Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > Hackers Use Fake Zoom Link to Steal $33 Million in Cryptocurrency

Hackers Use Fake Zoom Link to Steal $33 Million in Cryptocurrency

By: Jordan Vector Cybersecurity Expert

Last updated: June 11, 2026

Human Written
Hackers Use Fake Zoom Link to Steal $33 Million in Cryptocurrency
  • Someone slipped malware into an employee’s device using a fake Zoom meeting link, thereby stealing a crypto wallet seed phrase.

  • Hackers use this method to gain access and cart away over $33 million.

  • Scams like this happen all the time now, phishing, social engineering, fake links, they’ve caused billions in losses over the past few years.

Reports indicate that an attacker has stolen several million dollars worth of cryptocurrency by compromising an employee’s device.

The attacker accomplished this first by sending the employee a fake link to Zoom, which led to the employee accidentally installing malware on their device and then providing the attacker with the wallet seed phrase.

How this Attack Unfolded

The employee received what looked like a standard Zoom meeting invitation. These messages often copy real branding and names. They look just like the ones coworkers or business partners send every day.

The victim clicked the link. It led to a fake meeting page. That page did not connect to any real call. Instead, the site asked the user to install an update or plugin. The message claimed it would fix audio or video issues. That step was the trap.

We’ve seen this type of scam many times before. Fake meeting invites are a direct vehicle for delivering RATs (Remote Access Trojans). This malware lets hackers claim control of a device from anywhere. They’d be able to see the device screen, capture keystrokes, and even steal passwords.

Full Device Control Led to Wallet Theft

After the malware installation is complete, the attackers have full visibility into the compromised machine. They could see everything the employee did, access files and even monitor transactions on wallets in real time.

To access crypto wallets, one needs the seed phrase, kinda like the master key to open the wallet. Once you have it, you can move forms from that wallet. The attacker won’t need the original device or login credentials.

The attackers found the seed phrase on the infected system. Once they had it, the wallet was completely compromised.

Before too long, over $33 million of cryptocurrency had been sucked out of the company’s wallets. Blockchain transactions move fast and they can’t be stopped. No cancel button, no way to reverse the funds.

To make things even harder for investigators, the attackers split their loot into loads of different wallets. They moved the money through several transfers almost immediately. This technique is common in large crypto thefts.

Why Fake Meetings Scams are So Good at Sneaking Past Defences

These scams are successful because they blend right in with the normal stuff people do at work. Video meetings are just a normal part of the day in tech and finance. Some workers tend to click on links without suspecting any foul play.

That trust is what attackers bank on to gain access into systems. They do not need to crack encryption or hack blockchains. They just need to convince one person to click on a single link.

This pattern has shown up again and again in major cybercrime cases. The Ronin Network hack used social engineering to swipe some validator keys – the thieves got away with about $540 million in crypto.

The WazirX exchange breach was a similar story. The attackers managed to slip inside the internal systems and get their hands on the private keys. They made off with about $235 million. The reports said the breach was the result of phishing and system compromise, not a failure of the blockchain.

And then there was the Coincheck hack in 2018, another phishing and system infiltration job that led to over $500 million in crypto losses.

The Same Old Tricks Keep Coming Back

Fake links, malware and social engineering keep turning up in major crypto thefts. Attackers start by spinning up fake websites and sending messages. They guide victims into actions that expose wallet keys or install malicious software.

Remote Access Trojans are a favorite tool. They give attackers full control of infected devices. This allows real-time monitoring and data theft without setting off alarms.

North Korean hackers are using similar tactics to infiltrate developers. Malicious packages planted across open-source ecosystems aim to steal credentials and gain access to crypto-related infrastructure.

The “TraderTraitor” campaign linked to North Korean cyber groups used fake job offers and malware to infiltrate crypto companies. The FBI has warned that these campaigns rely heavily on phishing and infected downloads.

The Problem is Getting Worse

Crypto theft is not slowing down. A recent Chainalysis report says it all: an estimated $2.7 billion was stolen from crypto platforms last year. That sets another record for digital asset theft.

Scam-related losses accounted for about $17 billion last year. Impersonation schemes and social engineering drove much of that growth. Some reports show impersonation scams increased by over 1,000% in certain attack categories.

Security analysts expect more attacks ahead. Rising crypto prices mean bigger rewards for criminals. More companies now hold large digital assets across multiple wallets. That creates more weak points to target.

Attacks directed towards human beings remain the easiest way to gain access to a target. Technical security measures alone will not provide sufficient protection; a combination of training, creating awareness, and having strong device security will be equally important to protecting sensitive data as encryption methods.

The latest attack is just one of similar scams we’ve seen play out in recent years: fake job offers, fake website mirrors, and bogus Zoom links. The tools change. The structure stays the same. Attackers rely on trust to get inside. They use malware to stay inside. And they move fast once they find valuable access.

Share this article

About the Author

Jordan Vector

Jordan Vector

Cybersecurity Expert

Jordan is a security researcher and advocate who focuses on making privacy practical. Whether he's explaining how to harden a browser or reporting on the latest surveillance disclosures, his goal is to equip readers with knowledge they can use immediately. Jordan believes that true security begins with understanding the digital landscape.

Comments (0)

No comments.