Bitget CEO Gracy Chen has warned that fake Zoom and Microsoft Teams meeting invitations being used to steal cryptocurrencies from industry experts are spreading rapidly.
Notifications sent through Telegram or fake Calendly pages attempt to trick victims into installing malware disguised as a “network update.”
Kidnapping of Chinese travel blogger raises security concerns
Chen explained how hackers operate in a Dec. 9 post about X. She said it starts with users receiving a fake link for what appears to be a standard business meeting. During calls, criminals reportedly use excuses such as poor audio quality or connection issues to convince targets to download what appears to be a software update or SDK.
The file is actually malware designed to steal passwords and private keys, a technique known to be used by the Lazarus Group, an advanced persistent threat (APT) organization reportedly associated with the North Korean regime.
The crypto exchange executive’s comments came shortly after Chinese travel blogger Lan Zhanfei announced that he had been kidnapped in South Africa.
Lan said the kidnappers spent six months preparing for the attack, bribing hotel and airport officials, entering their rooms and forcing them to collect biological samples while threatening to kill them if they did not return to China.
Multiple posts circulating on Weibo and X describe Lan as a prominent travel influencer known for his extreme road trips and large following online. One widely shared Facebook post said he was held for hours inside a Cape Town hotel, forced to take nude photos and made to sign a loan agreement. Mr. Lan later thanked the Chinese embassy for its intervention and relocation, after which his IP address became Chilean.
You may also like:
- Crypto firm pledges HK$57 million in immediate aid after Hong Kong’s worst fires
- Cryptocurrency theft by North Korea will reach $2.83 billion by 2024
- Bunni DEX shuts down after $8.4 million hack
Although Chen did not claim that the kidnapping was cryptocurrency-related, he linked the incident to broader targeted crimes against online individuals and blockchain users. In her warning, she highlighted that attackers have begun impersonating Bitget representatives, pointing to fraudulent Telegram accounts using her name and a fake “calendly.com/bitgetglobal” page.
Her message urged users to double-check all meeting links, avoid installing software that is pushed during calls, and immediately report suspicious contacts to security teams. He added that spreading the warning can prevent more users from falling victim to similar traps.
Growing patterns of physical and digital cryptographic attacks
Lan’s ordeal comes at a time of growing concern for cryptocurrency-related violence, highlighted by incidents in Minnesota and Paris reported earlier this year.
In September, two brothers were charged in Minnesota with holding a family hostage at gunpoint for nine hours and forcing the victim to transfer $8 million in cryptocurrency. Meanwhile, French police arrested five suspects in August after a Parisian man was kidnapped near the Arc de Triomphe and a hard drive containing 2 million euros in Bitcoin was stolen.
Both incidents drew attention to how digital assets can become targets for traditional criminals once their wallets and possessions become known.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
