A recent phishing attack took partner at Hypersphere Mehdi Farooq by surprise. This focused attack resulted in the loss of a significant portion of his life savings. Farooq acknowledges that he is personally responsible for security failures that contributed to the tragedy. The scheme required serious finesse—it included an elaborate Zoom ruse and some serious impersonation skills. The incident highlights the increasing dangers that people face in the crypto industry. It shines a light on the evolving tactics of bad actors.

Farooq came on board with Hypersphere earlier this year after a nearly three-year stint with Animoca Brands. When the attack occurred, Vox was overseeing treasury transactions. Since Andrew had met and connected with Fellow Alex Lin before, he was able to set up a meeting with Alex using Lin’s Calendly link. What started as this pretty routine outreach became the worst-case scenario.

The Phishing Scheme Unfolds

Farooq hopped on an Alex Lin – as released through the Calendly link – Zoom call. Yet to his chagrin, he soon found out that there was no sound coming through on the call. In the weeks leading up to the attack, Farooq had been pressured into migrating to Zoom Business by Alex Lin for “compliance reasons”. In the fake call, the impersonator pretended that one of Lin’s LPs, Kent, was going to join the meeting.

Even after the attack started, the attacker was boasting on Telegram about the attack and didn’t miss a beat. In a twist, Farooq would later realize that Alex Lin’s actual Telegram account had been compromised.

The Aftermath of the Attack

Six wallets drained (my fault for not keeping things more buttoned up). My laptop compromised completely. - Farooq

The attack drained six of Farooq’s wallets. He said that was due to his own negligence in not storing items properly. The attacker got full access to his laptop.

This was shown to be tied to a North Korea-affiliated threat actor identified in Sysdig’s research as “dangrouspassword,” Farooq said. This eye-opening finding shines a light on just how organized and well-funded that criminal actors have become with these types of cybercrimes.

He even joked: ‘Let’s catch up at SG.’ - Farooq

The impersonator even played along with Farooq, pretending to plan a meeting with her at SG. Combined, this moment demonstrates the attack’s audaciousness, and the attacker’s attempt to maintain the facade of normalcy.

Lessons Learned and Security Recommendations

Farooq’s ordeal stands as a cautionary tale, underscoring the need for strong security measures in the fast-evolving cryptocurrency landscape. Both people and companies need to be on high alert against phishing scams, particularly those that use impersonation and social engineering techniques.

It is important to make sure you know who you’re communicating with before starting sensitive conversations or transactions. You can do this by enabling multi-factor authentication. Never trust contact information and be sure to be suspicious of any out of the norm requests or departures from normal procedures.