February 11 News, Google’s security team Mandiant disclosed that a North Korea-linked hacker group is using deepfake videos and fake Zoom calls to carry out highly targeted social engineering attacks against the cryptocurrency industry, and is deploying multiple malicious programs to steal assets and data.
The investigation shows that this operation was launched by the cyber threat group UNC1069. The group has been active since at least 2018 and shifted its focus from traditional finance to the Web3 space after 2023, targeting executives of crypto financial technology companies, software developers, and venture capital professionals. The incident began when an industry executive’s Telegram account was hijacked. The attacker impersonated the individual to contact targets, build trust, and then send fake Calendly video meeting invitations.
After victims clicked the link, they were directed to a fake Zoom domain controlled by the attacker. During the call, the attacker played a deepfake video of what appeared to be the CEO of another crypto company, and claimed there was an “audio malfunction,” tricking the target into running a supposed troubleshooting command on their computer. These commands triggered an infection chain on macOS and Windows systems, silently deploying up to seven malicious software programs.
Mandiant confirmed that these tools can steal Keychain credentials, browser cookies, login information, Telegram sessions, and local sensitive files. Researchers believe that the attackers aim both to directly acquire crypto assets and to gather intelligence for future scams. Deploying so many tools on a single device indicates a carefully planned targeted infiltration.
This incident is not isolated. By 2025, similar AI conference scams had caused losses exceeding $300 million; throughout the year, cyber operations related to North Korea stole approximately $2.02 billion in digital assets, a 51% increase. Chainalysis also pointed out that scam groups utilizing on-chain AI services are significantly more efficient than traditional methods.
As the barrier to deepfake technology continues to lower, the crypto industry faces unprecedented security challenges. Experts warn that online meetings involving funds and system permissions must strengthen multi-factor authentication and device isolation; otherwise, they could become the next attack vector.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
China's State Network Information Center Releases OpenClaw Security Risk Warning, with Approximately 23,000 Active Assets in the Domestic Market
Data from China's National Internet and Information Security Notification Center shows that there are over 200,000 active OpenClaw internet assets worldwide, with about 23,000 located within China, primarily concentrated in areas with dense network resources. These assets are exposed to security risks, and the behavior of agents is difficult to control, which could result in serious consequences such as data deletion and information theft.
GateNews1h ago
Ethereum Fees Drop Triggers Surge in Scams? Address Poisoning Attacks Skyrocket, USDT Micro Transactions Spike 612%
As Ethereum transaction costs decline, address poisoning attacks are becoming increasingly frequent. Attackers create counterfeit similar addresses and conduct small-value transfers to trick users into sending funds to the wrong address. After the Fusaka upgrade, small-value transactions surged, causing massive losses. Although the success rate of attacks is low, attackers continue to carry out these schemes due to low costs. Users need to carefully verify addresses and remain vigilant against such risks.
GateNews5h ago
OpenClaw Goes Viral in China's AI Trading Circle: Retail Traders Use AI to Trade Cryptocurrencies, Some Earning Nearly $3000 in 48 Hours
OpenClaw has recently gained rapid popularity in China, attracting numerous developers and investors to experiment with AI-automated trading. Its impact has spread across various demographics, but it also faces security vulnerabilities and reliability concerns. While it has lowered the technical barriers to trading, investment decisions still require human oversight, and market sentiment gradually shifts amid volatility.
GateNews5h ago
Slowmist: ClawHub Has Backdoor Implantation Risk, 21% of Top 100 Skills Listed as High Risk
Slow Mist Technology warns that ClawHub poses security risks due to its reliance on GitHub one-click login, which makes it susceptible to credential theft for supply chain attacks. GoPlus scanned the top 100 Skills and discovered that 21% contain critical risks. Additionally, Tencent's SkillHub has sparked copyright controversy, with founders criticizing it for failing to provide support to open-source projects. Users are advised to carefully select Skills and adopt security measures to prevent potential attacks.
MarketWhisper5h ago
$6.9 Million Cryptocurrency Theft Case Sentenced: Singaporean Man Sentenced to Two Years for Involvement in Hacking Operation
A Singapore court sentenced a man to two years imprisonment after he was convicted of involvement in a cryptocurrency theft case that resulted in approximately $6.9 million in losses. The case stemmed from hackers illegally accessing crypto wallets and transferring assets. Police successfully identified and arrested gang members by tracing the flow of funds. Law enforcement stated that cybercrime remains active in the digital asset sector, and countries are strengthening cooperation to enhance security measures.
GateNews6h ago
Beware! Meme Coin Platform Bonk.fun Official Website Hijacked by Hackers, Users' Cryptocurrencies at Risk of Being Stolen
Solana ecosystem platform Bonk.fun was hacked with malicious code injected, resulting in theft of funds from some users. The team stated losses are limited and advised users not to interact until the vulnerability is patched. Global cryptocurrency fraud losses have reached $17 billion in 2025, with scam tactics evolving rapidly.
CryptoCity6h ago
