Crypto Industry Targeted by North Korean Hackers Using AI Deepfake Meetings

North Korean hackers are employing deepfake video calls on Zoom to target crypto professionals.
Malicious Telegram accounts are used to impersonate trusted contacts.
Victims are tricked into installing malware that can facilitate crypto theft.

The hackers from North Korea have used a very sophisticated method of deepfake video calls to target professionals in the cryptocurrency space, as was recently reported. In these types of attacks, hackers use malicious Telegram accounts and deepfake video calls on Zoom or Teams to call victims in the guise of people they know, and then trick them into installing malware in the form of legitimate software.

In one of the public disclosures, Martin Kuchař, co-founder of BTC Prague, was contacted by the hackers through a hacked Telegram account and invited to a video call using a deepfake image of a person he knew. During the call, the hackers asked him to install a “Zoom audio fix” plugin, which was actually malware. The malware provided the hackers with complete access to the victim’s system, which highlights the risks associated with this type of attack.

🚨Urgent Security Warning: Sophisticated Phishing Attack on Crypto Community‼️

A high-level hacking campaign is currently targeting Bitcoin and crypto users. I have been personally affected via a compromised Telegram account.

The Attack Vector:
– Attackers initiate a Zoom or…
— Martin Kuchař (@kucharmartin_) January 22, 2026

Attack and Malware Distribution Techniques

The attackers begin by compromising the victim’s Telegram account or gaining access to their contact list. They proceed to send video call invitations using platforms such as Zoom or Microsoft Teams, where the AI-generated graphics give the impression of a trusted colleague or associate. In the past attacks, the attackers have falsely indicated that there was an issue with the call and requested that the victim download software to resolve the issue. The downloaded software is actually malware that has the capability to install backdoors, keyloggers, clipboard stealers, and other forms of malware. After the initial compromise, the attackers are able to take control of the victim’s Telegram account and use it to contact other victims, thus expanding the attack campaign.

Impact and Cybersecurity Issues

While the extent of financial impact caused by these particular deepfake attacks has not been quantified, similar attacks by North Korean hackers in the past have been attributed to the theft of cryptocurrency worth hundreds of millions of dollars. The integration of sophisticated social engineering attacks and deepfake technology has become a challenge to the cybersecurity landscape of the crypto industry.

The increasing trend of AI-powered deepfake video attacks attributed to North Korean hackers is a clear sign of the significant shift in the tactics of cyber threats in the cryptocurrency market. By employing social engineering tactics that involve deceiving people through trusted contacts and malicious software, these hackers have managed to develop new ways of attacking systems and possibly stealing assets. As the sophistication of these attacks continues to rise, the industry must remain alert to matters of cybersecurity.