Manta Network co-founder Kenny Li was targeted by a highly sophisticated phishing attack via Zoom, simulating a legitimate video call with well-known faces in the crypto world.
During the meeting, the cameras were on and the images seemed authentic, but there was no audio, which raised Li's suspicions. In X, he explained that the attackers asked him download a script file under the guise of a Zoom update, a clear attempt to install malware.
Li decided leave the call immediately and tried to verify the identity of the interlocutor through Telegram, but was blocked and the messages were deleted.
The co-founder of Manta Network, a network focused on Polkadot's scalability and privacy, attributes this attack to the Lazarus Group, a North Korean hacker collective known for its targeted operations against the crypto ecosystem. According to Li, the images used in the video call were real recordings of team members, not generated by artificial intelligence, which increased the credibility of the hoax.
TRADE WITH CONFIDENCE – PREPARE YOUR WALLETIn the face of the threat, Li warned the crypto community about the importance of Do not download unexpected files during virtual meetings, as these attacks exploit users' trust and mental fatigue. This incident reveals a new type of scam that puts the security of digital assets and sensitive data at risk in the blockchain and Web3 industries.
Li thwarts sophisticated phishing attack
According to Li, he noticed something unusual about the Zoom call. Despite ostensibly being a professional video call between Web3 ecosystem leaders, there was no audio, which is extremely rare and raised his alarm. This inconsistency was a key indicator that something was wrong.
However, Li he highlighted What made the scenario more credible was that real videos from previous meetings were used, not generated by artificial intelligence, which demonstrated meticulous preparation by the attackers.
"The team members had their cameras on. I could see their legitimate faces. Everything seemed very real. But I couldn't hear them. It said my Zoom needed an update. But it asked me to download a script file.", commented on X.
As mentioned, the attack consisted of asking Li to download a supposed Zoom update, actually a malicious script designed to steal passwords and data. Faced with this unusual request and under pressure, Li's accumulated experience and digital vigilance allowed him to identify the trap and abandon the call in time.
"I left immediately. I messaged the guy on Telegram and told him to call me on TG to check. He then proceeded to delete all the messages and block me."
This case demonstrates that the absence of audio, a sudden new version downloading during a call, or any unusual request should be red flags for any user.
BUY MANTA NETWORK HEREThe importance of avoiding downloads during virtual meetings
Downloading files or updates during a video call should always be a reason for distrust, especially if accompanied by urgent messages or last-minute requests. Cybercriminals take advantage of the mental and emotional fatigue that professionals often experience, as they are frequently faced with unscheduled meetings and multiple simultaneous requests. In this context, asking participants to download a file can be the gateway to a successful phishing attack.
The Kenny Li case demonstrates that attackers not only seek to breach technical systems but also exploit people's trust and work routines. Therefore, it is vital to maintain a critical and cautious approach. If there is a real need to download a file, it is advisable to verify the legitimacy of the source through other channels, such as a direct message or a phone call. Additionally, suggesting alternatives such as migrating the meeting to recognized platforms can throw off the attacker and prevent you from falling into their trap.
Certificate
Blockchain Course
Basic levelTake this course where we explain blockchain in a clear, simple and concise way so that you have a very clear idea of what this new technology consists of.
Measures to protect yourself in the blockchain ecosystem
The blockchain environment is particularly vulnerable to phishing attacks due to the high value of private keys and data handled by users. Kenny Li's experience not only serves to warn ordinary users, but also to alert founders and developers of the ecosystem about the importance of implementing rigorous security measures. First, the constant digital surveillance It is essential, where identity validation is carried out through different channels and on a permanent basis.
Never download files or run scripts without thorough prior verification. It's essential to educate teams and users on how to identify suspicious signals in video calls, keep security software up-to-date, and activate multi-factor authentication (MFA). Secondly, the community must promote a culture of reporting and reporting any detected anomalies to prevent others from falling into the same trap. These types of sophisticated attacks, which use real recordings of trusted faces, require a higher level of caution than usual, as the appearance of authenticity can be very convincing.
INVITE AND WINRecent experience also highlights the need to diversify communication tools and not rely exclusively on a single application, as well as to foster a healthy distrust of unusual requests. In short, a combination of technical measures, ongoing education, and attention to atypical behavior during video calls is the best defense against these emerging threats.
Investing in cryptoassets is not fully regulated, may not be suitable for retail investors due to high volatility and there is a risk of losing all invested amounts.
