Manta Network Co-Founder Targeted in Sophisticated Zoom Phishing Attack Using Deepfake Videos

Kenny Li, co-founder of Manta Network, has revealed he was the target of a highly advanced phishing attempt involving deepfake technology during a Zoom call.

In a detailed post on April 17 , Li described how attackers used prerecorded videos of familiar individuals to impersonate them in what appeared to be a legitimate meeting.

Li said the video feed showed recognizable faces with cameras turned on, adding to the illusion of authenticity.

No Audio, Fake Update

However, he noticed the audio was missing, and the participants prompted him to download a suspicious script file under the guise of a Zoom update.

“I could see their legit faces. Everything looked very real. But I couldn’t hear them… It asked me to download a script file. I immediately left,” Li wrote on X.

He attempted to confirm the identity of the caller via Telegram, but the person blocked him and deleted all messages shortly after.

Li suspects the North Korea-linked Lazarus Group was behind the incident. He also shared screenshots of the Telegram conversation before it was erased.

Li warned the crypto community to treat any unexpected download request—especially updates or script files—as a major red flag.

“If you need to download something to continue talking to someone, don’t do it,” he emphasized, noting that such attacks exploit emotional familiarity and the fatigue that comes with constant communication in the crypto space.

Crypto Users Targeted in Zoom Deepfake Scam Involving Fake Business Client

The attack wasn’t isolated. A member of ContributionDAO reported a similar experience, where the attackers insisted on using a customized Zoom client and refused to switch to Google Meet.

“Even though I actually have Zoom on my computer, I couldn’t use it. They claimed it had to be a business version that they had registered,” they said.

Another user, crypto researcher “Meekdonald,” stated that a friend of theirs had fallen victim to the same ploy.

The coordinated nature of the incidents suggests a broader phishing campaign targeting crypto executives using increasingly realistic deepfake methods to spread malware.

Last year, a detailed report by blockchain security firm SlowMist revealed that a sophisticated phishing attack disguised as a fake Zoom meeting link has stolen crypto assets worth millions.

The scam, first identified on November 14, 2024, targeted users by distributing malicious software through links that mimic the legitimate Zoom interface.

In March, Kaito AI, an artificial intelligence-driven platform providing crypto market analysis, and its founder, Yu Hu, were targeted in a social media hack on X .

Hackers took control of the account and falsely claimed that Kaito AI’s wallets had been compromised, warning users that their funds were at risk.

The misleading posts, which have since been deleted, aimed to incite panic among investors.