VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Mehdi Farooq, a partner at crypto VC firm Hypersphere, disclosed on X that he fell victim to a fake Zoom meeting phishing attack, resulting in the draining of six crypto wallets and the loss of his savings accumulated over several years. The attack began when an acquaintance, “Alex Lin,” reached out via Telegram to schedule a meeting. Citing compliance reasons, the attacker convinced Farooq to switch to Zoom Business and tricked him into downloading a malicious update. Attack method (per SlowMist): Social Engineering. Reported loss: -.
Primary source
https://x.com/MehdiFarooq2/status/1935502598221533185 ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Mehdi Farooq
- bug_class
- phishing
- date_occurred
- 2025-06-19
- loss_usd
- —
- source_id
- sm:mehdi-farooq::2025-06-19
Related — same bug class· phishing