In a shocking incident, a crypto industry veteran lost approximately $1.35 million from a previously overlooked MetaMask wallet. This breach was orchestrated through a compromised Telegram account and a deceptive Zoom meeting that allowed attackers to gain access to sensitive data.

Understanding the THORChain Incident

Initial reports indicate that the scam kicked off when an associate’s Telegram account was hacked. The attackers sent out a malicious link disguised as a genuine video call invitation. The victim, believing it to be authentic, joined the meeting, unknowingly exposing himself to a fraudulent interface.

Once inside, the perpetrators leveraged access to private keys stored in the victim’s iCloud Keychain, eventually draining the wallet of its entire balance, which amounted to a staggering $1.35 million in various cryptocurrencies.

This incident totaling $1.35M serves as a crucial reminder: relying on software wallets leaves you just one malicious execution away from losing it all. Exercise caution!

Even without approving a malicious transaction, the malware simply lifted the…

— CyberSecurity Expert (@InfoSecGuru) September 12, 2025

Insights from Investigators

Blockchain forensic teams quickly mobilized, analyzing the on-chain movement of the stolen assets. Early estimates placed the stolen value at around $1.2 million; however, subsequent analyses updated the figure to nearly $1.35 million.

Experts made connections to potential North Korean groups based on system patterns, highlighting the complexity of attributing such actions in the crypto world.

#CyberAlert A THORChain user’s wallet was breached, leading to losses exceeding $1.2M pic.twitter.com/R385BRHoHu

— CryptoWatch (@CryptoWatch) September 12, 2025

A Cautionary Tale for the Community

Leaders within the crypto security community issued warnings about the dangers associated with remote meeting links and sudden data requests. A veteran wallet developer stressed that keeping private keys in software that syncs to cloud services exposes users to significant risks, particularly when those services are compromised.

This caution resonated within developer forums, emphasizing the need for heightened vigilance after such significant losses.

Community Initiatives for Recovery

In response to the theft, a related project announced a bounty aiming to facilitate the recovery of the stolen funds. Meanwhile, community members actively tracked the flow of stolen assets, a common strategy employed during high-profile breaches. On-chain tracing often helps pinpoint the locations where funds have moved.

Encounters like these have led to widespread appeals and rewards being offered as communities mobilize to combat crypto theft.

Emerging Trends in Scamming Techniques

This incident highlights an alarming trend involving deepfakes and fake video calls. Cybercriminals are becoming increasingly sophisticated, combining social engineering with artificial intelligence to enhance their scams’ credibility.

Notable cases have previously resulted in losses of millions, illustrating the severe implications such scams can have on both individuals and organizations.

As the landscape of cyber threats continues to evolve, staying informed and adopting heightened security protocols has never been more crucial.

Image source: Cybersecurity News, data from TradingView