Saturday 04 July 2026 18:32:26 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Security Awareness & Social Engineering

Face Off: Deepfake Scammers Infiltrate Crypto Zooms, Loot Bitcoin Wallets

Published: 27 January 2026 13:47Category: Security Awareness & Social EngineeringAuthor: TRUSTBREAKER

Subtitle: AI-powered imposters hijack live video calls to steal millions from unsuspecting Bitcoin holders.

When Bitcoin strategist Ed Juline joined a Microsoft Teams call with his trusted colleague Martin Kuchař, he expected a routine update-not a near miss with a cyber heist. The face on the screen was familiar, the voice eerily perfect. But behind the digital mask lurked a new breed of criminal: a deepfake scammer, wielding AI, social engineering, and malware to drain crypto wallets in real time.

Inside the Deepfake Ruse

This latest scam targeting the crypto community is as sophisticated as it is chilling. The attackers begin by scouring public Bitcoin forums and Telegram groups, identifying key players and scraping their details. Next, they create convincing deepfake videos-using advanced AI tools like Stable Diffusion and Faceswap variants-to mimic a victim’s friends, colleagues, or influencers. These digital doppelgangers then reach out via Telegram, sending urgent Zoom or Teams meeting links.

Once the victim joins, the deepfake imposter appears live on camera, lip-syncing convincingly and urging immediate action. Common ploys include requests to “sync wallets” or install a critical “plugin” to fix supposed audio issues. The files offered-often .exe or .msi installers-are actually remote access trojans (RATs) like NetWire or Cobalt Strike beacons. Once executed, these payloads give criminals persistent access to the victim’s computer.

The malware immediately hunts for browser-based wallets such as MetaMask, scans clipboards for wallet seed phrases, and hijacks Telegram sessions. Compromised accounts are then leveraged to target others, spreading the scam laterally through tight-knit crypto networks. Attackers further evade detection by using obfuscated code and domains that mimic legitimate services, such as “zoom-plugin-update[.]com.”

Crypto’s Trust Gap

Bitcoin’s decentralized, pseudonymous ethos-once seen as a shield-now exposes users to unique risks. With millions stored in personal wallets and trust cemented in online communities, a single lapse can lead to devastating losses. The high-profile 2024 Hong Kong deepfake scam, which netted $25 million, set the stage for these real-time video exploits.

Ed Juline’s narrow escape-he unplugged his computer just in time-highlights both the power and peril of deepfakes. “Deepfakes erase visual doubt; only paranoia saved me,” he warns. Co-researcher Martin Kuchař emphasizes that Telegram’s susceptibility to SIM swaps and account takeovers is fueling the epidemic.

Staying Ahead of the Deepfake Curve

Security experts recommend a zero-trust approach: never accept unsolicited Zoom or Teams invites via Telegram; always verify identities through a secondary channel. Enable two-step verification, use hardware wallets, and avoid browser-based crypto storage. Organizations should ban unsanctioned plugins and enforce strict video call protocols.

As AI weaponizes trust, skepticism is the new firewall. In the high-stakes world of Bitcoin, questioning everything may be the only way to stay safe.

WIKICROOK

  • Deepfake: A deepfake is AI-generated media that imitates real people’s appearance or voice, often used to deceive by creating convincing fake videos or audio.
  • Remote Access Trojan (RAT): A Remote Access Trojan (RAT) is malware that lets attackers secretly control a victim’s computer from anywhere, enabling theft and spying.
  • Obfuscation: Obfuscation is the practice of disguising code or data to make it difficult for humans or security tools to understand, analyze, or detect.
  • SIM Swap: SIM Swap is a scam where criminals hijack your phone number by tricking your mobile provider, allowing them to access your accounts and personal data.
  • Seed Phrase: A seed phrase is a set of words that acts as the master key to a crypto wallet. Anyone with it can access and control your funds.