Cryptocurrency wallets

Incidents implicated systems

Incident 11171 Report
North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

2025-06-22

An alleged phishing scheme involving actors linked to North Korea used purported AI-generated deepfake videos of company executives to deceive a Web3 employee during a fake Zoom call. The target was reportedly tricked into installing macOS malware disguised as a "Zoom extension," leading to the deployment of spyware, a keylogger, and a crypto wallet stealer. The attackers reportedly used Telegram and spoofed Zoom domains to orchestrate the breach.

Incident 15561 Report
X User Reportedly Used Morse Code Prompt to Induce Grok-Linked Trading Bot to Transfer $200,000 in Tokens

2026-05-04

An X user reportedly induced Grok and Bankrbot to transfer 3 billion DRB tokens, then valued at about $200,000. After reportedly sending a Bankr Club Membership NFT to Grok's wallet, the user allegedly asked Grok to translate a Morse code message and relay it to Bankrbot. The decoded instruction reportedly directed a transfer to a specified wallet, which was reportedly executed on Base. The recipient reportedly sold the tokens soon afterward; linked funds were later returned or converted.

Cryptocurrency wallets

Incidents implicated systems

Incident 11171 ReportNorth Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Incident 15561 ReportX User Reportedly Used Morse Code Prompt to Induce Grok-Linked Trading Bot to Transfer $200,000 in Tokens

Related Entities Related EntitiesOther entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.

Related Entities

North Korea

Incidents involved as Deployer

Lazarus Group

Incidents involved as Deployer

Government of North Korea

Incidents involved as Deployer

BlueNoroff

Incidents involved as Deployer

Deepfake technology developers

Incidents involved as Developer

Synthetic audio generation technology developers

Incidents involved as Developer

Zoom

Incidents Harmed By

Incidents implicated systems

Web3

Incidents Harmed By

Unnamed Web3 employee

Incidents Harmed By

National security and intelligence stakeholders

Incidents Harmed By

macOS users

Incidents Harmed By

Epistemic integrity

Incidents Harmed By

Cryptocurrency infrastructure

Incidents Harmed By

Telegram

Incidents implicated systems

macOS

Incidents implicated systems

Deepfake technology

Incidents implicated systems

Synthetic audio generation technology

Incidents implicated systems

Cryptocurrency service providers

Incidents involved as Deployer

Bankr

Incidents involved as both Developer and Deployer

@Ilhamrfliansyh (X)

Incidents involved as Deployer

xAI

Incidents involved as Developer

Large language model developers

Incidents involved as Developer

Cryptocurrency trading system developers

Incidents involved as Developer

Chatbot developers

Incidents involved as Developer

AI agent system developers

Incidents involved as Developer

DRB token holders

Incidents Harmed By

Digital asset holders

Incidents Harmed By

Cryptocurrency wallet owners

Incidents Harmed By

Cryptocurrency token holders

Incidents Harmed By

X (Twitter)

Incidents implicated systems

Social media platforms

Incidents implicated systems

Grok

Incidents implicated systems

Cryptocurrency trading bots

Incidents implicated systems

Chatbots

Incidents implicated systems

Blockchain networks

Incidents implicated systems

Base

Incidents implicated systems

Bankrbot

Incident 11171 Report
North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Incident 15561 Report
X User Reportedly Used Morse Code Prompt to Induce Grok-Linked Trading Bot to Transfer $200,000 in Tokens

Related Entities