THORchain Co-Founder Loses $1.3M in North Korean Zoom Scam - Crypto Security Wake-Up Call

Another day, another crypto heist—only this time it's not a protocol exploit but good old-fashioned social engineering hitting where it hurts.

THE ZOOM TRAP

North Korean operatives just pulled off a $1.3 million digital heist against a THORchain co-founder. No smart contract bugs, no bridge vulnerabilities—just a convincing Zoom call that bypassed all crypto security protocols. They didn’t hack the chain; they hacked the human.

THE AFTERMATH

The incident exposes the soft underbelly of decentralized finance: overconfidence in personal opsec. While teams focus on auditing code, phishing attacks slice straight through Twitter DMs and video calls. It’s the kind of attack that makes hardware wallets look like medieval armor against a drone strike.

WAKE-UP CALL OR SAME OLD STORY?

Crypto’s greatest strength—permissionless access—is also its weakest link. No customer support line to call, no fraud department to reverse transactions. You lose your keys, you lose your crypto. You trust the wrong screen-share request, you lose $1.3 million. Maybe the real decentralized finance was the friends we lost along the way… to Pyongyang.

And somewhere, a traditional banker is sipping a martini, muttering 'I told you so' into his Bloomberg terminal.

North Korean hackers’ playbook against crypto execs

Earlier this year, multiple crypto executives were targeted through a similar pattern of deepfake impersonations during video calls, resulting in significant losses. These attacks use advanced tactics, often involving AI-assisted voice or video disguise, malicious update prompts, and compromised device security.

The frequency of these attacks drew warning from security experts and industry figures alike, who urged the industry to treat video verification with skepticism, noting that seeing a friendly face or hearing a familiar voice is no longer a reliable trust marker in light of AI deepfakes.

Throughout the year, North Korea-linked cyber groups have significantly escalated attacks on both institutions and individuals across the crypto space. The scale of thefts is already measured in billions of dollars, and the tactics have diversified beyond traditional exchange hacks and deepfake Zoom calls to fake job offers, identity fraud, and infiltration of developer networks.

The most headline-grabbing loss was the $1.5 billion theft from Bybit in February, which TRM and law enforcement have confidently attributed to North Korea. That single event makes up a large share of the $2.17B service losses reported so far this year in crypto theft.