Several crypto founders are learning the hard way that not every Zoom call is what it seems. North Korea‘s notorious Lazarus Group is now targeting crypto bigwigs through fake video calls, and they’re getting creepily good at it.
Just ask Kenny Li, co-founder of Manta Network, who nearly fell for their trap in April 2025. The hackers, pretending to be someone Li knew, set up what looked like a routine Zoom meeting. But something felt off when they asked for camera access – while already visible on screen. Classic rookie mistake, hackers. The attackers frequently use Calendly links to schedule these deceptive Zoom meetings.
Here’s where it gets wild: These aren’t your garden-variety scammers. The Lazarus Group is sitting on a fat stack of 9,400 Bitcoin worth over $793 million, making North Korea the third-largest Bitcoin holder after the US and UK. Fresh off their $1.4 billion ByBit heist, they’re now going after individual founders with surgical precision. Like traditional digital wallets, their stolen funds are secured through private keys that make recovery nearly impossible.
The attackers are using everything from deepfake technology to pre-recorded videos of actual crypto founders. They’re even exploiting Zoom’s Remote Control feature to deploy malware. The group has mastered social engineering techniques to create an illusion of legitimacy. It’s basically spycraft-level stuff, minus the fancy suits and martinis.
Their playbook is evolving too. They’ll slide into your DMs through compromised accounts, set up seemingly legitimate meetings, and then hit you with sketchy permission requests or suspicious file downloads. When the jig is up, they vanish – deleting chat histories and blocking targets faster than you can say “blockchain.”
The campaign, dubbed “Elusive Comet” by researchers who clearly enjoy dramatic names, isn’t just limited to Zoom. These hackers are spreading their nets wide, using fake LinkedIn job offers and even sponsored Google ads to deliver their digital nasties.
What makes this particularly unsettling is the sophistication. We’re not talking about those “Nigerian prince” emails anymore. These state-sponsored actors are playing chess while most security systems are still playing checkers. And in the crypto world, one wrong move can cost millions.
