I just noticed a rather alarming development: a hacker group connected to North Korea is increasingly using AI-generated deepfake video calls to target professionals in the crypto industry. The insidious part is how sophisticated these attackers are.

Here's how the method works: they compromise trusted people's Telegram accounts and then initiate video calls with AI-generated deepfakes. The victims are then prompted to install malware disguised as a useful plugin—allegedly to fix Zoom audio issues. Once on the device, the hackers gain full control.

Martin Kuchař, co-founder of BTC Prague, made these tactics public, opening many eyes. The security research firm Huntress confirmed this and found that these attack patterns closely resemble previous operations against crypto developers. The malicious scripts can cause serious damage on macOS systems: planting backdoors, recording keystrokes, stealing clipboard contents, and gaining access to encrypted wallet holdings.

Researchers strongly associate these attacks with the Lazarus Group—also known as BlueNoroff—a North Korean state-sponsored hacking group. What's interesting is that the attackers are very targeted: they focus on specific wallets and particular crypto professionals, not random targets.

What worries me most: with the spread of deepfake and voice cloning technology, it’s becoming increasingly difficult to rely on images and videos to verify identities. This is a fundamental security issue for the entire crypto industry. The Head of Information Security at SlowMist also emphasized this—these attacks show clear reuse patterns across different operations.

My conclusion: the crypto world must become much more vigilant now. Multi-factor authentication is no longer optional but essential. And we need to understand that AI-generated content is becoming the new normal in attack scenarios. Anyone working in crypto should review their security measures now—before it’s too late.