Lazarus, a North Korean hacker collective, has targeted another notable figure within the crypto-industry. Kenny Li, co-founder of Manta Network and Zoom, announced via Twitter that he had been the victim a well orchestrated phishing scam.
Attackers used video recordings of actual team members to make the meeting seem real. This convinced him to install malicious code manually on his device. The attackers used social engineering and deepfakes to convince him that the meeting was real.
The theft of cryptocurrency
The whole thing began with a video chat from a friend of Lee. The interlocutors’ faces were clearly visible, yet there is no audio.
Lee received a second message from the “acquaintance”, offering him to download an audio script that would fix his problems. A victim’s comment is below.
It looked like their faces. I saw their real faces. Then I was offered the option to download the file. I immediately signed out.
Lee suggested that the conversation be continued on Google Meet to verify the identity. The entrepreneur refused and, a few moments later, the messages were all deleted. He goes on.
Lazarus gets better and better at social engineering. It is possible that the attackers used recordings or dipfakes of past calls to infect or compromise other devices.
Lee stressed that he was not certain that Lazarus is the culprit. Experts say that the handwriting matches up with their methodology.
Lazarus is likely to be responsible for several other recent incidents. Decrypt claims that the group has national funding in North Korea.
The hackers have already been credited for hacking Bybit’s exchange in 2025. This was the biggest hack of trading platforms. We can now see that attackers have changed their tactics, using malware, social engineering, and dipfakes to trick even the most experienced cryptocurrency executives.
Lazarus represents just a small part of DPRK’s vast cyberstructure. North Korea has, at this stage, engaged a number of hacking teams, including AppleJeus and APT38. They range from fraudulent job offers, Zoom calls and malware-infected packages to outright blackmail.
Nick Bax, a member of Security Alliance (SEAL), the white-hat hackers community, said that even when receiving a phone call from an intimate friend users should be cautious. His recommendation is below.
Zoom having sound problems? North Korean hackers are the culprits, not venture capitalists.
Bax described another scheme, in which the audio problem is reported through chat and familiar faces are shown in the video. The victim then gets redirected in order to download malicious software. He said the following.
Psychological tricks are used. You will lose security if you “patch” your system.
GiulioXiloyannis shared the same experience. A hacker, who identified himself as the head of the project during the call, offered him the link. This is not allowed.
Paying in Bitcoin
Bitcoin is still growing in acceptance despite all obstacles. Spar in Switzerland has begun accepting bitcoins. Spar in Zug, Switzerland has started accepting BTC payments via Lightning Network.
BTC Mao is a project of the community that marks stores that accept BTC. The announcement was made by DFX Swiss a company that provides payment solutions.
The SPAR store in Switzerland is the first to accept bitcoins directly at the check-out. Our new OpenCryptoPay, an open standard P2P for offline crypto payment is the reason.
Switzerland has long been considered one of the most cryptocurrency-friendly countries in Europe, as some of the first cryptocurrency initiatives were launched here. The city of Lugano, Switzerland, authorized payment of municipal fees using Bitcoin or USDT stablecoin in 2023. It was one of the very first cities in the world that implemented this practice.
BTCmap shows that there are 1,013 shops and businesses in Switzerland currently accepting BTC.
Spar’s adoption of Bitcoin could boost the trust of the general public in cryptocurrency payments. Spar operates over 13,900 stores across 48 countries. It serves 14.7 millions customers every day and employs around 450,000 staff.
Cyber threats are not confined to crypto project heads. Attacks by Zoom and Lazarus’ dipfakes show this. Holders of digital assets must be careful and not click on any links sent to them in private messages by strangers.
