.png){kind=logo}
Cybersecurity firm Security Alliance (SEAL) has warned of “multiple daily” crypto scam attempts that use fake Zoom or Teams meetings to infect targets. MetaMask security researcher Taylor Monahan said the campaign has already stolen more than $300 million through this approach. SEAL urged heightened vigilance.
Attackers usually begin on Telegram, using an account that appears to belong to someone the victim knows. They often rely on prior chat history to lower suspicion. The attacker then proposes a quick catch-up and sends a meeting link, sometimes routed through Calendly. Links often mimic trusted domains and meeting branding.
When the Zoom call starts, the victim sees a live-looking video of the supposed contact and other team members. Monahan said the actors often reuse real recordings rather than deepfakes. The attacker then claims the victim has audio problems and offers a fix.
The fix arrives as a “patch” file or an SDK update shared in chat. If the victim runs it, the file installs malware that can steal passwords and private keys and then drain crypto wallets. Researchers also warn that the malware can seize Telegram sessions, which lets attackers message a victim’s contacts and repeat the lure.
Also Read: Australia Cracks Down on Crypto ATMs Amid Rising Scams
Security teams advise fast containment after any suspicious meeting link or file. They recommend taking the device offline and shutting it down, then using a separate clean device to move funds to new wallets. Users should rotate passwords, enable two-factor authentication, and terminate unknown messaging sessions before returning to normal activity.
The warning lands as crypto theft totals remain high. North Korean groups, including Lazarus, have faced repeated links to major thefts and social engineering campaigns, including job and interview lures aimed at crypto companies.
Reports have also linked Lazarus to a breach that drained roughly $30.6 million from South Korea’s Upbit. Separate estimates put total crypto theft at roughly $2.17 billion by mid-2025.
Ethereum developers also reported a recent disruption that did not involve an external attacker. Prysm developers said a bug introduced ahead of the Fusaka upgrade triggered a validation slowdown on Dec. 4, which led to missed slots and reduced validator rewards, without a loss of finality.
A post-mortem said affected Prysm nodes regenerated older chain states and exhausted resources while processing attestations. Prysm estimated about 382 ETH in missed rewards across its validators during the episode. Developers issued a workaround and then released a patch, while the incident renewed attention on client diversity after researchers noted Lighthouse still holds a majority share of Ethereum’s consensus clients.
