- Jake Gallan, CEO of Emblem Vault, has had his wallets drained for over US$100,000 worth of digital assets in a sophisticated hack.
- The hack occurred during/following a Zoom video call between Gallan and the crypto channel named ‘Tactical Investing’.
- A default Zoom function reportedly allows for the potential of one Zoom user to take control of another’s computer.
- The threat actor has been labelled by the alias of ‘Elusive Comet’ and has allegedly undertaken multiple scams through this method.
A sophisticated scam has taken place through Zoom resulting in Jake Gallan, CEO of Emblem Vault, losing over US$100,000 (AU$157,707) in digital assets, including Bitcoin (BTC), Ethereum (ETH), and NFTs. The hacker also gained access to Gallan’s social media accounts.
The hack occurred after a malware file known as ‘GOOPDATE’ was installed on Gallan’s computer during a Zoom call with another crypto personality known as Tactical Investing.
How did the Hack Occur?
Gallan has been working with crypto security firm ‘Security Alliance’ (SEAL) to understand the hack which occurred through Zoom.
SEAL has identified ‘Elusive Comet’ as a bad threat actor who has been using sophisticated social engineering tactics to entice people into installing malware onto their computer, resulting in a drained wallet.
Elusive Comet reportedly operates Aureon Capital which poses as a legitimate venture capital firm and is related to Aureon Press and the OnChain Podcast.
Elusive Comet maintains legitimate looking social media accounts to then approach a user through dm, inviting them onto a podcast. When the Zoom call commences, Elusive Comet prompts the victim to share their screen to gain control over their computer. While the user reportedly has to accept or instigate this, the option to do so appears to be a default Zoom setting which is turned on.
Zoom and Gallan have been in touch regarding this incident to see if future occurrences can be avoided.
Related: Australia Cracks Down on Crypto Scams, Winds Up 95 Companies
What Precautions Had Gallan Taken?
Gallan had reportedly carried out a number of checks on Tactical Investing which included verifying his social media channels on Youtube, Telegram, and X. He also ensured Tactical Investing had a large following with mutual followers (his YouTube channel had over 90,000 subscribers, with his X having over 26,000 followers).
Crypto Security
Evidently, the steps taken by Gallan were not enough to prevent a hack. While blockchain technology when used properly is considered a very secure means of storing funds, hacks throughout the crypto industry still occur on a relatively large scale, even with reasonable security measures taking place.
Cold storage via a device such as a Ledger is considered best practice, yet even Gallan’s Ledger account ended up hacked. Though it’s not entirely clear how his Ledger was compromised, it may have involved the incorrect set-up of the Ledger device, which could have effectively turned it into a hot wallet.
Related: Mantra Price Continues Decline as CEO Vows Recovery, Says Arkham ‘Mislabelled’ Wallets
Credit: Source link
