THORChain Co-Founder’s Wallet Drained $1.35M in DPRK Telegram Scam
THORChain co-founder JP misplaced $1.35 million from a private pockets on Sept. 9 after falling sufferer to a Telegram phishing rip-off linked to North Korea. The assault mixed a hacked Telegram account, a deepfake Zoom name, and what he believes was a zero-day exploit.
His loss joins the listing of latest high-profile losses in the crypto house. Last month, billionaire heiress Taylor Thomson lost over $80 million in crypto after investments tied to a psychic. Similarly, earlier this month, a crypto investor lost $3.05M after signing a malicious transaction.
$1.2M THORChain Wallet Drained in Telegram Deepfake Scam, Investigators Confirm
Blockchain investigator ZachXBT confirmed the incident, stating that JP’s pockets was drained after he joined a pretend assembly hyperlink shared by way of Telegram. PeckShieldAlert had earlier reported the breach, reporting that roughly $1.2 million had been stolen from a THORChain person’s pockets.
Unravelling the stolen funds, JP explained in a publish on X that the funds have been tied to an outdated MetaMask account he had forgotten. The pockets contained staked property that didn’t seem on Etherscan, making it simple to miss.
JP additionally defined that the rip-off started when a buddy’s Telegram account was hacked. The attackers invited him to a Zoom name, the place a deepfake video was used to extend credibility. JP clicked a hyperlink in the course of the name however noticed no suspicious prompts or requests for credentials.
He believes the attackers could have accessed his encrypted iCloud Keychain or a separate Chrome profile on his Mac, the place MetaMask keys have been saved. “There was no request for admin passwords or set up,” JP wrote. “It must be an lively or lately patched 0-day.”
In a bid to recuperate the stolen funds, on-chain knowledge flagged by Lookonchain confirmed a brand new message despatched to the exploiter’s pockets. The message, recorded on Etherscan, provided a bounty if the stolen THOR tokens have been returned inside 72 hours, promising “no authorized motion” if the hacker complied and supplied contact particulars for the THORSwap group.
Notably, ZachXBT famous that THORChain and its co-founder had beforehand profited from the laundering of funds tied to DPRK exploits, together with hacks on exchanges like Bybit. “It’s a bit poetic he obtained rekt right here by DPRK,” ZachXBT stated.
Highlighting the teachings discovered from the expertise, JP emphasized that personal keys develop riskier the longer they’re saved, urging customers to not again them up on iCloud, Google Drive, or comparable providers. He additionally advisable utilizing two-factor authentication on a separate gadget, equivalent to a burner cellphone, to scale back publicity.
He added that threshold signature wallets like Vultisig, which break up key shares throughout a number of gadgets, signify the following stage of crypto safety. “Attacks are going to solely worsen,” JP stated. “It could be solved; we simply must improve our wallets.”
Telegram Scams Surge: $2.2B Lost in 2025 as Malware Attacks Overtake Phishing
By the tip of June this yr, crypto investors had lost $2.2B, largely from pockets breaches and scams. Crystal Intelligence confirmed that over 1,000 hacks, scams, and DeFi breaches have stolen $22.7B in crypto throughout 14 years of tracked incidents.
Specifically, Scam Sniffer reported that crypto scammers are focusing on Telegram, the place malware scams have surged 2,000% since November and overtaken conventional phishing. Attackers unfold malware by way of bogus verification bots in buying and selling, airdrop, and alpha teams, permitting them to steal passwords, non-public keys, and pockets knowledge as soon as customers execute malicious code.
Noting the abundance of hacks on Telegram, final yr, the United Nations estimated scams, cash laundering, and stolen knowledge gross sales on Telegram generated greater than $36.5 billion yearly, usually by way of USDT.
Criminals additionally promote deepfake instruments and malware, with the U.S. Treasury linking Huione Group to $98 billion in illicit crypto flows tied partly to North Korea’s Lazarus Group.
Telegram shuts down $27 billion Huione crypto rip-off market however rivals surge 400% quantity as legal networks shortly migrate to successor platforms like Tudou Guarantee.#Telegram #CryptoScamhttps://t.co/xjpxGw5SSo
— Cryptonews.com (@cryptonews) June 24, 2025
To curb this, Telegram shut down Huione Guarantee in May 2025, however rival Tudou Guarantee shortly absorbed its customers and drove a 400% surge in exercise.
Similarly, Telegram shut down thousands of channels tied to Xinbi and Huione Guarantee, which processed over $35 billion in illicit USDT transactions, Elliptic reported. The platforms used encrypted teams to promote cash laundering, stolen knowledge, and pretend IDs, with Huione linked to Cambodia’s ruling elite.
The publish THORChain Co-Founder’s Wallet Drained $1.35M in DPRK Telegram Scam appeared first on Cryptonews.
