Crypto owner losses ≈ $1 million after fake job interview

[bhadz]

- Always be careful and suspicious. It's still unclear what kind of Microsoft Teams meeting Alex attended. He claims it was an official link, but who knows. Fake links with extensions and scripts are shared this way. One wrong click and you invite malware and drainers into your system.

Thanks for this, I use to apply and get interviewed many times and I think that I am fortunate that I don't have to download any of the software that they might require to. If it's an official link maybe there's sort of instruction or test that they want him to do and so, the download is required. I'll take note of this if ever I apply again for some jobs that I see and will be cautious to verify that I won't just download them. Also, I'll use a different device that has nothing anything on it but for some casual browsing use only, not having any crypto wallets at all.

[PX-Z]

So how sid they breach his device that turns to getting his funds? Through the microsoft meeting links? Calendly.com is somewhat legit invite for scheduled meetings too.

I read the whole post on X but still got no idea how the hack happened.

[Darker45]

This is an interesting story, but this is more of a targeted attack, right? The plot is rather sophisticated. The scammers are willing to be extra patient because they already have an eye on the prize. In which case, this isn't really something that newbies or beginners are susceptible to?

What surprised me is the amount that this advanced crypto person has in hot wallets. I'm curious whether the scammers already have an idea that this particular victim would yield a good profit. I doubt they're just blindly attacking any target hoping they could hit the jackpot and have a good prize.

[tech30338]

if the user never given the key, then in the first place the link that is given already have the malware that is going to steal anything on the victims pc, send back to the scammer/hacker , in the first place they should not communicate to someone they don't know, or know nothing about the person even if he said he is a popular person,
the moment he/she click the link its already over, and the conversation or meeting is just a front for them not to realize what is going on at the background, this is why never ever talk to someone you really don't know in the internet, i always block, or even not giving a hint about me, even when he/she know my name and started asking things , i just reply, ill only give information coming from the email address that is being use officially, but aside from that also double check if the email is sending or asking weird question, or even check the header.

[Pmalek]

The question now is whether we are to avoid joining any form of conversation through links or we should be the one to host the meeting in a case like this.

If you are applying for a remote job, sooner or later you will be invited to such meetings. You can't really tell the company and their staff that you won't join their meeting and instead want to host it yourself. Be careful what kind of jobs you apply for and submit your personal information to and keep your crypto away from hot wallets and everyday computers.

Quite a lot of addresses were drained which shows that he should have atleast five different seedphrase (considering HD wallet structures)
I doubt he would have entered them all within that two days.

Actually, he mentioned on X that he did check on his wallets after the interviews and found that everything was ok, until it wasn't. Not sure if those were routine checks or if he was suspecting something.

However, even full access to the computer means that you cannot empty all crypto wallets just like that, unless they are not protected by a password at all, or the attacker knows which wallets the user has and prompts him to open them and thus find out the password.

As I replied to Ambatman, that's exactly what Alex did in the days following his interviews with the scammers.

[Coyster]

So how sid they breach his device that turns to getting his funds? Through the microsoft meeting links? Calendly.com is somewhat legit invite for scheduled meetings too.
I read the whole post on X but still got no idea how the hack happened.

We have discussed all we know about the attack in this thread. At this point it is a zero-day vulnerability, so we do not actually know what exactly it is, but there is definitely something that needs to be patched in Microsoft teams and prolly other video conferencing platforms.

I'm curious whether the scammers already have an idea that this particular victim would yield a good profit. I doubt they're just blindly attacking any target hoping they could hit the jackpot and have a good prize.

Yes, like i already said, Alexander Choi is the founder of the crypto trading community Fortune Collective, so the scammers know he is actively involved in crypto and would own a lot of it. I don't know if they expected him to have that much in a hot wallet, but to the scammers advantage, it turned out he did.

[Zoomic]

Sorry Op, I did not actually understand the story fully.
According to the story above, Alex is only in contact stage with the alleged or to-be partners. What really happened, did he disclose his private details at the course of the meeting?
Could it be that they hosted the meeting with tools like TeamViewer and he gave them unrestricted access to his computer?

He claims that interviews took place over Microsoft Teams, and that he was given an official link. Somehow I doubt it was an official link. They might have tricked him into installing a malicious extension followed by malware specifically created to find crypto wallets. What happened next is unclear. Perhaps it was drainer malware. Perhaps a keylogger that tracks and takes screenshot of everything you do. Perhaps a cookie hijacker that steals your cookies and allows you to access everything the other person does online. Who knows...   

Thanks for listing the possible loopholes. I align more with the cookie hijacker because this can happen without Alex knowing. I doubt that Alex was tricked to installing malicious extension. This will only happen when he is so comfortable with the intended partners. I believe they already talked him into trusting them as he reiterated that he dealt with the officials.
Also Coyster could be correct that they exploited a vulnerability in the video conference software.

The end point is not holding such a large sum in a hot wallet which I believe Alex would have been aware of.

[Amphenomenon]

- Always be careful and suspicious. It's still unclear what kind of Microsoft Teams meeting Alex attended. He claims it was an official link, but who knows. Fake links with extensions and scripts are shared this way. One wrong click and you invite malware and drainers into your system.

This is another reminder of why we should scared of the link we clicked. To be honest this is only of the most scary scam to me, just one accidental click can ruin ones life.

This is one area I think many do sometimes overlook and it has cost a lot pains also.

[uchegod-21]

Can we really avoid strangers completely? It takes a day to know someone and then form a relationship with that person. Severally, people we don't know in person but must have seen our work online have reached out to us to either promote a brand or work on some project together. It is our duty to verify if those offers are genuine.

It is ridiculous advice. Most people are on social media and work social media like Linkedin. Most people are exposed to all kinds of strangers all the time. In this day and age, such strategy is only for a fringe minority of people.

If we all decide to avoid dealing with strangers completely, we will be limiting ourselves. All we can advice ourselves is to be extremely careful when dealing with strangers no matter how innocent they may appear. Not all strangers come to us with good intentions, it is left for us to be smart in all our dealings with them

The only mistake I see that Alex did here was not verifying those scammers to ascertain if they are really business people.

How exactly do you believe verification can avoid a scam that involves a zero day exploit? They can create all kinds of fake documents and profiles. They can even hire people to pose in video calls if you believe deepfakes can be easily detected by other humans. Verification does not really avoid this situation.
[/quote]
This your instance applies to people who seek to verify the information from only one source, that one source they are not certain of. If I find myself in a platform that offers me something beneficial, I will ignore what people in that platform think about the platform and go verify from different unrelated sources to ascertain the authenticity of the information I seek to have. Anyone who uses this my approach is 100 times better than the person who does not make any effort to verify.

[348Judah]

- Always be careful and suspicious. It's still unclear what kind of Microsoft Teams meeting Alex attended. He claims it was an official link, but who knows. Fake links with extensions and scripts are shared this way. One wrong click and you invite malware and drainers into your system.

This is another reminder of why we should scared of the link we clicked. To be honest this is only of the most scary scam to me, just one accidental click can ruin ones life.

This is one area I think many do sometimes overlook and it has cost a lot pains also.

The target these hackers has was to inflict malicious link to us, which will then work in line towards our device and expose some of the valuable information we ma have on then, all these are being done without anyone suspecting for it until we begin to see the consequences before knowing what is ahead of us, this will make everyone more careful on the kind of links they click on and the way they they open links unsolicited on their device they are using.

[goldkingcoiner]

Just another reminder of why it is important to use a different device than the one you normally use for all your cryptocurrency dealings. And never use any app in connection with your real wallet.

How can someone be so easy-going on his own security with $1 million dollars?  I really don't get it.

[coolcoinz]

I have so many questions.

You're probably right that he was tricked into opening a link containing malware that looked like a Teams link, but why did he keep so much money on a single online device? The moment my Crypto went over 20x reaching a total value of over $100k, I was investing some of that money into a new offline computer and a hardware wallet to store it all. Nowadays you can get a full security setup for around $1k and that includes a fireproof locker to store your backup, a backup hard drive that you can swap in case of a main device failure and a new clean notebook as your access point and main machine to use for payments.

He just needed to spend less than 1% of his funds on security and this would have been avoided.

Also, 150 wallets? Nobody can keep track of such number of shitcoins. There's no way he has a separate password for each of them.

[Hazink]

But how can rich people who have that kind of money and are even into project development in cryptocurrency not consider getting a hardware wallet to store their crypto as a good option, or do they feel like their device is super protected from such kinds of attacks? Some say it’s the average man with little holdings who takes his security more seriously compared to how these big men do with their holdings. This simple incident could have been avoided if he had been security cautious.

[Pmalek]

Also, 150 wallets? Nobody can keep track of such number of shitcoins. There's no way he has a separate password for each of them.

I doubt all 150 were separate wallets. This guy was surely deeply invested in many altcoins and he kept them on various addresses. He probably counts each address as an individual wallet as well. If you do that and you are involved in various projects, investments, trading activities, staking, etc., than the numbers will go up rather quickly.

But how can rich people who have that kind of money and are even into project development in cryptocurrency not consider getting a hardware wallet to store their crypto as a good option...

Complacency. Feeling to comfortable and believing nothing bad can happen to you because you have knowledge and wealth, which make you untouchable.

[The Cryptovator]

The owner of the $1 million shouldn't be stupid like this. I don't know why, but my mind doesn't want to trust the story even if it would be true. But definitely it's a serious lesson, whether the story is fake or real. Only the stupid would keep millions of funds in a software wallet. Even if the wallet is legit, hackers would take access of the wallet to drain it. And this is also one of the most important reasons why we shouldn't be greedy. Unless he was greedy, then he shouldn't have lost this amount.

However, even the victim claims the link was real, but I am sure there was something that could take access of the device. He dreamed big but unrealistically. Need to be more careful when you find a big offer online.

[ThemePen]

This story is great lesson in crypto security showing scammers are clever used fake professional meetings and social media to trick even experienced crypto owner. To avoid similar situations secure your assets with keeping large amounts of crypto in cold storage hardware wallet which is much safer than hot wallet connected to internet. And always do your own research on people and projects looking for warning signs like fake social media followers before you get involved. And at last be skeptical of everything as simple bad link in meeting could install virus. Always use separate secure device for your crypto and be extremely careful about you click on. This powerful story showing us that crypto security is not just about technology but also about awaring about social tricks which scammers use.

[Coyster]

And this is also one of the most important reasons why we shouldn't be greedy. Unless he was greedy, then he shouldn't have lost this amount.

Greedy? This hack had nothing to do with greed my friend. If you said stupid for storing that amount in a hot wallet, then that makes more sense. Alexander Choi wasn't chasing any money doubling scheme or something similar, it is in situations like that you call the victim greedy.

Need to be more careful when you find a big offer online.

I don't think you understood everything about this hack. This was no big offer or anything like that, he was approached for partnership, and based on his "status" in the community, i am sure he would be getting a lot of that, and we only found about this particular one because of the unfortunate event that happened afterwards.

[Zoomic]

So how sid they breach his device that turns to getting his funds? Through the microsoft meeting links? Calendly.com is somewhat legit invite for scheduled meetings too.

I read the whole post on X but still got no idea how the hack happened.

We are all just assuming because there is no clear clue on how the hack happened, but I align more with Alex being lured to install malicious extension or through vulnerability in the microsoft video software.

[Catenaccio]

Greedy? This hack had nothing to do with greed my friend. If you said stupid for storing that amount in a hot wallet, then that makes more sense. Alexander Choi wasn't chasing any money doubling scheme or something similar, it is in situations like that you call the victim greedy.

I don't think you understood everything about this hack. This was no big offer or anything like that, he was approached for partnership, and based on his "status" in the community, i am sure he would be getting a lot of that, and we only found about this particular one because of the unfortunate event that happened afterwards.

When he or anyone else has jobs that require to interact with many people as well as be opened for conversations with new people, the practice must be more disciplined and careful. If your job is like that, it's not wrong if you accept PMs from strangers as opportunities come from such people but it's important to prepare things for your physical security and your digital asset security.

Don't store your big fund in hot wallets.
Don't use a computer or device that is used for online interactions to store your wallets or wallet backups.

If you are disciplined with these two rules, you are well to go with interviews. They can hack your computers, devices but there is money to steal.

[nakamura12]

Nope, Alexander Choi didn't disclose anything to the scammers during the call, Alexander is somewhat experienced in the industry, so he didn't do that. I have read from a few sources about this case and this is a very sophisticated scam, i believe the scammers are exploiting some form of vulnerability in video conferencing apps/platforms.

The scammers host the meeting and forward the link to their potential victims, i think it is at that point that the scam happens. There is not so much information on what the malware is right now and what vulnerability they are exploiting. But don't keep a huge amount of assets in a hot wallet like Alex did, and if you are not the host of a meeting in any of these third party apps, then you have to be very suspicious of it, be careful, there might just be a malware lurking in there.

That's most likely what happened if Alex didn't disclosed any wallet information. If he didn't then how the hell did the scammers have access to the wallet if he didn't disclose anything. My opinion is that they did share some link that made Alex click the link and a malware is downloaded to his device and that's how they have access to his wallet. That's the question we will make us wondering what malware did they used to their victims.