Manta Network Co-Founder Targeted in Sophisticated Zoom Phishing Attack Using Deepfake Videos

Kenny Li, co-founder of Manta Network, has revealed he was the target of a highly advanced phishing attempt involving deepfake technology during a Zoom call.

In a detailed post on April 17, Li described how attackers used prerecorded videos of familiar individuals to impersonate them in what appeared to be a legitimate meeting.

Li said the video feed showed recognizable faces with cameras turned on, adding to the illusion of authenticity.

No Audio, Fake Update

However, he noticed the audio was missing, and the participants prompted him to download a suspicious script file under the guise of a Zoom update.

“I could see their legit faces. Everything looked very real. But I couldn’t hear them… It asked me to download a script file. I immediately left,” Li wrote on X.

He attempted to confirm the identity of the caller via Telegram, but the person blocked him and deleted all messages shortly after.

Li suspects the North Korea-linked Lazarus Group was behind the incident. He also shared screenshots of the Telegram conversation before it was erased.

A zoom link that opened to Google Chrome into what looks like a web based Zoom. Then a notification pops up saying your zoom is out of date and you have to download a file to update it. General MO with Lazarus is to find ways to get you to download and open a file so I’m told.

— 🤓Kenny.manta (@superanonymousk) April 18, 2025

Li warned the crypto community to treat any unexpected download request—especially updates or script files—as a major red flag.

“If you need to download something to continue talking to someone, don’t do it,” he emphasized, noting that such attacks exploit emotional familiarity and the fatigue that comes with constant communication in the crypto space.

Crypto Users Targeted in Zoom Deepfake Scam Involving Fake Business Client

The attack wasn’t isolated. A member of ContributionDAO reported a similar experience, where the attackers insisted on using a customized Zoom client and refused to switch to Google Meet.

“Even though I actually have Zoom on my computer, I couldn’t use it. They claimed it had to be a business version that they had registered,” they said.

Me too, boss, they also asked me to download Zoom via their link, and said that it's only for their business. Even though I actually have Zoom on my computer, I couldn’t use it. They claimed it had to be a business version that they had registered. When I requested to switch to…

— Vow | ContributionDAO (@VowIMTX) April 18, 2025

Another user, crypto researcher “Meekdonald,” stated that a friend of theirs had fallen victim to the same ploy.

The coordinated nature of the incidents suggests a broader phishing campaign targeting crypto executives using increasingly realistic deepfake methods to spread malware.

Last year, a detailed report by blockchain security firm SlowMist revealed that a sophisticated phishing attack disguised as a fake Zoom meeting link has stolen crypto assets worth millions.

The scam, first identified on November 14, 2024, targeted users by distributing malicious software through links that mimic the legitimate Zoom interface.

In March, Kaito AI, an artificial intelligence-driven platform providing crypto market analysis, and its founder, Yu Hu, were targeted in a social media hack on X.

Hackers took control of the account and falsely claimed that Kaito AI’s wallets had been compromised, warning users that their funds were at risk.

The misleading posts, which have since been deleted, aimed to incite panic among investors.