Cryptocurrency
OpenAI’s new image model shows why crypto scams are about to get much worse – Crypto News
A crypto founder had his laptop compromised when he joined what appeared to be a Microsoft Teams call with Pierre Kaklamanos, a Cardano Foundation contact he had spoken with before.
When “Pierre” reached out about Atrium and sent a Teams invite, nothing looked out of place. On the call, the face and voice matched what he remembered, and two other apparent foundation members were present.
When the call lagged and dropped him, a prompt told him his Teams software was out of date and needed reinstalling through Terminal. He ran the command, then shut the laptop off because the battery was dying, which limited the damage in retrospect.
He describes himself as “quite technically savvy,” which is part of the point that the attack worked because the context felt legitimate.
Social engineers have always relied on familiarity, and executing that at scale once required either a compromised account or weeks of text-based rapport-building.
The video call was the authentication layer, the thing victims learned to trust, and replicating it is now within reach.
Fake update
Microsoft documented campaigns in February and March 2026 in which malicious files masqueraded as workplace apps, such as msteams.exe and zoomworkspace.clientsetup.exe, with phishing lures that mimicked legitimate Teams and Zoom meeting workflows.
In a separate warning, Microsoft described “ClickFix”-style prompts targeting macOS users, instructing them to paste commands into Terminal and targeting browser passwords, crypto wallets, cloud credentials, and developer keys.
The fake Teams update fits both patterns simultaneously.
Google Cloud’s Mandiant unit described a crypto-focused intrusion built on the same structure. A compromised Telegram account, a spoofed Zoom meeting, what witnesses described as a deepfake-style executive video, and troubleshooting commands that launched the infection.
Mandiant said it could not independently verify which AI model, if any, generated the video, but confirmed the group used fake meetings and AI tools during social engineering.
On Apr. 24, the real Pierre Kaklamanos posted on X saying his Telegram had been hacked and that someone was impersonating him, along with “a few other people in the industry this week.”
He told followers to avoid clicking links or booking meetings through the account and to verify contact through LinkedIn direct messages.
By then, the founder had already messaged the account suggesting they switch to Google Meet. Whoever controlled Pierre’s Telegram account replied that he had gotten busy and asked to reschedule, with the attacker still managing the persona once the call ended.
That exchange turns the incident from an isolated embarrassment into a live campaign signal that the method is active, the account compromise is the entry point, and the relationship history is the weapon.
| Stage | What the victim saw | Why it looked legitimate | What the attacker was likely trying to achieve |
|---|---|---|---|
| Initial outreach | “Pierre” reached out about Atrium and suggested a call | The victim had spoken with Pierre before, including on video | Reopen an existing trust relationship instead of starting from a cold approach |
| Meeting setup | A Microsoft Teams invite for the next day | Teams is a normal business workflow and the topic was plausible | Move the target into a controlled environment that felt routine |
| Live call | Familiar face, familiar voice, plus two other apparent Cardano Foundation members | The social context matched the victim’s memory of prior interactions | Lower suspicion and make the call itself feel like verification |
| Call disruption | Lagging, instability, then getting kicked out | Technical glitches are common in video calls | Create frustration and set up the fake “fix” as a normal troubleshooting step |
| Fake update prompt | A message saying Teams was out of date and needed reinstalling through Terminal | Software update prompts are familiar, and the user rarely used Teams | Get the victim to execute a malicious command directly |
| Command execution | The victim ran the command, then shut down the laptop because the battery was dying | The workflow still felt like a routine app fix at that moment | Launch the infection chain and gain access to credentials or device data |
| Post-call follow-up | The victim suggested switching to Google Meet; the attacker said he got busy and asked to reschedule | The persona continued behaving like a real contact after the failed attempt | Keep the relationship alive for another attempt and avoid immediate suspicion |
Why generative media changes the threat surface
The founder said he now believes the call may have involved AI-generated or manipulated video. Forensic confirmation of the tools is lacking, and the OpenAI connection here is governed by its own safety documentation.
OpenAI launched its 4o image generation model on Mar. 25, describing it as capable of “precise, accurate, photorealistic outputs,” and released the ChatGPT Images 2.0 System Card on Apr. 21.
The firm stated that the model’s “heightened realism” could, absent safeguards, enable more convincing deepfakes of real people, places, or events. One of the leading AI labs has now put on record that its own image model raises the ceiling on what a convincing fake can look like.
The World Economic Forum said in January 2026 that generative AI lowers the barrier to phishing while raising its credibility, through realistic deepfake audio and video that can evade both detection systems and human scrutiny.
INTERPOL declared financial fraud one of the world’s most severe and rapidly evolving transnational crimes in March 2026, identifying deepfake videos, audio, and chatbots as tools that make impersonation of trusted people easier to carry out at scale.
Chainalysis estimated that crypto scams and fraud reached $17 billion in 2025, with impersonation scams up 1,400% year over year and AI-enabled scams generating 4.5 times as much revenue as traditional methods.
Crypto attracts this class of attack because it combines high-value targets, fast settlement rails, and an informal communications culture in which Telegram introductions and ad hoc video calls between founders are routine.
Mandiant documented that the group behind the crypto Zoom intrusion targeted software firms, developers, venture firms, and executives across payments, brokerage, staking, and wallet infrastructure.
Mandiant noted that the victim’s data could be used to seed future social engineering, with each compromise generating material for the next.
Two paths forward
Zoom announced on Apr. 17 a partnership to add real-time human verification to meetings, a “Verified Human” badge, and a “Deep Face Waiting Room,” treating participant authenticity as a product problem.
Gartner predicts that by 2027, 50% of enterprises will invest in disinformation-security products or TrustOps strategies, up from less than 5% today.
In the bull case, that buildout reaches critical mass quickly enough that attackers must defeat multiple independent trust layers to complete a conversion, and the economics of impersonation campaigns deteriorate.
In the bear case, the timeline compresses before defenses do. Gartner warned that AI agents may halve the time required to exploit account takeovers by 2027, narrowing the window for human hesitation or security team intervention.
Deloitte estimated that generative AI-enabled fraud losses in the US alone could climb from roughly $12 billion in 2023 to $40 billion by 2027.
| Scenario | What changes | What stays vulnerable | Implication for crypto firms |
|---|---|---|---|
| Bull case | Verification tools spread quickly: human-verification badges, liveness checks, stronger internal trust rails, and more formal approval workflows | Informal founder-to-founder chats, legacy messaging habits, and ad hoc scheduling still create openings | Attackers face more friction and lower conversion rates because they must defeat several trust layers instead of one |
| Bear case | AI-generated impersonation improves faster than defenses are adopted; fake meetings and fake troubleshooting become standard playbooks | Public-facing executives, Telegram-based outreach, video-first verification habits, and staff under time pressure | Relationship hijacking becomes routine, and each compromise creates material for the next scam |
| What success looks like | Sensitive requests get verified across separate channels, with known numbers, shared passphrases, hardware keys, or pre-agreed internal systems | Social pressure, urgency, and trust in familiar faces and voices cannot be fully removed | Firms reduce the chance that one spoofed call can lead directly to compromise |
| What failure looks like | Teams rely on the call itself as proof of identity, even as deepfake and impersonation tools improve | Video remains persuasive even when it is no longer reliable as authentication | Crypto organizations become easier to target because executives are both high-value victims and reusable lure assets |
Every public-facing crypto executive becomes both a target and a lure asset, a source of voice recordings, video clips, and relationship graphs that attackers can deploy against the next victim.
Zoom is building liveness checks into meetings, Microsoft is documenting attack chains that impersonate its own software, and the FBI has warned that malicious actors are already using AI-generated voice and text to impersonate trusted contacts, advising against assuming a message is authentic because it appears to come from a known person.
Verification now requires independent rails, such as a known phone number, a hardware key, a shared passphrase established before any meeting, or a pre-agreed internal channel that no attacker has accessed.
-
Technology1 week ago
RAVE Coin Faces Pump-and-Dump Alert Amid 44% Rally, Binance & Bitget Urged to Probe – Crypto News
-
Cryptocurrency1 week agoBitcoin Cracks 7-Month Ceiling. Can Bulls Push It Higher? – Crypto News
-
Cryptocurrency1 week agoBitcoin now has just 4 days before ceasefire deadline risks price reversal with Hormuz closed again – Crypto News
-
others4 days agoVerifiable Bitcoin Accounts for Institutional Bitcoin. Your Custody, Your Terms. – Crypto News
-
Technology1 week agoBackup calling, direct voicemail features in smartphones originated in India: Samsung official – Crypto News
-
De-fi1 week agoX Generates $1 Billion in Trading Volume Days After Launching Cashtags Feature: X – Crypto News
-
Cryptocurrency1 week agoThe $78K Bull Trap? Why Iran’s Latest Statement Could Send Bitcoin Tumbling – Crypto News
-
Technology1 week agoHow to reverse-engineer the perfect ChatGPT prompt, according to an MIT professor – Crypto News
-
Technology1 week agoIn the AI propaganda war, Iran is winning – Crypto News
-
Cryptocurrency1 week agoBitcoin miners pivot to AI is now an immediate risk to network security – Crypto News
-
Cryptocurrency1 week agoBitcoin ETFs pull $1B inflow following Strait of Hormuz reopening – Crypto News
-
Blockchain6 days agoDoorDash Turns to Tempo to Offer Stablecoin Payments – Crypto News
-
Cryptocurrency1 week agoRipple taps Kyobo Life to enable real-time government bond settlements in Korea – Crypto News
-
Metaverse1 week agoAI Tool of the Week: This assistant works inside Microsoft Word and tracks every edit – Crypto News
-
Technology1 week ago
X’s BTC, ETH, XRP, DOGE Cashtags Drive $1B in Trading Volume Since Launch – Crypto News
-
Blockchain1 week agoCircle Launches USDC Bridge For Native Cross-Chain Transfers – Crypto News
-
others1 week agoJPMorgan Chase, Citi and Wells Fargo Lose $5,606,000,000 to Bad Loans in Just Three Months – Crypto News
-
Blockchain1 week agoXRP Rallies Toward $1.50—Expert Cites 3 Dates That Could Decide The Next Direction – Crypto News
-
Blockchain7 days agoUS Crypto Adoption Recovers With Bitcoin Still in Top Spot – Crypto News
-
others4 days ago
Verifiable Bitcoin Accounts for Institutional Bitcoin. Your Custody, Your Terms. – Crypto News
-
others1 week ago
Just-In: Ripple XRP Is Now Live On Solana-Powered Apps, Price Jumps 5% – Crypto News
-
Blockchain1 week agoRussia Introduces Bill To Criminalize Unregistered Crypto Services – Crypto News
-
others1 week agoBybit Report: Global Stocks Reach Record Highs as S&P 500 Surpasses 7,000 Milestone – Crypto News
-
Blockchain1 week agoDanger Zone Or Entry Point? – Crypto News
-
Technology1 week ago
X’s BTC, ETH, XRP, DOGE Cashtags Drive $1B in Trading Volume Since Launch – Crypto News
-
Blockchain1 week ago
Circle Launches USDC Bridge For Native Cross-Chain Transfers – Crypto News
-
others1 week agoBTCC Exchange Launches SpaceX Pre-IPO Perpetual Futures Trading and Celebrates with Tesla Cyberbeast Giveaway – Crypto News
-
De-fi1 week agoFigure Clashes With Short Seller Over Blockchain Lending Claims – Crypto News
-
Business6 days ago
Hormuz Bitcoin, USDT Tolls Face Crypto Scam Threat As Hackers Clone Iran’s System – Crypto News
-
Blockchain4 days agoTether Freezes $334 Million in Stablecoins Linked to Illegal Activity – Crypto News
-
Blockchain1 week agoHere’s When To Buy And When To Sell – Crypto News
-
others1 week agoGoldman Sachs Says One Investment Theme Is Back After Market Rebound – Crypto News
-
others1 week ago
Goldman Sachs Says One Investment Theme Is Back After Market Rebound – Crypto News
-
De-fi7 days agoSix years after “DeFi Summer” is the sun already setting on the decentralized finance revolution? – Crypto News
-
Technology6 days ago
Hormuz Bitcoin, USDT Tolls Face Crypto Scam Threat As Hackers Clone Iran’s System – Crypto News
-
Technology1 week agoWhite House chief of staff to meet with Anthropic CEO over its new AI technology – Crypto News
-
Technology1 week ago
In the AI propaganda war, Iran is winning – Crypto News
-
others1 week ago50,640 People Affected After Hackers Hit Healthcare Firm, Stealing Personal, Financial and Medical Data – Crypto News
-
Business1 week ago
Why is Rave Token Crashing 95% Today? – Crypto News
-
Business1 week ago
Why is Rave Token Crashing 95% Today? – Crypto News
-
Business1 week ago
Why is Rave Token Crashing 95% Today? – Crypto News
-
Blockchain7 days agoJPMorgan Chase and Citigroup Vie Over Tokenized Payment Rails – Crypto News
-
De-fi7 days agoHardware Wallet Tangem Announces Global Rollout of Its Retail Payments Service – Crypto News
-
Business6 days ago
Hormuz Bitcoin, USDT Tolls Face Crypto Scam Threat As Hackers Clone Iran’s System – Crypto News
-
Cryptocurrency4 days agoGSR launches BESO ETF with Bitcoin, Ethereum, Solana exposure – Details – Crypto News
-
others1 week ago
Binance Under Fire As Senator Sends Letters to DOJ, Treasury On $1.7B Iran Flows – Crypto News
-
De-fi1 week agoBitcoin Touches $78,000 As Iran Declares Strait of Hormuz ‘Completely Open’ – Crypto News
-
De-fi1 week agoKraken’s Parent Firm to Acquire US Derivatives Exchange Bitnomial – Crypto News
-
De-fi1 week agoKraken’s Parent Firm to Acquire US Derivatives Exchange Bitnomial – Crypto News
-
Business1 week ago
Why is Rave Token Crashing 95% Today? – Crypto News