North Korean hacker group Lazarus has managed to target another prominent figure in the crypto industry. Manta Network co-founder Kenny Li announced on Twitter that he was the victim of a carefully orchestrated phishing attack via Zoom.
The attackers used recorded video footage of real team members — making the meeting appear genuine — to convince him to manually install a malicious script on his device. This method, which involved deepfakes and social engineering, means that ordinary crypto holders could also fall for such a scheme if they’re not vigilant.
How cryptocurrency is stolen
It all started with a video call from one of Lee’s acquaintances. He clearly saw the faces of the interlocutors during the conversation, but there was allegedly no sound.
The “acquaintance” then sent Lee a message offering to download a script supposedly to fix audio problems. Here’s a comment from a victim of the scammers.
I saw their real faces. It looked very real. But I didn’t hear them… then came the offer to download the script file. I immediately logged out.
To verify the identity of the interlocutor, Lee offered to continue the conversation on Google Meet. He refused, and a few seconds later, all messages were deleted, while the entrepreneur found himself on the block. He continues.
Lazarus is getting better at social engineering. The attack could have used dipfakes or recordings of previous calls when they infected or compromised other people’s devices.
Lee emphasized that he is not 100 percent sure that the Lazarus group is responsible. However, according to experts, the methodology matches their handwriting.
Unfortunately, this incident is just one of several recent attacks that Lazarus may be behind. According to Decrypt, the group is nationally funded in North Korea.
These hackers are already credited with hacking the Bybit exchange for $1.4 billion in 2025, the largest hack of trading platforms. As we can see, attackers are now actively changing their strategy, combining dipfakes, malware and social engineering to fool even seasoned cryptocurrency executives.
Lazarus is just one part of the DPRK’s massive cyberstructure. At this point, the North Korean government has engaged a network of hacking groups along the lines of AppleJeus, APT38, and TraderTraitor using a variety of methods. These range from fake job offers and Zoom calls to malware-infected npm packages and even outright blackmail.
Nick Bax of the Security Alliance’s (SEAL) white-hat hacker community noted that users need to be careful even when they receive a call from a close friend. Here’s his recommendation.
Sound problems with Zoom? It’s not a venture capitalist, it’s North Korean hackers.
Bax also described a scheme in which audio problems are reported via chat, familiar faces appear in the video, and then the victim is redirected to download malware. He stated the following.
They play on psychology. If you install “a patch”, say goodbye to security.
Giulio Xiloyannis, co-founder of the Web3 platform MON Protocol for onchain games and IP, shared a similar experience. A hacker who introduced himself as the leader of the project offered him a link to follow during a call. Of course, doing so is in no way allowed.
Paying for purchases in Bitcoin
There is some good news – Bitcoin’s fundamental acceptance continues to grow against all sorts of obstacles. Spar has started accepting bitcoin payments in a city in Switzerland. Specifically, the Spar supermarket in the city of Zug has introduced payment with BTC via the Lightning Network.
BTC payments at this store have become available thanks to BTC Mao, a community project that marks outlets that accept BTC. This was announced by DFX Swiss, a payment solutions company.
This SPAR outlet is one of the first supermarkets in Switzerland where you can pay directly in bitcoins at the checkout. All thanks to our new OpenCryptoPay solution, an open P2P standard for offline crypto payments.
Switzerland has long been considered one of the most cryptocurrency-friendly countries in Europe, as some of the first cryptocurrency initiatives were launched here. In 2023, the city of Lugano in Switzerland authorized the payment of all municipal fees in Bitcoin and USDT stablecoin, becoming one of the first city administrations in the world to implement such a practice.
According to BTCmap, there are currently 1,013 stores and companies in Switzerland that accept BTC.
The adoption of Bitcoin by such large retailers, following the example of Spar, could help boost trust in crypto payments among the majority of everyday people. Spar now operates more than 13,900 stores in 48 countries, serves more than 14.7 million customers daily and employs about 450,000 people.
Attacks via Zoom and dipfakes from Lazarus show that no one is immune to cyber threats, and this applies even to the heads of crypto projects. Therefore, holders of digital assets should be cautious and ignore any links in private messages from strangers.
Source: https://coinpaper.com/8591/lazarus-group-targets-crypto-leaders-with-deepfake-zoom-attacks