Mehdi Farooq, an investment partner at crypto venture capital firm Hypersphere, has revealed that he lost years of life savings after falling victim to a highly targeted phishing attack involving a fake Zoom call. The elaborate scam cost him six crypto wallets and full control of his laptop.

The incident began innocently when Farooq received a Telegram message from “Alex Lin,” a known contact. The message was casual, Lin wanted to reconnect. Since the two had interacted before, the outreach felt legitimate. Farooq shared his Calendly link, and a meeting was scheduled.

A Deceptive Setup Through Zoom

Just before the scheduled meeting, “Lin” asked to switch platforms and move the call to Zoom Business, citing compliance concerns. Farooq agreed, especially since a third person “Kent,” another familiar name was said to be joining. Given Farooq’s experience managing crypto treasury deals, this didn’t raise red flags.

However, when Farooq joined the Zoom call, something was off. There was no audio, even though both participants appeared on-screen. A message in the Zoom chat instructed him to update Zoom to fix the issue. Trusting the familiar context, he ran the update only to unknowingly install malware.

“Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely,” Farooq later wrote on X.

Years of Savings Lost in Minutes

Once the malicious software was executed, Farooq’s device and digital assets were quickly hijacked. He watched helplessly as his wallets were emptied one after the other. “Years of savings… gone in minutes,” he shared, visibly shaken by the event.

What made the experience even more chilling was that the attacker, still posing as “Alex Lin,” continued chatting with Farooq on Telegram during and after the theft. The impersonator even joked: “Let’s catch up at SG,” referring to an upcoming event.

Later investigation revealed that the real Alex Lin’s Telegram account had been compromised. The phishing campaign has been linked to a North Korea-affiliated hacker group using the alias “dangrouspassword.”

An Escalating Threat in Crypto Circles

Farooq’s experience is just the latest in a string of increasingly sophisticated phishing attacks targeting crypto professionals. The crypto space, due to its decentralised and often anonymous nature, continues to be a prime target for cybercriminals.

Only weeks earlier, BitGo CEO Mike Belshe warned about scammers impersonating hardware wallet manufacturer Ledger. Fraudsters have been mailing letters via USPS to crypto users, urging them to scan QR codes under the guise of validating wallets. The links lead to phishing sites designed to drain users’ assets.

In another alarming case, on-chain investigator ZackXBT confirmed that $330 million in Bitcoin was stolen from an elderly victim in April through a phishing attack.

These events underscore a growing pattern: attackers are no longer relying on generic emails or basic scams. They’re conducting deep research, hijacking real identities, and creating believable scenarios to exploit trust in professional settings.

Takeaways: How to Stay Safe

The attack on Farooq highlights the urgent need for stronger operational security practices among crypto investors and professionals. Here are some key precautions:

• Always verify platform links: Use official sites and URLs directly rather than clicking on links from messages or calls.
• Avoid software downloads during calls: No genuine platform will ever ask you to update software via a call chat.
• Use hardware wallets for cold storage: Keep large amounts of crypto offline in hardware wallets to minimise exposure.
• Enable 2FA and multi-sig wallets: Layered security significantly reduces the risk of full asset compromise.
• Verify identities independently: Even if someone appears familiar, confirm via a second channel before proceeding with sensitive interactions.

As Farooq put it, the loss was “entirely preventable” a harsh reminder that even seasoned professionals are not immune. In a space where billions are at stake, constant vigilance remains the only defence.