TLDR:
- Hackers trick users with fake podcast invites before requesting screen control through Microsoft Teams.
- Once granted, attackers get remote desktop access and can run code that drains crypto wallets.
- Security researcher Nick Bax says millions are already gone, hitting both project leaders and regular holders.
- Experts call for clearer Microsoft Teams warnings to stop more crypto users from falling victim.
Hackers have found a new way to clean out crypto wallets, and it’s catching people off guard. The method is simple, built on trust, and ends with stolen funds.
Security researcher Nick Bax shared details of the attack, warning that millions are already gone. Both project founders and everyday investors have been hit. This is a growing problem for the crypto community, and it relies on social engineering more than tech.
Bax explained that hackers are using Microsoft Teams calls to take full control of victims’ desktops. They first gain access to a real Twitter or Telegram account, or create a convincing fake. Then they contact their target with an offer: usually a podcast interview, partnership call, or investor chat.
The conversation continues until the hacker asks the victim to screen-share their project. After some time, they claim they need to share something too. That’s when a request appears asking for “control” of the screen. Most users think this is harmless and click accept.
Once accepted, the hacker has remote control of the computer. Bax warned that they can now run commands, install malware, and empty wallets. This is not a technical exploit but a social one, and it works.
Hackers are using Microsoft Teams to pwn people and steal their crypto.
The attack is deceptively simple and relies on social engineering as well as malware.
They've already stolen millions of dollars from both project founders and normal users.
How it works
— Nick Bax.eth (@bax1337) September 12, 2025
Crypto Security Risks Widen
According to Bax, this attack is harder to spot on Microsoft Teams because of how the dialog is worded. The message says “Requesting control,” which sounds routine. On other platforms like Zoom, there are extra warning clicks before control is handed over. This difference makes Teams a softer target.
Bax even tested creating a fake Teams account using Cyrillic characters to mimic “Microsoft Teams.” He said the platform allowed it, making it easier for attackers to trick victims. The result is a mix of bad UX design and patient social engineering.
This attack has been active for months and keeps evolving. The initial hook may change, but the result is the same: a complete desktop takeover. Crypto investors and project leaders are urged to treat all screen control requests as high-risk.
Security experts say users should verify who they are speaking to before any screen share. Turning off screen control permissions unless absolutely needed can also prevent attacks. Bax called on Microsoft to add clearer warnings so users understand what they are agreeing to before control is granted.
The post Hackers Use Microsoft Teams to Hijack Crypto Wallets: What To Know appeared first on Blockonomi.
Source: https://blockonomi.com/hackers-use-microsoft-teams-to-hijack-crypto-wallets-what-to-know/