Now imagine doing that watching your life savings disappear within minutes. Well, that’s precisely what happened to Jake Gallen, CEO of Emblem Vault. His campaign “Elusive Comet” cost him more than $100,000 in digital assets due to the nature of the hack. This sophisticated attack normalized the exploitation of something as increasingly pervasive as Zoom. The emotional impact? Devastating. The feeling of violation? Unimaginable. This was not just some nebulous corporation being hacked. We were devastated, but unfortunately, a real person, just like you and me, had their financial future destroyed.

This is not only good news. It should serve as a wake-up call. Are you really ready to defend against the more advanced threats coming for your crypto? If you are, are you doing enough to take personal responsibility for your digital security? Don’t keep the door swinging open for the next “Elusive Comet” to come crashing through!

Is Your Zoom a Gateway for Thieves?

The beauty of crypto is its curse: decentralization. There’s no central bank to dial, no insurance policy to submit. You are your own bank, which means that you are the only one who can ensure your security. The “Elusive Comet” campaign takes advantage of the confidence we place in the tools we use every day such as Zoom. It's a stark reminder that complacency is the crypto thief's best friend.

Think about it this way: you wouldn't leave your front door unlocked, would you? Many of us are unwittingly leaving our cyberspace doors wide open—relying on default settings and overlooking basic security practices. The bad actors aren’t just politely knocking on the door, and they’re definitely not waiting for you to invite them in.

Verify, Verify, Verify

This isn’t just a motto, it’s your best protection. Attackers are stealthy impersonators, playing the part of a trusted ally to bait you into their trap. The SEAL report emphasizes dangerous social engineering tactics as seen through X (formerly Twitter) and phishing emails.

Think of it like this: would you hand over the keys to your house to a stranger who showed up claiming to be a locksmith without verifying their credentials? Of course not. Apply the same skepticism online. A raucous level of paranoia is your best pal.

  • You receive an unsolicited email or message from someone you don't know.
  • The greeting is generic ("Dear User" instead of your name).
  • The email address doesn't match the purported sender's organization.
  • They pressure you to act quickly or share sensitive information.
  • They refuse to communicate via official channels, like company email addresses.
  • They insist on using unofficial Calendly scheduling pages.

Zoom's remote-control feature is a double-edged sword. Though it can oftentimes be a great tool for partnership, if unprotected the application is a wide-open security chasm. For example, attackers in the “Elusive Comet” campaign have exploited this feature to install malware. Their victims were targeted with infostealers such as “GOOPDATE,” which emptied the contents of cryptocurrency wallets.

Zoom Security Lockdown

Don't assume Zoom's default settings are secure. Be proactive—and keep your meeting space safe and secure.

Consider a hardware wallet to be the digital equivalent of a high-tech safety deposit box for your cryptocurrency. The Ledger security ensures that your private keys never leave the hardware wallet so hackers can never access them. Unlike software wallets, which are open to malware and phishing attacks, hardware wallets protect your assets with an important layer of security.

  • Disable remote control: Go to Zoom settings and disable the option that allows others to control your screen.
  • Require passwords for all meetings: Don't rely on meeting IDs alone.
  • Use the waiting room feature: Screen participants before allowing them into the meeting.
  • Keep Zoom updated: Install the latest security patches to protect against known vulnerabilities.

Sure, they could be a little annoying initially. Yes, there's a learning curve. Yet, the peace of mind they provide is worth any dollar figure. As losing a hardware wallet is already terrible, having someone hack into your hardware wallet from afar would be much, much worse.

Hardware Wallets Are Your Friend

Consider this: you wouldn't store gold bars in a cardboard box in your backyard, would you? Take your crypto as seriously as you would treat your money and invest in a hardware wallet. It’s not a cost, it’s an investment in your bottom line.

Two-Factor Authentication (2FA) protects your account even further. This is normally done through a second verification code in addition to your usual password. Consider it your deadbolt on the front door to your digital house.

Use two-factor authentication (2FA) Protect your crypto accounts, and use 2FA on everything—period. Never use SMS-based 2FA, which is susceptible to SIM swapping attacks. Instead, use an authentication app like Authy or Google Authenticator.

2FA is Non-Negotiable

I know it’s a pain to have to jump through that hoop of entering a code every time you log in. That minor inconvenience is a small price to pay for protecting your hard-earned crypto. It's like wearing a seatbelt. It will be painful, but it can save your life – or in this instance your financial future.

In particular, X (formerly Twitter) has become a hotbed for phishing scams and fraudulent investment opportunities. Our “Elusive Comet” campaign is a great example of illustrating how attackers use social media to reel you in to their scheme.

If it sounds too good to be true, it likely is. As with any investment in a crypto project, do your own research. Don't fall for the hype. Don’t let FOMO (Fear Of Missing Out) distort your decision-making.

Be Skeptical of Social Media Hype

Remember, nobody is giving away free money. And no one can predict what the price of crypto will be in the future. So when you go online—be skeptical, be cautious, and above all, don't let the sharks lurking in the digital waters get to you.

The “Elusive Comet” attack — a wake-up call that our very crypto is under threat, and the threat is constantly changing. As Max Gannon from Cofense points out, that’s a dangerous trend. Individuals are using widely deployed enterprise collaboration tools such as Zoom to sidestep security controls. The lines between legitimate tools and malicious intent are continuing to blur, creating a challenge for attack detection.

The government isn't coming to save you. You are responsible for your own security.

Don't become the next victim. Take action today. Send this story to someone special. Let’s make sure that the entire community is aware and taking steps to protect ourselves from the rising threat of crypto theft.

The "Elusive Comet" attack is a sobering reminder that the threat to our crypto is real, and it's evolving. The use of legitimate software like Zoom to bypass security controls is particularly alarming, as Max Gannon from Cofense points out. The lines between legitimate tools and malicious intent are blurring, making it harder to detect attacks.

The government isn't coming to save you. You are responsible for your own security.

Don't become the next victim. Take action today. Share this article with your friends and family. Let's raise awareness and protect ourselves from the growing threat of crypto theft.