With billions already drained through several hacks and scams over the past year, the latest case supports that security risks in the sector are no longer limited to smart contracts or protocols.
