This method already drained more than $300 million from crypto users by exploiting trust on platforms like Telegram. At the same time, Ethereum developers disclosed that a previously undetected Prysm bug introduced ahead of the Fusaka upgrade caused a temporary validation slowdown on Dec. 4, leading to missed slots and lost rewards but stopped short of a loss of finality. While both incidents were ultimately contained, they prove that there are still a number of concerning threats to crypto security.
Fake Zoom Meeting Scams Drain Crypto Users
Cybersecurity nonprofit Security Alliance (SEAL) issued a fresh warning after detecting multiple daily scam attempts linked to North Korean hacking groups that rely on fake Zoom meetings to compromise victims. According to SEAL and security researcher Taylor Monahan, the campaign already resulted in more than $300 million in stolen funds, with crypto users, developers, and protocol teams among the main targets.
The scam typically begins on Telegram, where a victim is contacted by an account that appears to belong to someone they already know. Because the account looks familiar, victims are less likely to be suspicious. After some casual conversation, the attacker suggests catching up over a Zoom call.
Before the meeting, the victim is sent a link that looks legitimate but is often masked or subtly altered. When the call starts, the victim sees real video footage of the impersonated person or their supposed colleagues. Monahan explained that these videos are not deepfakes, but recycled recordings taken from past hacks or publicly available sources like interviews or podcasts, making the setup look very convincing.
Once the call is underway, the attackers pretend to have audio or technical problems and ask the victim to install a patch or update to fix the issue. That file is the key to the attack. Opening it installs malware on the victim’s device, granting the hackers access to sensitive information. Shortly after, the attackers abruptly end the call, usually claiming they need to reschedule, all while trying to avoid raising suspicion. By the time the victim realizes something is wrong, their device may already be fully compromised.
The malware allows attackers to steal private keys, passwords, company data, and access to messaging apps like Telegram. Control of Telegram accounts is especially dangerous, as hackers then use stored contacts to impersonate the victim and target friends, colleagues, and business partners.
Monahan advised that anyone who clicked a suspicious Zoom-related link should immediately disconnect from WiFi and power down the affected device. Using a separate, uncompromised device, victims should move crypto assets to new wallets, change all passwords, enable two-factor authentication, and secure their Telegram account by terminating all other sessions and updating security settings. A full memory wipe of the infected device is recommended before it is used again.
If a Telegram account is compromised, victims should urgently alert their contacts, as silence increases the likelihood that friends and colleagues will be scammed next.
Ethereum Fusaka Bug Exposes Flaw
Meanwhile, Prysm developers confirmed that a software bug introduced ahead of Ethereum’s Fusaka upgrade was responsible for a node validation issue that disrupted the network earlier this month.
In a post-mortem that was published Sunday, Ethereum developer Terence Tsao explained that the incident, which occurred on Dec. 4, stemmed from a flaw that was deployed to testnets roughly a month before Fusaka went live on mainnet. Although the bug existed in testing environments, it was never triggered before the upgrade, allowing it to reach production unnoticed. The issue originated from a specific Prysm code change that altered how the client handled certain edge cases involving out-of-sync nodes.
When the bug was activated on mainnet, Prysm nodes began experiencing severe resource exhaustion while processing attestations. Instead of relying on the current head state of the chain, affected nodes attempted to regenerate older states from scratch. This forced Prysm to replay historical epoch blocks and recompute computationally expensive state transitions, dramatically increasing workload and degrading performance across affected validators.
The impact was measurable but contained. Over a period of more than 42 epochs, Ethereum experienced an elevated missed slot rate of roughly 18.5%, while validator participation fell to about 75%. Prysm estimated that validators running its client collectively lost around 382 Ether in missed attestation rewards during the disruption. Despite these setbacks, Ethereum continued operating without a full loss of finality, and the network recovered once mitigation steps were deployed.
Node operators were quickly instructed to apply a temporary workaround while Prysm developers worked on and released a patch to permanently address the issue. The fix ensured that Prysm no longer unnecessarily regenerated prior states, eliminating the excessive computational burden that caused the slowdown.
Developers stressed that the incident could have been much more severe if it affected Ethereum’s dominant consensus client, Lighthouse. Prysm currently accounts for about 17.6% of the network, making it the second-largest client by share. Because no single client controlled more than one-third of validators at the time, Ethereum avoided a temporary loss of finality or widespread block production failures.
The episode nonetheless reignited concerns around client concentration. Lighthouse still represents more than half of Ethereum’s consensus layer, leaving the network uncomfortably close to the threshold where a single client bug could have systemic consequences.
Source: https://coinpaper.com/13104/north-korea-linked-hackers-behind-surge-in-zoom-scam-attacks
