Mehdi Farooq, an investment partner at crypto venture capital firm Hypersphere, revealed on Thursday that he lost a significant portion of his life savings in a targeted phishing attack orchestrated through a fake Zoom call.

In a post on X, Farooq explained that the attack began with a message on Telegram from Alex Lin, someone he knew. “He wanted to catch up,” Farooq recounted.

The two had previously interacted, making the outreach seem routine. Farooq then shared his Calendly link with Lin, who scheduled a meeting for the next day.

Minutes before the scheduled call, Lin asked to switch to Zoom Business “for compliance reasons,” adding that one of his LPs, Kent, another familiar name, would be joining. Given that Farooq had been managing treasury deals, the request didn’t raise suspicion.

Related: Investor loses $2.6M in zero-transfer phishing scam

Zoom update prompt leads to full wallet drain

Farooq said he joined the scheduled Zoom call to find there was no audio, though both participants appeared on screen. In the chat, they instructed him to update Zoom to fix the issue. Shortly after running the update, his system was compromised.

“Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely,” he wrote.

Farooq faces issues with audio during a fake Zoom call. Source: Farooq

Farooq added that while the attack was underway, the impersonator continued chatting on Telegram as if nothing was wrong. “He even joked: ‘Let’s catch up at SG.’” The hackers eventually drained “years of savings… in minutes.”

He later discovered that Alex Lin’s real account had been hijacked. According to Farooq, the attack was linked to a North Korea-affiliated threat actor known as “dangrouspassword.”

Earlier this year, Farooq joined Hypersphere as an investment partner, focusing on liquid and venture opportunities. He previously spent almost three years at Animoca Brands.

Coinpectra reached out to Farooq for comment but had not received a response by publication.

Related: Phishing scams top crypto security threat of 2024 — CertiK

Phishing attacks target crypto pros

The breach comes amid increasing sophistication of phishing attacks targeting crypto professionals.

Last month, BitGo CEO Mike Belshe revealed that scammers impersonating hardware wallet maker Ledger are mailing fake letters to crypto users, urging them to “validate” their wallets or risk losing access to funds. The letters, sent via USPS, contained QR codes likely leading to phishing sites.

In April, $330 million in Bitcoin (BTC) was stolen from an elderly individual through a phishing attack, onchain detective ZackXBT confirmed.

Magazine: Bitcoin’s invisible tug-of-war between suits and cypherpunks