From Zoom Calls to Empty Wallets: How Hackers Are Outsmarting Crypto Veterans

Edyme

September 8, 2025

Incidents shared by users on X over the past week show how quickly attackers are adapting, and how easily even crypto OGs can be caught off guard

The year 2025 is shaping up to be one of the toughest for crypto security, with increasingly sophisticated hacks and wallet drains surfacing across the community.

From deepfake phishing calls to advanced wallet drainer scripts, incidents shared by users on X over the past week show how quickly attackers are adapting, and how easily even the crypto OGs can be caught off guard.

Phishing gets a deepfake upgrade

One of the most notable cases involved a user known as JP (@jpthor on X), who detailed how a friend’s hacked Telegram account was used to deliver a malicious Zoom link.

JP says he joined the meeting through a browser and was confronted with what appeared to be a deepfake of his friend. Within two minutes, a script had already infiltrated his Mac, copying documents from iCloud into a temporary folder.

JP described the incident in multiple posts, noting he immediately disconnected his machine and later reset it. Importantly, he avoided the worst-case scenario because he uses Vultisig, a multi-factor vaulting solution, rather than storing private keys directly.

Still, the attack shook him enough to warn others against relying on standard tools like Zoom, saying: “At this point it’s not a matter of if, but when you will be targeted.”

finally tracked down the source of the attack

friend's hacked telegram account with a zoom link.

Note: this is the OFFICIAL zoom link and I joined IN THE browser. I literally saw a deep fake of my friend, but couldn't hear anything so dropped off and tried on google meets.… https://t.co/9s2fIW4z7x pic.twitter.com/Tjx9bX8kSO
— JP (@jpthor) September 8, 2025

Similar tactics were reported by another user, Tori (@ToriRibolla on X), who lost nearly $20,000 after engaging with a malicious Zoom link disguised as a meeting invite from Telegram. Both cases highlight how attackers are using deepfakes and trusted apps to bypass the usual red-flag filters.

1 hour ago I was drained almost $20k...

I have no idea what happened... I'm crying for all the time and can not find any words or right actions in such situation

my lil pudgy was drained, my hypio was drained, almost all my money was drained

scammers suck pic.twitter.com/xvASHkx8c9
— Tori (@ToriRibolla) September 6, 2025

Wallet drainers take nearly $1 million

Beyond phishing, wallet drainers have become a growing problem. Another Crypto user Alexander Choi (@notalexchoi on X) shared a detailed account of losing close to $996,000 after interacting with what appeared to be a legitimate project page, “SparkTokenSOL.”

The scam involved multiple calls with professional-sounding individuals posing as project founders. A few days later, Choi’s wallets were emptied in minutes across dozens of addresses.

I just got drained for $996,000 🧵

I’m honestly still processing that this happened and even writing it out feels completely unreal.

I just spent the last 24 hours looking into it, wiping out all my devices, and moving my files.

Part of me was considering whether I should even… pic.twitter.com/CWGddGG1vn
— Alexander Choi (@notalexchoi) September 6, 2025

Reflecting on the event, Choi said: “If it can happen to me, with all my experience in this space, it can happen to anyone.” He urged others to avoid third-party calls and to conduct thorough checks on any project before engaging.

Expanding threats: supply chain attacks and major exploits

Adding to the list of recent incidents, Sui-based DeFi platform Nemo Protocol confirmed it was exploited for roughly $2.4 million in stablecoins, according to security firm PeckShield, which noted that the attacker bridged the stolen USDC from Arbitrum to Ethereum.

#PeckShieldAlert @nemoprotocol on @SuiNetwork has been exploited for $2.4M

The hacker bridged $USDC via Circle from Arbitrum to Ethereum. pic.twitter.com/QSB0ec7TZy
— PeckShieldAlert (@PeckShieldAlert) September 8, 2025

Nemo acknowledged the breach in a community update on Telegram early Monday, explaining that activity in its Market pool was impacted and that all smart contract functions have been temporarily suspended while investigations continue.

The team stressed that vault assets remain secure, though the exact cause of the exploit has not yet been disclosed.

Nemo experienced a security incident occurred last night, impacting the Market pool.

We are investigating the matter and have suspended all smart contract activity for the time being. We plan to share when more information becomes available. All Vault assets remain untouched.…
— Nemo (@nemoprotocol) September 8, 2025

Meanwhile, Ledger CTO Charles Guillemet confirmed what he described as a large-scale supply chain attack.

In a post on X, he warned that an NPM account of a reputable developer had been compromised, with malicious code potentially affecting over 1 billion downloads across the JavaScript ecosystem. “The payload works by silently swapping crypto addresses on the fly to steal funds,” Guillemet wrote, advising hardware wallet users to double-check every transaction and cautioning others to avoid onchain activity until further clarity emerges.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works…
— Charles Guillemet (@P3b7_) September 8, 2025

Furthermore, new exploits have surfaced. Security firm PeckShield reported that SwissBorg, a crypto wealth management platform, suffered a hack with around 192,600 SOL ($41.5 million) stolen. The attacker has since deposited part of the stolen funds into the Bitget exchange.

#PeckShieldAlert @zachxbt reports SwissBorg suffered an exploit with 192.6K $SOL ($41.5M) stolen on @solana

The hacker has deposited 100 $SOL to @bitgetglobal pic.twitter.com/K4uj8xVdrL
— PeckShieldAlert (@PeckShieldAlert) September 9, 2025

Elsewhere, Ethereum Layer-2 protocol Kinto announced it will shut down only months after a $1.6 million exploit. The team cited debt from the hack and worsening market conditions as factors that made future fundraising impossible, forcing the project to close operations.

1/ 🛑 Kinto is shutting down.

After exhausting every path to keep going, we’re conducting orderly wind-down to protect users and community.

- Users can normally withdraw assets
- Phoenix lenders receive ~76%
- Morpho Victims can claim up to $1.1k each

Read full details 🧵
— Kinto (@KintoXYZ) September 7, 2025

A growing challenge for the industry

These attacks, whether on individuals or platforms, reflect an uncomfortable reality: security risks in crypto are no longer just technical glitches but now getting complex, well-coordinated operations blending malware, social engineering, and AI.

While exchanges and DeFi protocols continue to harden their defenses, the human element remains the most exploited weak spot.

For normal users (like me and you), the takeaway is simple but might just be hard to practice consistently. Regardless, question everything, verify identities, avoid unverified links, and keep large sums secured in cold storage.