Jake Gallen, the CEO of Emblem Vault, a platform that specializes in NFT storage and trading, has revealed he was the victim of a sophisticated phishing attack that led to the loss of over $100,000 in Bitcoin and Ethereum.
The breach occurred during a Zoom call that Gallen initially believed was a legitimate business meeting.
The attacker impersonated Tactical Investing, a well-known YouTube personality with more than 90,000 subscribers, and exploited Zoom’s default settings to gain remote control of Gallen’s device.
During the session, malware known as “GOOPDATE” was installed, enabling the hacker to compromise multiple crypto wallets, extract sensitive data, and ultimately drain digital assets from Gallen’s accounts.
ELUSIVE COMET Hackers Implicated in Broader Crypto Crime Spree
The cybersecurity group SEAL has since attributed the attack to a notorious hacker organization known as ELUSIVE COMET, a collective linked to millions of dollars in cryptocurrency theft.
The group is known for highly targeted and professional attacks, often masquerading as venture capital firms or influencers within the crypto space to establish credibility.
In Gallen’s case, the attackers capitalized on Zoom’s default remote access settings, a vulnerability that is not widely known but easily exploited.
The malware implanted during the call allowed them to extract wallet keys and credentials from Gallen’s machine.
SEAL warns that ELUSIVE COMET’s tactics are becoming increasingly advanced, with several similar cases reported across the Web3 and DeFi ecosystems.
Experts Warn Against Zoom Default Settings Amid Rising Threats
In response to the incident, cybersecurity experts are urging crypto professionals and startup founders to immediately review and disable Zoom’s default remote desktop access feature.
The vulnerability allows other participants to request control of a host’s screen, which, if granted, can lead to total device compromise.
SEAL researchers and security leaders across Web3 are now actively sharing tutorials and tips on how to modify these settings to better protect against phishing attacks.
Gallen himself has used his social media platforms to advocate for these changes, emphasizing the importance of proactive defense as phishing methods grow more convincing and technologically advanced.
Community Support and Calls for Stronger Cybersecurity in Web3
The crypto community has rallied around Gallen in the aftermath of the attack. On X (formerly Twitter), he detailed the loss of not only over $100,000 in crypto but also his personal PFP NFT and access to several wallets, a blow both financial and symbolic.
Many within the NFT and DeFi communities have praised Gallen for his transparency, noting that his openness has sparked crucial conversations about security practices in the crypto space.
While Gallen has held off on revealing all technical specifics until his security team completes a full investigation, his account serves as a wake-up call for both individuals and organizations to strengthen their cybersecurity measures immediately.
String of High-Profile Hacks Continues to Shake Crypto Space
Gallen’s experience is part of a broader wave of crypto hacks in recent weeks that have targeted both individuals and major platforms.
BNB Chain-based memecoin launcher Four.Meme recently lost $200,000 in a breach, despite swift intervention from its team.
zkLend, a decentralized money market, confirmed a $9 million exploit and has since offered the attacker a 10% bounty to return the stolen funds.
Additionally, on-chain investigator ZachXBT exposed a $3.5 million fraud scheme involving hacked Twitter accounts used to promote scam memecoins.
These incidents underscore the relentless nature of cyber threats in the crypto space and highlight the urgent need for better platform security, user awareness, and incident response strategies across the industry.