Executive loses $100,000 in Zoom remote access scam

[Forsyth Jones]

If you use Zoom, disable the remote access feature, which comes enabled by default.

Jake Gallen, founder of Emblem Vault, lost over $100,000 in crypto after falling for a scam during a video call.

The executive also had his Twitter account compromised, in addition to the crypto losses, after being invited by a suspicious profile on X.

Gallen said the scam was facilitated over the video conference platform Zoom, which resulted in his crypto wallet being drained.

“We were able to retrieve a malware file that was installed on my computer during a Zoom call with a YouTube personality of over 90k subs,” said Gallen on April 14.

The malicious actor “employs sophisticated social engineering tactics with the goal of inducing victims into installing malware and ultimately stealing their crypto,” SEAL reported in late March.

The interesting thing here is that Gallen claimed the hackers accessed his Ledger hardware wallet, even though he had only logged into it a few times.

How is that possible?
Perhaps he made a mistake, like saving sensitive information (such as the seed phrase or passphrase) on his computer?
A hardware wallet is supposed to be immune to remote attacks, unless the seed phrase is exposed.

Source: Crypto exec warns of ‘ELUSIVE COMET’ threat after losing 75% of assets

[bitterguy28]

If you use Zoom, disable the remote access feature, which comes enabled by default.

a lot of companies use this zoom feature and it does not always end with someone getting scammed because if you want to use this feature you should be able to only give access to people you trust

and also how can this be used to get access to another person's device without you seeing it? remote access works in screen sharing which means only what is visible will be accessed by whoever you are on a call with

How is that possible?
Perhaps he made a mistake, like saving sensitive information (such as the seed phrase or passphrase) on his computer?
A hardware wallet is supposed to be immune to remote attacks, unless the seed phrase is exposed.

Source: Crypto exec warns of ‘ELUSIVE COMET’ threat after losing 75% of assets

like i said remote access will only be possible through screen sharing so if anyone was looking at his confidential files he should have known but maybe the zoom call is to just make sure that the victim remains ignorant while they compromise his device

[ABCbits]

and also how can this be used to get access to another person's device without you seeing it? remote access works in screen sharing which means only what is visible will be accessed by whoever you are on a call with

The news mentioned how it happened.

“We were able to retrieve a malware file that was installed on my computer during a Zoom call with a YouTube personality of over 90k subs,” said Gallen on April 14.

The malicious actor “employs sophisticated social engineering tactics with the goal of inducing victims into installing malware and ultimately stealing their crypto,” SEAL reported in late March.

But i can't believe someone with high position would use same device to store $100K+ of cryptocurrency and also willing to give access to his device.

[Bobcrypto]

I think there could have been some mistake a long the line, I have not heard of hardware wallet hack before. Hardware wallet is known to be very safe means of storing Bitcoin/altcoins, and because of one reason or another, there could be information left on his computer that lead to the wallet hack on my view.

[Stompix]

Now this one is funny:

Jake Gallen, founder of Emblem Vault,

gets hacked.

If the CEO of a company calling themself a vault is getting hacked, how much money would you put inside the so-called "vault" ? 

But i can't believe someone with high position would use same device to store $100K+ of cryptocurrency and also willing to give access to his device.

At least 100k, god knows how much more could have been there, maybe access to all the coins of the clients?

[rdluffy]

It's all very strange
I didn't know Zoom had this remote access option

Regarding the hacker's access to the Ledger, it's practically impossible without having physical access to the wallet
The only question is whether the user had saved the seed somewhere, whether it was the only way or whether it was the first incident on the ledger (which is very difficult)

Usually in this type of scam, hackers ask the user to install their own video calling app, but this is the first I've seen using Zoom

[TomPluz]

Now this one is funny: Jake Gallen, founder of Emblem Vault, gets hacked. If the CEO of a company calling themself a vault is getting hacked, how much money would you put inside the so-called "vault" ? 

Personally speaking, I would never trust a vault like that whose owner is just another victim of a malware that resulted into $100K heist. I am not judging Jake Gallen since he is not my neighbor and I am sure he will never be my friend now or into the future but yeah I agree that this is quite funny. Anyway, it is good to see that he only lost that amount which is just a chicken feed to someone of his stature. Now, this is telling us that no matter how good you are supposed to be with security, you can still be a victim. So be careful with Zoom or any similar platforms as we don't know when we can be punched in our faces. Good thing I am not hiding even $1K somewhere that can be accessed by a hacker.

[Forsyth Jones]

I think there could have been some mistake a long the line, I have not heard of hardware wallet hack before. Hardware wallet is known to be very safe means of storing Bitcoin/altcoins, and because of one reason or another, there could be information left on his computer that lead to the wallet hack on my view.

This is not the first complaint about Zoom, but this remote access thing is still weird. I don't recommend Zoom for video meetings. There are safer alternatives like Google Meet and Microsoft Teams.

Apparently, the victim, despite being the CEO of a vault company, is a layman when it comes to digital security, as he doesn't even know how his crypto were stolen from his ledger. The only way to have his coins stolen from a hardware wallet is to give the seed phrase to the attacker or write it down online on the computer.

[joniboini]

Apparently, the victim, despite being the CEO of a vault company, is a layman when it comes to digital security, as he doesn't even know how his crypto were stolen from his ledger.

I was initially surprised, but then I realized other businesses also have this practice, so I guess the CEO position is not necessarily related to their main offering at all. Not sure if that's a good idea, though, considering a disconnect of knowledge can be fatal regardless of how smart your marketing is. If a fatal case like this happens, it can also affect their image. On the other hand, other popular figures also falls for scams in the past even though they should have more knowledge about digital security compared to this CEO. CMIIW.

[Kemarit]

It's all very strange
I didn't know Zoom had this remote access option

Yes, they have,

The remote control feature allows you to take control of another participant's screen in a meeting when they've given you permission. You can either request remote control of another participant's screen or the other participant can give control to you. Once given permission, you can control their mouse and keyboard, and even copy text from their screen to yours.

If you need admin functionality, such as the ability to restart another participant's computer, please refer to the Remote Support feature.

Note: For Mac OSX, you will need to give Zoom access in the Accessibility tab in the Privacy and Security preferences of your Mac. Learn more about Zoom access permissions in Security and Privacy.

https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0065790

Regarding the hacker's access to the Ledger, it's practically impossible without having physical access to the wallet
The only question is whether the user had saved the seed somewhere, whether it was the only way or whether it was the first incident on the ledger (which is very difficult)

Usually in this type of scam, hackers ask the user to install their own video calling app, but this is the first I've seen using Zoom

It's was a social engineering attack, so there's not like impossible for the hackers as they will have all the passwords or even OTP if needed. That's how sophisticated hackers are, and usually they have known a target before hand.

[Stompix]

It's all very strange
I didn't know Zoom had this remote access option

It has, but normally you would give it per person per session, so that story is a bit fishy on how someone managed to access his computer.
Besides, he claims it was installed during a call with a known influencer so, what's stopping the police complaint from being filed?
And furthermore, the claim about a zoom meeting and the other guy not showing his face....common!

[Solomon Wealthy]

Yeah, sounds more like social engineering. Ledger’s safe unless the seed was exposed or the victim signed something. Zoom’s an odd twist though!

[target]

Base on your comments it looks like the CEO's story has lots of holes to investigate. You can only ask whether this is an attempt to make sure people who has tokens inside this Emblem vault realize all their tokens and NFTs are gone.

He is suppose to be very knowledgeable in securities because he founded a Vault. Anyway, news like this seem to make people think crypto isn't safe.

[rby]

Why do I have this feeling that the video call on Zoom wasn't the main cause of the hack? Does it mean that all his private information was stored on the same device he used to log in to Zoom? If that is the case, then he must have been very careless in safekeeping very private information.

It is quite unfortunate that he had to experience such a loss. However, I still think he should tighten his security because the hacker might be someone within who knows him very well.

[Z-tight]

This is a ceo of a crypto platform, that does not speak so well of his platform. There are many things about this story that is unclear, how did they access his hardware wallet, is his seed words stored in plain text in his computer.

For someone who is the ceo of a crypto platform, he should not be easily fooled by social engineering like this, whoever uses his service should look at this and think twice.