A sophisticated deepfake-enabled phishing campaign is actively targeting Bitcoin users through fake Zoom and Microsoft Teams calls.
The attackers are exploiting video conferencing, Telegram, and AI-generated identities to steal bitcoin and compromise victims’ digital lives.
The attack chain begins on Telegram, where victims receive what appears to be a legitimate message or call request from a known contact or trusted figure in the Bitcoin community. The attacker then initiates a Zoom or Microsoft Teams call using a link shared via Telegram.
On the video call, the threat actor uses AI deepfake technology to impersonate a familiar face convincingly. This could be a colleague, a well-known Bitcoin personality, or a previous contact.
Martin Kuchař, co-founder of BTC Prague, and Bitcoin treasury strategist Ed Juline report an active, high-level hacking campaign targeting the Bitcoin community.
The video looks real enough to lower suspicion, especially when combined with a friendly, context-aware conversation.
Once trust is established, the attacker pretends to have audio issues or “technical problems” with the call. Under this pretext, the victim is instructed to install a supposed “plugin,” “audio fix,” or “update” on their system. In reality, this file is malware designed to grant the attacker full remote access.
Complete system takeover
After the malicious plugin is installed, the attacker can gain complete control of the victim’s system. This allows them to:
- Steal bitcoin from hot wallets installed on the machine.
- Hijack Telegram accounts to continue spreading the attack to new targets.
- Capture passwords, browser sessions, and authentication tokens for other services.
Compromised accounts are then weaponized to contact more victims, making the campaign extremely dangerous inside close-knit Bitcoin and crypto communities where trust networks are strong.
Ed Juline reported a close call after receiving what appeared to be a legitimate call from Martin Kuchař. The video showed a familiar face, and earlier warnings about the campaign were already circulating.
Even with this awareness, a fake audio update prompt during the call almost tricked him into installing the malicious plugin.
Juline narrowly avoided compromise only after being urgently advised to unplug his computer immediately, highlighting how convincing and high-pressure these attacks can be, even for experienced Bitcoin users.
Security recommendations
Security professionals are urging Bitcoin users and crypto enthusiasts to adopt strict precautions:
- Do not accept Zoom or Microsoft Teams calls initiated via Telegram links.
- Treat all Telegram messages as untrusted, even when they appear to come from known contacts.
- Never install plugins, updates, or “fixes” suggested during a live call.
- Prefer more controlled platforms like Signal, Jitsi, or Google Meet for sensitive discussions.
- Use reputable endpoint protection and regularly scan for malware.
These attackers operate in a highly professional manner, blending deepfake video, social engineering, and malware to exploit trust and urgency.
The core message from the Bitcoin community is clear: this can happen to anyone. In an era of realistic AI impersonations, users must slow down, verify identities out-of-band, and question everything before clicking, installing, or approving access.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.