Cryptocurrency News

Deepfake Zoom Scam Drains $1.35M From ThorChain Founder, Ledger CTO Issues Warning

Photo of Ebo VictorPhoto of Ebo Victor Ebo Victor6 hours ago
3 minutes read
Deepfake Zoom Scam Drains $1.35M From ThorChain Founder, Ledger CTO Issues Warning
  • ThorChain founder JP Thor lost $1.35 million in a sophisticated deepfake Zoom scam linked to North Korean hackers.
  • Ledger’s CTO warns crypto users about a malicious attack on NPM packages that silently replaces wallet addresses.
  • Experts urge crypto users to rely on hardware wallets and audit dependencies to prevent further losses.

The cryptocurrency space was rattled this week after JP Thor, co-founder of ThorChain and Vultisig, revealed he had fallen victim to a conference call scam that cost him approximately $1.35 million. According to his statement on X, the attackers gained access to his iCloud and keychain, draining an old MetaMask wallet he had forgotten about. The funds were stolen by a North Korean group using deepfake technology, underlining the growing sophistication of social engineering threats targeting crypto leaders.

Ironically, investigators noted that ThorChain products in the past had been used by North Korean groups to launder stolen funds. This twist deepened public reaction, with many highlighting the irony of the situation. Despite the breach, JP confirmed that Vultisig wallets remained secure. Their design requires multiple key shares to approve transactions, ensuring that a single compromised device cannot lead to total fund loss. His statement has sparked discussions on the importance of multi-party security in an age where scams are becoming increasingly advanced.

Ledger CTO Issues Warning After ThorChain and NPM Attack 

While JP’s loss made headlines, an even broader threat emerged from the software supply chain. Charles Guillemet, the Chief Technology Officer of Ledger, issued a stern warning on social platform X after hackers compromised a developer’s NPM account. The attackers injected malicious code into popular JavaScript packages, including chalk and strip-ansi, which collectively record more than a billion downloads weekly.

This malicious code functions as a crypto-clipper, a program that replaces legitimate wallet addresses with those belonging to the attacker during Web3 transactions. The replacement occurs in real time, leaving users unaware that their funds are being redirected. 

Guillemet cautioned that individuals using software wallets face the highest risk since they cannot independently confirm the validity of transaction addresses. He advised that on-chain transactions should be avoided until developers have fully addressed the problem. Hardware wallets with clear signing ability remain safer options since they allow users to verify destination addresses before approval.

The scope of this supply chain attack is massive. It not only impacts Ethereum users but also stretches across other blockchains, including Bitcoin and Solana. Security analysts have stressed that the open-source nature of these tools makes them essential to global development, which means the attack has far-reaching consequences well beyond cryptocurrency alone.

Crypto Users Must Understand the Risks of Open-source Supply Chains Before Trusting Their Funds to Software

The latest incidents demonstrate the dual risks facing cryptocurrency users: direct scams that exploit human error and technical attacks that compromise widely used development tools. For everyday investors, the lesson is clear. Security must not depend solely on trust in software environments that can be manipulated at scale. Instead, users should diversify protective measures by adopting hardware wallets, verifying transaction details, and regularly auditing the applications they rely upon.

Industry experts have recommended that developers lock dependencies, pin safe versions of packages, and carefully review updates before integrating them into critical systems. Although many of the infected NPM packages have been cleaned, the risk has not been completely eliminated. Analysts continue to monitor suspicious versions that may still circulate in the ecosystem.

The ThorChain incident and the Ledger CTO’s warning together highlight how fragile trust remains in the crypto sector. As scammers adapt to advanced tools like deepfakes and supply chain exploits, both individual investors and major companies face growing pressure to adapt. The story serves as a wake-up call that, in digital finance, vigilance is not optional but an everyday necessity.

Photo of Ebo VictorPhoto of Ebo Victor Ebo Victor6 hours ago
3 minutes read
Photo of Ebo VictorPhoto of Ebo Victor

Ebo Victor

Victor is a crypto and blockchain enthusiast with over 5 years of experience. He has written for publications like NewsBTC, Bitcoinsensus, Bitcoinist, Cryptomode, Voice of Crypto, TronWeekly, Atomic Wallet and more. He write high-performing articles, news, technical breakdowns, project reviews, and social media posts.