Hackers Impersonate Venture Capital Firms in Sophisticated Crypto Heist Scheme Using Fake Meeting Links

New Cyber Attack Method: Fake VC Firms Targeting Crypto Users

A sophisticated cyberattack campaign has emerged where hackers impersonate venture capital firms to target individuals in the cryptocurrency space. By leveraging social engineering tactics on platforms like LinkedIn, attackers lure victims into clicking malicious links disguised as virtual meeting invitations.

Highly Deceptive Tactics Used by Attackers

According to cybersecurity researchers, fraudsters have created fake VC profiles using names like SolidBit, MegaBit, and Lumax Capital. These fake entities are used to initiate contact with potential victims under the pretense of business collaboration opportunities.

Once targets click the fake links, they're directed to a convincing landing page featuring a counterfeit "I'm not a robot" CAPTCHA verification system. This interface secretly copies malicious commands to the clipboard and tricks users into pasting them into their terminal as supposed "verification codes".

Fileless Attack Bypasses Traditional Security Measures

• Attack requires no malware installation
• Relies on user-executed commands
• Evades standard security protections

The danger of this approach lies in its ability to bypass traditional security defenses. Rather than exploiting vulnerabilities or requiring suspicious downloads, attackers use psychological manipulation to get victims to execute commands themselves.

Victims Report Suspicious Contact Attempts

Investigations revealed that a person claiming to be Mykhailo Hureiev played a central role in initial contact attempts. Listed as a senior executive at one of the fake VC firms, this individual contacted multiple targets via LinkedIn. At least two social media users have reported suspicious interactions with this account.