A shocking crypto heist has left the cryptocurrency community on alert after a co-founder of THORChain lost roughly $1.35 million from a long-forgotten MetaMask wallet.
The theft reportedly began when attackers gained access through a hacked Telegram account and a cleverly staged Zoom meeting, allowing them to steal private keys and drain the wallet.
How the Multi-Stage Scam Unfolded
According to reports, the attack started when an associate’s Telegram account was compromised.
The hackers sent a malicious link to a video call that appeared legitimate. When the victim joined, the feed looked authentic—but it was a sophisticated fake.
The attackers then exploited access to the victim’s iCloud Keychain and browser profile to extract private keys linked to an old MetaMask wallet.
Without any signed transaction from the victim, the attackers successfully siphoned off around $1.35 million in cryptocurrency.
Investigators Trace the Stolen Funds
Blockchain analysts quickly began tracking the movement of the stolen assets.
Early on-chain investigations estimated the value at roughly $1.2 million, though later reports confirmed it had risen to approximately $1.35 million.
Some researchers suggested possible links to North Korea–associated actors based on behavioral patterns, though they noted that attribution in these kinds of attacks remains complex and can take time to verify.
Security Experts Sound the Alarm
The incident has sparked strong warnings from crypto security professionals.
Experts emphasized that software wallets synced to cloud services, like iCloud, are highly vulnerable if those accounts are compromised.
They urged the community to treat unexpected video calls, file requests, and links with extreme caution, highlighting that social engineering combined with malware can result in devastating losses.
Community Efforts to Recover Funds
In response, THORSwap, a related project, reportedly offered a bounty to assist in tracking and recovering the stolen funds.
Community members have been actively following transactions in an effort to pinpoint where the assets were moved.
Such bounties and public appeals have become a common strategy in the crypto world when high-value thefts occur.
Part of a Growing Trend of Deepfake Scams
Security researchers note that this scam is part of a rising trend involving fake video calls, deepfakes, and impersonation techniques.
Attackers are increasingly combining AI tools with social engineering to make scams appear authentic, resulting in millions of dollars in losses in both corporate and personal settings.
Lessons for Crypto Users
This incident serves as a stark reminder of the risks involved in storing private keys in software wallets, especially when connected to cloud services.
Vigilance, strong personal security practices, and skepticism toward unexpected online requests are crucial to protecting digital assets.