Bitget CEO Gracy Chen has issued a warning regarding a rapidly spreading wave of fake Zoom and Microsoft Teams meeting invitations designed to steal cryptocurrency from industry professionals.
These malicious notices are being distributed through Telegram and deceptive Calendly pages, aiming to trick victims into installing malware disguised as a legitimate "network update."
Kidnapping of Chinese Travel Blogger Intensifies Security Fears
Chen detailed the hackers' modus operandi in a December 9 post on X. The scheme begins with users receiving counterfeit links to what appears to be a routine business meeting. During the online call, attackers allegedly exploit pretexts such as poor audio quality or connection issues to persuade the target into downloading a supposed software update or SDK. This file is, in reality, malware engineered to steal passwords and private keys, a tactic notably employed by the Lazarus group, an advanced persistent threat organization reportedly associated with the North Korean regime.
The crypto exchange executive's alert followed closely on the heels of Chinese travel blogger Lan Zhanfei publicly disclosing his kidnapping in South Africa. According to Lan, his abductors spent six months meticulously planning the attack, which involved bribing hotel and airport staff. They allegedly broke into his hotel room and forced him to provide biological samples, while simultaneously threatening his life if he did not return to China.
Multiple posts shared across Weibo and X identified Lan as a prominent travel influencer recognized for undertaking extreme expeditions and maintaining substantial online followings. A widely circulated Facebook post indicated that he was held captive for hours within a Cape Town hotel, compelled to participate in nude photography, and coerced into signing debt agreements. Lan later expressed gratitude to the Chinese Embassy for their intervention and subsequent relocation, with his IP address eventually registering in Chile.
Although Chen did not directly link the kidnapping to cryptocurrency activities, she connected the incident to a broader pattern of targeted crimes affecting online personalities and blockchain users. In her warning, she emphasized that attackers have begun impersonating Bitget representatives, citing a fraudulent Telegram account bearing her name and a fake "calendly.com/bitgetglobal" page as examples. Her message strongly advised users to meticulously verify all meeting links, refrain from installing any software prompted during calls, and promptly report suspicious contacts to their security teams. She further stressed that disseminating this warning could help prevent more individuals from falling victim to similar fraudulent schemes.
A Growing Pattern of Physical and Digital Crypto Attacks
Lan's harrowing experience has emerged during a concerning period marked by an increase in crypto-related violence, including incidents reported in Minnesota and Paris earlier this year. In Minnesota, two brothers were charged in September after allegedly holding a family hostage at gunpoint for nine hours and forcing a victim to transfer $8 million in cryptocurrency. Concurrently, French police apprehended five suspects in August following the abduction of a Paris man near the Arc de Triomphe, who was subsequently robbed of a hard drive containing €2 million in Bitcoin.
Both of these cases underscored the vulnerability of digital assets to traditional criminal elements once wallet holdings or account information become known.