THORChain Founder Loses $1.35M in Sophisticated Deepfake Zoom and Telegram Scam

Deepfake deception hits crypto's elite—THORChain's founder just got swindled out of seven figures through a meticulously orchestrated digital impersonation scheme.

The Setup

Scammers cloned voices, replicated video calls, and built entire fake teams on Telegram to create the ultimate trust trap. No technical exploits—just pure social engineering executed with Hollywood-level production values.

The Fallout

That $1.35 million loss stings extra hard when you realize it bypassed every security protocol through human vulnerability. Even crypto veterans aren't immune to old-school cons wearing new-tech disguises.

Welcome to finance's future—where your biggest threat isn't market volatility but someone who sounds exactly like your business partner on a Zoom call.

THORChain: Multi-Stage Scam

Based on reports, the scheme began when an associate’s Telegram was compromised and a malicious meeting LINK was circulated. The target joined what appeared to be a legitimate video call, but the feed was fake.

Attackers then exploited access to the victim’s iCloud Keychain and browser profile to extract private keys tied to an old wallet, which was drained of about $1.35 million in crypto.

$1.35M was stolen from a Thorchain cofounder. Yet another reminder: if your keys are stored in a software wallet, you’re only one malicious code execution away from losing everything.

In this case, the victim didn’t even sign a malicious transaction, the malware simply stole the… pic.twitter.com/nLS4nWNFyt

— Charles Guillemet (@P3b7_) September 12, 2025

Investigators And On-Chain Sleuths Chime In

Blockchain investigators quickly traced movements and posted findings on social platforms, with some early on-chain sleuths estimating the visible value at roughly $1.2 million before later reports put the total NEAR $1.35 million.

Analysts flagged links to North Korea–connected actors based on patterns and prior behavior, though attribution in such cases can be complex and takes time to confirm.

#PeckShieldAlert A @thorchain user’s personal wallet was exploited, resulting in a loss of ~$1.2M pic.twitter.com/R385BRHoHu

— PeckShieldAlert (@PeckShieldAlert) September 12, 2025

Leaders in the crypto security scene warned the industry to treat remote meeting links and sudden file requests with deep caution.

A senior wallet developer highlighted that storing private keys in software that syncs to cloud services makes a user vulnerable if those cloud accounts are accessed by malware or other exploits. That warning was echoed across developer and security feeds after the theft was disclosed.

Reports have disclosed that a related project put up a reward to help recover the stolen funds, and community members began tracking transactions to identify where the assets moved.

Public appeals and bounties have become a common community response when large sums are siphoned off and on-chain tracing points to identifiable wallets.

This incident is part of a growing string of attacks that use fake video calls and impersonation to trick targets into running malicious code or revealing credentials.

Major cases elsewhere have cost victims millions, including an earlier story in which deepfakes and fake calls led to a multi-million loss at a corporate level.

Security researchers say criminals are now combining social engineering with AI tools to make scams more convincing.

Featured image from IT Security Guru, chart from TradingView