- Trending
- Comments
- Latest
THORChain co-founder JP fell victim to a DPRK Telegram scam on September 9, losing $1.35 million from a personal wallet. The attack reportedly involved a hacked Telegram account, a convincing deepfake Zoom call, and what JP suspects was a zero-day exploit.
The incident underscores how North Korea–linked hackers are evolving tactics to exploit human trust alongside technical vulnerabilities.
“This is not just about phishing anymore—it’s about social engineering at the highest level,” — ZachXBT, blockchain investigator.
JP’s case adds to a growing list of high-profile crypto losses this year. Last month, billionaire heiress Taylor Thomson lost over $80 million in crypto to a scam involving a psychic, while earlier in September, another investor signed a malicious transaction that drained $3.05 million.
According to JP’s post on X, the scam began after a friend’s Telegram account was compromised. He was invited to a Zoom call where attackers used a deepfake video to establish credibility. During the call, JP clicked a link that silently triggered the wallet breach.
“I never saw any prompt for credentials or admin access. It has to be an active or recently patched 0-day,” — JP, co-founder, THORChain.
Blockchain investigator ZachXBT confirmed the incident, while security firm PeckShieldAlert reported approximately $1.2 million in assets stolen from a THORChain user’s wallet. JP later clarified the drained funds were tied to an old MetaMask account containing overlooked staked assets that did not appear on Etherscan.
In an attempt to recover the funds, on-chain data flagged by Lookonchain showed a message sent to the exploiter’s wallet via Etherscan. The note offered a bounty if the stolen tokens were returned within 72 hours, with assurances of “no legal action.”
The DPRK Telegram scam reflects a broader trend: Telegram has become a hotbed for crypto-related cybercrime. By June 2025, global crypto investors had lost $2.2 billion, largely through wallet breaches. Reports from Crystal Intelligence show over $22.7 billion stolen across 14 years of documented hacks and scams.
Scam Sniffer found Telegram scams surged 2,000% since November, with malware attacks now overtaking phishing. Criminals deploy fake bots in airdrop, trading, and alpha groups to trick users into executing malicious code.
The United Nations estimates that scams, laundering, and stolen data sales on Telegram generate more than $36.5 billion annually, with much of the activity facilitated in USDT (Tether). The U.S. Treasury has further linked North Korea’s Lazarus Group to massive illicit flows, with Huione Group alone connected to $98 billion in questionable transactions.
“Telegram has become both the marketplace and the battlefield for DPRK-linked scams,” — cybersecurity analyst, Crystal Intelligence.
For crypto investors, the DPRK Telegram scam highlights the urgent need for stronger personal and institutional defenses. JP urged users to avoid backing up private keys on iCloud, Google Drive, or similar services, recommending instead hardware wallets and multi-factor authentication on separate devices.
He also promoted threshold signature wallets, like Vultisig, which distribute private key shares across devices, reducing single points of failure.
“Attacks are only going to get worse. It can be solved; we just need to upgrade our wallets,” — JP, co-founder, THORChain.
Telegram, for its part, shut down Huione Guarantee in May 2025, but rival Tudou Guarantee quickly absorbed users, leading to a 400% increase in illicit activity. Despite further crackdowns on networks tied to Xinbi and Huione, which processed $35 billion in USDT-linked laundering, enforcement continues to lag.
For investors, the warning is clear: vigilance is no longer optional. The DPRK Telegram scam wave shows that even industry leaders are vulnerable, and the tools of deception from deepfakes to malware are advancing faster than traditional defenses.
Beyond technical solutions, industry experts stress the importance of ongoing education and awareness campaigns. Many victims of the DPRK Telegram scam were seasoned traders who underestimated social engineering risks. Training programs, clearer wallet security guidelines, and stronger industry-wide collaboration could help close the gap between fast-moving threats and investor preparedness.
