North Korean hackers are using fake video calls to infiltrate the crypto space—Manta Network’s co-founder shares a close call.
The Lazarus Group, North Korea’s notorious state-backed hacker organization, is ramping up its efforts to target leaders in the crypto industry. According to Kenny Li, co-founder of Manta Network, the group is using a new trick—fake Zoom calls—to launch sophisticated phishing and social engineering attacks on unsuspecting victims.
The Trap: A Zoom Call That Didn’t Seem Right
Li recently shared on social media that he was contacted through Telegram by someone he knew and trusted. The contact invited him to join what appeared to be a standard Zoom call. However, things took a suspicious turn once Li opened the app.
“When I got on the Zoom, it asked me for camera access, which I found a bit odd because I have used Zoom many times,” Li said.
Despite seeing familiar faces on the screen, which gave the call a sense of legitimacy, Li trusted his instincts and exited the session before anything could go wrong. He then messaged his contact directly through Telegram to verify the call, but got an even bigger red flag.
“He then proceeded to erase all the messages and block me,” Li added.
A Sophisticated Scheme
This incident highlights the growing sophistication of the Lazarus Group’s attacks. Security researchers believe the hackers are using fake Zoom-like platforms with malicious code, potentially designed to access a victim’s device, camera, or even private keys and wallet data.
To add legitimacy, attackers may use pre-recorded videos of well-known founders or team members. This approach lowers the target’s defenses and creates a false sense of trust during the interaction. It’s a level of deception that goes far beyond the usual phishing email or spoofed website.
Li’s experience shows how social engineering—a tactic where attackers manipulate people into giving up confidential information—remains a top strategy in the crypto hacking world.
Why Lazarus Is Going After Founders
Lazarus Group has made headlines for some of the biggest crypto heists in history. In April 2024, blockchain analytics firms estimated that Lazarus was holding over 9,400 BTC, worth more than $793 million at the time. That figure puts North Korea behind only the U.S. and the U.K. in terms of total bitcoin holdings — most of it obtained through illicit means.
Founders and executives are particularly high-value targets because they often have access to admin wallets, seed phrases, internal systems, and privileged communications. Compromising a single founder could mean full access to a project’s treasury, smart contracts, and even user funds.
Red Flags in the Industry
Kenny Li’s close call is just one part of a bigger trend of high-profile Web3 and DeFi people being targeted. Cybersecurity experts have noted that increased regulation and tightening security controls at a protocol and exchange level have made hackers shift their focus to people, where the human layer is the weakest link.
It’s not only encouraged for projects to implement internal security training, but also to use strict multi-signature control over funds, and rely on verified channels of communication. It is encouraged to never download third-party meeting apps and, at the very least, verify with the person you are communicating with before accepting calls or downloads from them, especially if they come unexpectedly.
Staying One Step Ahead
While Li was lucky enough to spot the red flags in time, others might not be. With Lazarus Group continuing to evolve its tactics, the crypto community must remain alert and proactive.
Security researchers and blockchain analytics firms are calling for increased cooperation between Web3 projects and cybersecurity teams. Platforms like SlowMist, Chainalysis, and CertiK have already begun working more closely with DeFi protocols to flag suspicious wallet activity and trace on-chain transactions linked to Lazarus and similar state-backed groups.
The Bottom Line
Lazarus is no longer just hacking platforms—they’re targeting the people behind them. As this latest incident shows, even something as routine as a video call could be a trap.
Crypto leaders are advised to stay alert, verify everything, and always trust their instincts. In a space where one wrong click can cost millions, caution isn’t just smart—it’s essential.