Manta Network Co-Founder Foils Sophisticated Zoom Hack Attempt by Lazarus Group

In a chilling reminder of the growing sophistication of cyber threats targeting the cryptocurrency sector, Manta Network co-founder Kenny Li has revealed that he narrowly escaped a meticulously crafted phishing attack, allegedly carried out by the Lazarus Group. The exploit involved impersonation, AI-powered deception, and social engineering, delivered through what appeared to be a legitimate Zoom meeting.

Li shared the details of the encounter on April 17, explaining how he was nearly tricked into downloading malicious software during a scheduled virtual call. The participant in the Zoom meeting presented the face of someone Li recognized, with what seemed to be a real-time webcam feed. However, no audio was transmitted, and the meeting platform prompted Li to download a file, a supposed Zoom update in the form of a script file.

“I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file. I immediately left,” Li recounted in a post on X:

The suspicious request to download a file set off alarm bells. Li requested the person verify their identity through a Telegram call, which they declined. Instead, the impersonator deleted all previous messages and blocked Li, confirming the malicious intent.

Li believes the Lazarus Group was behind the attack. Lazarus has been linked to several high-profile crypto heists and phishing schemes, including the massive $1.4 billion Bybit hack earlier this year. Their tactics are becoming increasingly personal, leveraging deep fakes, social engineering, and psychological manipulation to breach security walls.

“These are hacks that play to your emotional connection and potentially mental fatigue,” Li warned, acknowledging the vulnerabilities crypto executives face due to high communication volumes and back-to-back meetings.

The incident has reignited concerns over the security of remote work environments and the ease with which attackers can mimic trusted identities. The use of pre-recorded video, particularly during video conferences, is a growing concern as AI-generated avatars and deepfakes become more convincing.

Li advised the community to treat all unexpected download prompts with caution. “The biggest red flag will always be a downloadable,” he said. “Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side—don’t do it.”

As cyberattacks targeting the crypto industry become more advanced, industry leaders are urging tighter internal security protocols, multifactor identity verification, and a shift toward communication tools that allow for more robust authentication. The Manta Network has since reviewed its internal practices to ensure stronger defenses against similar attacks.

Li’s experience is a wake-up call, not just for the crypto industry, but for all sectors operating at the intersection of finance and technology. With attackers like the Lazarus Group continuously adapting their methods, constant vigilance and skepticism may be the best defense.