Karma Strikes! DPRK Hacker Loses $1.2M to Fake Meeting Scam

As revealed in a recent X post by the on-chain security firm PeckShield, a crypto trader on the decentralized exchange platform Thorchain has been hit with a hack, resulting in a $1.2 million loss. Although the hack into the victim’s system began on Tuesday, the exploit was completed on Friday when the bad actor stole funds in Kyber Network token (KNC) and Thorswap token (THOR).

According to the on-chain investigator ZachXBT, the exploit victim, identified as JPthor on X, has greatly benefited financially from the laundering of funds from numerous North Korean hacks and exploits. This makes JPthor a bad actor, too. Various Crypto Twitter users reckon that JPthor’s loss is a vivid example of karma.

The wallet likely belongs to @jpthor who had a private wallet compromised due to a fake meeting scam a few days ago.

JP is one of the people whose has greatly benefited financially from the laundering of DPRK hacks/exploits.

So it’s a bit poetic he got rekt here by DPRK. pic.twitter.com/T57RRJ0bbf

— ZachXBT (@zachxbt) September 12, 2025

Karma Strikes Exploiter 

Notably, the victim shared the exploit on his official X social media account since Tuesday, explaining how it unfolded. First, the bad actor gained access to a Telegram account belonging to JPthor’s close associate, which was unknown to the victim.

finally tracked down the source of the attack

friend’s hacked telegram account with a zoom link.

Note: this is the OFFICIAL zoom link and I joined IN THE browser. I literally saw a deep fake of my friend, but couldn’t hear anything so dropped off and tried on google meets.… https://t.co/9s2fIW4z7x pic.twitter.com/Tjx9bX8kSO

— JP (@jpthor) September 8, 2025

Using the account, the exploiter texted JP with a Zoom invitation to an important meeting, pretending to be the real account owner, and persuaded JP to join the meeting as soon as possible. JP innocently opened the fake Zoom meeting link via his system’s browser, giving the hacker access to some confidential data.

Interestingly, the hacker had everything well planned, as JP saw a deepfake video of his friend on the Zoom call, which lasted approximately two minutes. Thereafter, the malicious actor urged JP to send a new Google Meet link for the call once the desired purpose was achieved.

According to JP, a Metamask wallet was not signed in and active on his Chrome browser at the time of the call, and he had stored his safety keys using iCloud Keychain. Hence, it is possible that the hacker’s malware infiltrated other users’ Chrome profiles on his PC, or it completely compromised his iCloud keychain. This was carried out smoothly without any pop-ups requiring the input of the admin password or the installation of any software.

The post Karma Strikes! DPRK Hacker Loses $1.2M to Fake Meeting Scam appeared first on Cointab.