Mehdi Farooq, investment partner at Hypersphere, who recently survived a particularly sophisticated phishing attack. This cyber attack set him back tens of thousands of dollars, a significant blow to his life savings. The attack included a very artistic honeypot Zoom call. This recent situation is further evidence of the evolution of risk around cyber attacks directed at people in the crypto world. Farooq, who joined Hypersphere earlier this year, had previously spent almost three years at Animoca Brands. At the time of the attack, he was still deeply engaged in the execution of treasury trades.
The whole thing started when Farooq sent a meeting invitation to Alex Lin, using Lin’s publicly available Calendly link. But once Farooq joined the Zoom call, he immediately ran into trouble, facing a technical issue. His own audio was not working.
The Anatomy of the Attack
The attacker, masquerading as Alex Lin, asked that Farooq migrate them to Zoom Business for “compliance purposes.” Farooq had been told that Kent, one of Lin’s other Limited Partners (LPs), would be on the call. Turns out, Alex Lin’s actual account had just been hacked. The person communicating with Farooq had in fact been an imposter.
Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely - Farooq
Only after the fact did Farooq find out how deep the breach had run. He realized that a phishing attack had emptied six of his wallets. Of the awkwardness, he said the biggest vulnerability came when he personally dropped the ball on security procedures.
North Korean Link and Aftermath
It was discovered upon further investigation that this domain was related to a North Korea-affiliated threat actor referred to as “dangrouspassword.” This disclosure illustrates the role of advanced, state-sponsored actors in cryptocurrency-related cybercrime. Yet, throughout this time, the impersonator still kept chatting with Farooq on Telegram, unaware that he was still robbing them.
He even joked: ‘Let’s catch up at SG.’ - Farooq
Here’s how Farooq described his experience on X. He spoke to the cryptocurrency community about the risks of advanced phishing attacks. This case is a timely reminder of the need for heightened vigilance across the digital asset landscape. It advocates for more rigorous security practices to guard our nation’s assets.
Lessons Learned
Yet this incident speaks to the important desire to authenticate identities on a digital platform. It’s crucial to take the time to do this, particularly when dealing with money. It serves as a reminder of the importance of vigilance and robust security protocols in safeguarding against ever-evolving cyber threats. Employing multi-factor authentication, using hardware wallets, and conducting frequent security audits are all key measures in protecting digital assets.
Tran Quoc Duy
Blockchain Editor
Tran Quoc Duy offers centrist, well-grounded blockchain analysis, focusing on practical risks and utility in cryptocurrency domains. His analytical depth and subtle humor bring a thoughtful, measured voice to staking and mining topics. In his spare time, he enjoys landscape painting and classic science fiction novels.
