Mehdi Farooq, a well-known partner at the crypto investment firm Hypersphere, has found himself on the wrong end of a nasty surprise.
In what seemed like an ordinary day at the office, he walked straight into a trap masked as a Zoom meeting—and in no time, his hard-earned fortune vanished into the wind. It was the kind of sting that leaves even seasoned pros shaking their heads.
Image 1 (Source: The Economic Times)
One Click, and It All Went South
It all kicked off with a familiar face popping up on Telegram. A message came through from someone calling themselves Alex Lin—a name Farooq had crossed paths with before. With past dealings under their belt, Farooq didn’t think twice. He sent over his calendar and pencilled in a video call, expecting nothing more than a typical business chat.
But just before the call, “Alex” nudged him to switch platforms. He asked to move things over to Zoom Business, adding that someone named “Kent” would be tagging along. In Farooq’s line of work, things change fast, and compliance requests are par for the course. Nothing set off alarm bells.
He jumped on the call. Two faces showed up that rang a bell. There was no sound, but the pair messaged him in the Zoom chat, saying his software might need an update. Trying to be helpful, Farooq followed the link they provided. That was the moment the rug got pulled out from under him.
Instead of an update, what he downloaded was a wolf in disguise. It was malware, plain and simple. Once it had sunk its claws into his device, the crooks took the reins. As they chatted about crypto and trips to Singapore on Telegram, they were quietly draining his digital wallets dry—every last coin.
These Guys Weren’t Born Yesterday
Later, the pieces started falling into place. The real Alex Lin’s Telegram had been hijacked. The messages came from an imposter. Experts in cybersecurity later connected the dots, suggesting the attackers were part of a North Korean-linked cyber crew known by the name “dangrouspassword.”
This wasn’t the work of backyard hackers fiddling in their basement. These were pros—slick operators with the patience of a spider and the precision of a surgeon. Their method? Clone familiar tools, mimic trusted names, and strike at the perfect moment. They’ve taken billions using charm, smarts, and timing sharper than a tack.
He’s Not the Only One Left Picking Up the Pieces
Sadly, Farooq’s case is far from rare. Just a few weeks ago, another investor known online as “Still in the Game” fell for a similar ruse. A dodgy Zoom link later, $6 million had gone up in smoke.
Back in April, an elderly crypto holder was stung for an eye-watering $330 million. These crooks copy entire websites, tweak domain names by just a letter, and bait their traps with uncanny detail. By the time victims realise something’s off, the damage is done. It’s like locking the stable after the horse has bolted.
The Danger Hides in Plain Sight
What makes these scams so effective is how well they blend into the everyday hustle. They don’t smash their way in—they stroll through the front door wearing a smile and a business suit.
Tools meant to make work easier, like Calendly or Zoom, are being turned into Trojan horses. Once malware gets in, it’s game over. Zoom’s screen-sharing and remote access tools, meant to help collaborate, now hand the keys straight to the thieves. Mid-call prompts to update your app aren’t fixes—they’re digital bear traps.
Image 2 (Source: The Business Journals)
How to Avoid Getting Burned
Still, there are ways to stay one step ahead. First off, don’t take things at face value. If something feels fishy during a call, trust your gut. Suspicious prompts or sudden requests should raise red flags.
Second, confirm details the old-fashioned way. Call or message the person directly using a different method. A quick cross-check could’ve saved Farooq a small fortune.
Read also: Bitcoin Dormant Supply Surpasses New Issuance, Marking Historic Shift
Make sure remote control features are turned off unless absolutely necessary. And never—repeat, never—click on pop-up updates during a call. Always go straight to the official app or website to check for updates. No shortcuts.
When it comes to protecting your digital gold, think like a bank. Use hardware wallets, enable multi-factor authentication, and never put all your eggs in one basket.
