The Security Alliance uncovers a scheme to hack crypto wallets via Zoom calls
One of the victims was the head of the NFT platform Emblem Vault
15.04.2025 - 10:50
533
4 min
0
What’s new? Jake Gallen, the CEO of non-fungible token (NFT) platform Emblem Vault, has revealed that he lost over $100 000 worth of BTC and ETH from several personal wallets after a suspicious Zoom call. IS experts at The Security Alliance, who studied this and similar incidents, found that the attacker used social engineering techniques to encourage victims to install malware to empty their crypto wallets.
What else is known? Jake Gallen claims that the malware on his device appeared after a Zoom call-in interview with the author of a YouTube channel with over 90 000 subscribers. He had previously arranged this interview in X with a user posing as the CEO of a mining platform with 26 000 subscribers.
During the call, Gallen’s camera was turned off. During the call, he tricked the businessman into installing a program called GOOPDATE, which extracted credentials and allowed access to crypto wallets.
Chinese court sentences a group of crypto scammers to up to 15 years in prison
The number of victims exceeded 60 000 and the amount of damage reached $5б6 million
Among other things, the hacker gained access to Gallen’s wallet from vendor Ledger, even though he had logged in only a few times over three years and had never digitally recorded the password anywhere. In addition, the hacker hacked into the businessman’s X account and began corresponding with other potential victims on his behalf.
As explained by the victim himself, such a scheme can be realized when the guest of a call allows remote access to its creator. Although this is a requested feature, it is activated by default in all Zoom accounts.
An NFT collector under the nickname Leonidas has therefore called on all members of the crypto community to disallow remote access in the calling app. “If you don’t do this, anybody who is on a Zoom call with your employees can take over their entire computer by default,” he said.
For their part, experts at The Security Alliance insist that remote access still requires victim consent and is not provided by default.
Find jobs or trouble. A new threat to blockchain developers and crypto projects
Hackers are increasingly trying to hack large companies or projects through developers, offering them jobs
However, they revealed that the hacker behind this hack, known as ELUSIVE COMET, runs Aureon Capital, which positions itself as a venture capital firm. The hacker himself has already stolen millions of dollars worth of assets.
Useful material?
Telegram 
Twitter Incidents
Developers warned of potential risks to bridges across the ecosystem and asked exchanges for assistance.
Jun 22, 2026
Incidents
The defendant helped move funds stolen through investment scams and earned at least $4 million for his role in the operation.
Jun 10, 2026
Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Cryptocurrency rates
-
Bitcoin
$62 835
BTC
-2.05%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.11
XRP
-2%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.078958
DOGE
-4.32%
-
Zcash
$417.84
ZEC
-5.82%
-
Stellar XLM
$0.19625
XLM
-2.35%
-
Cardano
$0.152572
ADA
-4.16%
-
Polkadot
$3.32
DOT
+5.27%