Hackers from the North Korean Lazarus group managed to "get" to another well-known personality in the crypto industry.

In particular, Kenny Lee, co-founder of the Manta Network project, said on Twitter that he was the target of a carefully planned phishing attack through the Zoom platform.

Deepfakes were used in this platform, where they convinced the victim to install a malicious script on their device with their own hands, which means that ordinary coin holders can also fall for the scheme.

How cryptocurrency is stolen.

It all started with a video call from one of Lee's acquaintances. He clearly saw the faces of the interlocutors during the conversation, but there was allegedly no sound.

Then Lee's "acquaintance" sent a message offering to download a script, ostensibly to fix audio problems. Here is a comment from a victim of scammers.

I saw their real faces. It all looked very plausible. But I didn't hear them... then there was an offer to download the script file. I went out immediately.

To verify the identity of the interviewee, Lee suggested continuing the conversation in a Google Meet. He refused, and a few seconds later all the messages were deleted, while the entrepreneur ended up in the block altogether. He continues.

Lazarus is getting better at social engineering. The attack could have used deepfakes or recordings of previous calls when they infected or hacked other people's devices.

Lee stressed that he is not 100 percent sure that this is the work of the Lazarus group. However, according to experts, the technique matches their handwriting.

Unfortunately, this incident is just one of several recent attacks that Lazarus representatives may be behind. According to Decrypt sources, the group is funded at the national level in North Korea.

(Deepfakes are becoming more popular among cryptocurrency scammers)

These hackers are already considered guilty of hacking the Bibit exchange for $ 1.4 billion in 2025, which became the largest hacking of trading platforms. As you can see, attackers are now actively changing their strategy, combining deepfakes, malicious software and social engineering to deceive even experienced managers of crypto companies.

Lazarus is just one of the divisions of the DPRK's large–scale cyber structure. At the moment, the North Korean government is using a network of hacker groups, following the example of AppleJesus, APT 38 and TraderTraitor, using various methods. They range from fake job offers and Zoom calls to malware-infected npm packages and even outright blackmail.

Nick Bax from the Security Alliance (SEAL) community of white hackers noted that users need to be attentive even when they receive a call from close friends. Here is his recommendation.

Problems with sound in Zoom? This is not a venture capitalist, but North Korean hackers.

Bax also described a scheme in which audio problems are reported via chat, familiar faces appear in the video, and then the victim is redirected to download malicious software. He stated the following.

They play on psychology. I installed a "patch" – say goodbye to security.

Julio Xiloyannis, co-founder of Web 3, the MON Protocol platform for online gaming and IP, shared a similar experience. The hacker, who introduced himself as the project leader, invited him to follow the link during the call. Of course, this should never be done.