Mehdi Farooq, an investment partner at Hypersphere, a crypto venture capital firm, has publicly disclosed losing a significant portion of his life savings in a sophisticated phishing attack via a manipulated Zoom call, highlighting the vulnerabilities faced by professionals in the digital security landscape.
Farooq detailed the incident in a post on X, explaining that the attack began with a seemingly innocuous message on Telegram from Alex Lin, a known contact, who wanted to “catch up.” Farooq shared his Calendly link with Lin, who scheduled a meeting for the next day, appearing as a legitimate professional interaction. The deception deepened just minutes before the call when Lin requested switching to Zoom Business, citing “compliance reasons,” and mentioned that Kent, one of Farooq’s Limited Partners (LPs), would also join. Farooq found this plausible and didn’t suspect malicious intent, as it leveraged his existing professional relationships and daily operational context.
Upon joining the Zoom call, Farooq encountered a technical issue: no audio, despite both participants being on screen. The impersonators used the Zoom chat to instruct Farooq to update his Zoom client, claiming it would resolve the issue. After Farooq complied and ran the update, his system was compromised. He recounted, “Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely.” This highlights the rapid and devastating consequences of such an attack.
The attacker’s behavior during the compromise was insidious, as they continued to engage Farooq in casual conversation on Telegram, acting as if nothing was amiss. Farooq recalled, “He even joked: ‘Let’s catch up at SG.'” This chilling detail illustrates the sophisticated psychological manipulation used by the perpetrators to keep their victim unaware. Farooq later discovered that Alex Lin’s legitimate account had been hijacked, a common tactic used by cybercriminals to leverage trusted connections.
The attack has been linked to “dangrouspassword,” a threat actor group believed to be affiliated with North Korea, highlighting the geopolitical dimension of cybercrime. State-sponsored or state-affiliated groups engage in illicit activities, including financial theft, to fund their operations or bypass sanctions. Farooq had recently joined Hypersphere as an investment partner, focusing on liquid and venture opportunities, making him an attractive target for sophisticated adversaries.
Farooq’s ordeal is a sobering example of the growing trend of sophisticated phishing attacks targeting crypto professionals and high-net-worth individuals. Other recent incidents include Mike Belshe, CEO of BitGo, revealing scammers impersonating Ledger, mailing fake letters to crypto users via USPS, and urging them to “validate” their wallets. In April, an elderly individual was defrauded of $330 million in Bitcoin through a phishing attack, confirmed by on-chain detective ZackXBT. These incidents underscore the urgent need for heightened vigilance, enhanced security protocols, and continuous education within the cryptocurrency community.
