{"id":47348,"date":"2025-09-13T06:46:31","date_gmt":"2025-09-13T06:46:31","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=47348"},"modified":"2025-09-13T06:46:31","modified_gmt":"2025-09-13T06:46:31","slug":"thorchain-founder-loses-1-35m-after-deepfake-zoom-and-telegram-scam","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=47348","title":{"rendered":"THORChain Founder Loses $1.35M After Deepfake Zoom And Telegram Scam"},"content":{"rendered":"
\n

A co-founder of THORChain had roughly $1.35 million taken from a forgotten MetaMask wallet after attackers used a hacked Telegram account and a fake Zoom meeting to gain access to his stored keys, according to reports. The theft was first flagged on-chain and later confirmed by multiple news outlets and investigators.<\/p>\n

THORChain: Multi-Stage Scam<\/h2>\n

Based on reports, the scheme began when an associate\u2019s Telegram was compromised and a malicious meeting link was circulated. The target joined what appeared to be a legitimate video call, but the feed was fake.<\/p>\n

Attackers then exploited access to the victim\u2019s iCloud Keychain and browser profile to extract private keys tied to an old wallet, which was drained of about $1.35 million in crypto.<\/p>\n

\n

$1.35M was stolen from a Thorchain cofounder. Yet another reminder: if your keys are stored in a software wallet, you\u2019re only one malicious code execution away from losing everything.<\/p>\n

In this case, the victim didn\u2019t even sign a malicious transaction, the malware simply stole the\u2026 pic.twitter.com\/nLS4nWNFyt<\/a><\/p>\n

\u2014 Charles Guillemet (@P3b7_) September 12, 2025<\/a><\/p>\n<\/blockquote>\n

Investigators And On-Chain Sleuths Chime In<\/h2>\n

Blockchain investigators quickly traced movements and posted findings on social platforms, with some early on-chain sleuths estimating the visible value at roughly $1.2 million before later reports put the total near $1.35 million.<\/p>\n

Analysts flagged links to North Korea\u2013connected actors<\/a> based on patterns and prior behavior, though attribution in such cases can be complex and takes time to confirm.<\/p>\n

\n

#PeckShieldAlert<\/a> A @thorchain<\/a> user\u2019s personal wallet was exploited, resulting in a loss of ~$1.2M pic.twitter.com\/R385BRHoHu<\/a><\/p>\n

\u2014 PeckShieldAlert (@PeckShieldAlert) September 12, 2025<\/a><\/p>\n<\/blockquote>\n

Security Community Issues Warning<\/p>\n

Leaders in the crypto security scene warned the industry to treat remote meeting links and sudden file requests with deep caution.<\/p>\n

A senior wallet developer highlighted that storing private keys in software that syncs to cloud services makes a user vulnerable if those cloud accounts are accessed by malware or other exploits. That warning was echoed across developer and security feeds after the theft was disclosed.<\/p>\n


\nTHORSwap Offers Bounty To Recover Funds<\/p>\n

Reports have disclosed that a related project put up a reward to help recover the stolen funds, and community members began tracking transactions to identify where the assets moved.<\/p>\n

Public appeals and bounties have become a common community response when large sums are siphoned off and on-chain tracing points to identifiable wallets.<\/p>\n

Wider Pattern Of Deepfake And Zoom Scams<\/p>\n

This incident is part of a growing string of attacks that use fake video calls and impersonation to trick targets into running malicious code or revealing credentials.<\/p>\n

Major cases elsewhere have cost victims millions, including an earlier story in which deepfakes<\/a> and fake calls led to a multi-million loss at a corporate level.<\/p>\n

Security researchers say criminals are now combining social engineering with AI tools to make scams more convincing.<\/p>\n

Featured image from IT Security Guru<\/em>, chart from TradingView<\/em><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A co-founder of THORChain had roughly $1.35 million taken from a forgotten MetaMask wallet after attackers used a hacked Telegram account and a fake Zoom meeting to gain access to his stored keys, according to reports. The theft was first flagged on-chain and later confirmed by multiple news outlets and investigators. THORChain: Multi-Stage Scam Based […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-47348","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/47348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=47348"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/47348\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=47348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=47348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=47348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}