Crypto CEO Loses $100K in Zoom Call Hack by ‘ELUSIVE COMET’

Jake Gallen, CEO of NFT platform Emblem Vault, said he lost over $100,000 in digital assets after unknowingly installing malware during a video call. Gallen explained that the call was set up after being approached by a user claiming to be the head of a crypto mining company with a large social media following.

During the call, Gallen was the only one with a visible screen. He said the caller convinced him to install what appeared to be a harmless update tool. “The file was introduced during the call and looked routine, but it gave full access to my system,” Gallen said. 

Once installed, the file allowed the attacker to access his crypto wallets and collect login data stored on the computer.

Working with @_SEAL_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs.

Below I will share details about that person, my experience, and this malicious software known as GOOPDATE ↓ https://t.co/xXoeSWLUXA

— jake (@jakegallen_) April 14, 2025

Malware Linked to Widespread Campaign

The file, identified as “GOOPDATE,” was later analyzed by cybersecurity firm SEAL, which is now assisting with the investigation. The malware reportedly gave the hacker full control over Gallen’s device. SEAL connected the attack to an ongoing campaign run by a group it refers to as “ELUSIVE COMET.”

SEAL stated that the group has been active for months and has used similar tactics to steal from other users in the crypto space. According to SEAL, “This attacker uses a professional front and targets individuals through staged interviews or meetings.” The group reportedly operates a fake company called Aureon Capital, which presents itself as a venture capital firm but has no verifiable business records.

Zoom Settings May Leave Users Vulnerable

The method used to carry out the attack drew attention to Zoom’s default meeting settings. Gallen said the attacker may have used Zoom’s remote control feature, which allows meeting participants to request control of another person’s screen. “That function was on without my knowledge. I had never adjusted those settings,” he noted.

Security experts confirmed that Zoom allows users to request remote control by default, though the person on the other end must approve it. NFT community member Leonidas urged users to check their settings. “People in crypto need to be aware that Zoom gives others the chance to take over their device unless remote access is disabled manually,” he said.

If you run a crypto startup and use Zoom go into the admin settings and check these two boxes and lock them immediately

If you don't do this anybody who is on a Zoom call with your employees can take over their entire computer by default pic.twitter.com/TbGq0lj8mu

— Leonidas $DOG (@LeonidasNFT) April 11, 2025

Stolen Assets and Hacked Accounts

Gallen said the hackers not only accessed his browser-based wallets but also breached his Ledger hardware wallet. “It had barely been used, and I never kept the password stored on any device,” he added. This raised concerns about how deeply the attacker was able to penetrate his system.

In the aftermath, the attacker also took control of Gallen’s X (formerly Twitter) account and began sending direct messages to his contacts, trying to repeat the scam. SEAL said it has seen this pattern in other cases and is urging victims or anyone approached by Aureon Capital to reach out through its verified Telegram support line.

The crypto community is now being warned to remain alert and check both software and platform settings before joining video calls or downloading any files.

The post Crypto CEO Loses $100K in Zoom Call Hack by ‘ELUSIVE COMET’ appeared first on Coinfomania.