- Emblem Vault CEO Jake Gallen lost over $100,000 in crypto assets due to Malware installed during a Zoom call.
- The threat actor, known as “ELUSIVE COMET,” used social engineering tactics to gain remote access through Zoom’s default settings.
- Zoom’s default settings allow meeting participants to request remote control access of other users’ computers.
Jake Gallen, CEO of NFT platform Emblem Vault, has issued a warning about video conferencing app Zoom after losing over $100,000 in cryptocurrency assets to a sophisticated Hacker. On April 11, Gallen reported on X (formerly Twitter) that he experienced a "complete computer compromise" resulting in the theft of Bitcoin and Ethereum from multiple wallets.
Following the incident, Gallen revealed he had been working with Cybersecurity firm The Security Alliance (SEAL) to investigate the attack, which they attributed to a threat actor identified as "ELUSIVE COMET." The scam occurred during what Gallen believed was a legitimate interview over Zoom with a crypto personality.
"We were able to retrieve a malware file that was installed on my computer during a Zoom call with a YouTube personality of over 90k subs," Gallen stated on April 14. The CEO explained that he had arranged the interview after being contacted by a verified X account with 26,000 followers claiming to be the founder of a crypto mining platform. During the call, the scammer kept their camera off while convincing Gallen to install malware called "GOOPDATE," which granted access to his crypto wallets.
Zoom’s Default Security Settings Under Scrutiny
The security vulnerability centers on Zoom’s default settings, which automatically allow meeting participants to request remote access to another user’s computer. "For this scam to take place, it’s said that the guest of the Zoom video call allows remote access to the host of the call, which is a requestable feature that is DEFAULT ON for every Zoom account," Gallen warned.
NFT collector Leonidas confirmed this default setting and advised crypto industry professionals to disable the remote access feature. SEAL security researcher Samczsun told Cointelegraph that while the feature is enabled by default, "the victim still needs to be social engineered into granting access."
Broader Threat to Crypto Community
According to SEAL, ELUSIVE COMET is connected to Aureon Capital, a supposedly legitimate venture capital firm that serves as a front for fraudulent activities. The security firm reports that this threat actor has stolen "millions of dollars" through carefully planned social engineering schemes targeting cryptocurrency holders.
The Hackers also gained access to Gallen’s X account in an attempt to lure additional victims through private messages. Gallen noted that the attackers even accessed his Ledger wallet, despite him having rarely logged in and never digitally recording the password.
SEAL has established an emergency hotline on Telegram for users who may have interacted with Aureon Capital. Zoom did not immediately respond to requests for comment on the security concerns.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Phantom Wallet Security Flaws Lead to $500K Crypto Theft, Lawsuit Claims
- Tether Joins OCEAN Mining Pool to Boost Bitcoin Decentralization
- Tether Boosts Bitcoin’s Ocean Mining Pool with Hashrate Investment
- Bitcoin Edges Higher as Market Responds Positively to Trade News
- South Korea blocks 14 crypto exchanges on Apple Store amid crackdown
