Researchers say organized criminal groups are recruiting professional voice impersonators and using deepfakes to run targeted vishing campaigns against senior U.S. crypto executives — with operatives making up to $20,000 a month.
A new report from GK8 by Galaxy, reviewed by Decrypt, shows threat actors moving beyond generic phishing to build tailored phone- and video-based scams that exploit executives with privileged access to custody systems and private keys. Attackers are assembling curated datasets of personal information and designing realistic pretexts to lower guards and extract sensitive confirmations.
Investigators found recruitment posts on restricted underground forums seeking experienced “callers.” Sample target lists included senior legal officers, engineers, financial controllers and CTOs with minimum net worths around $500,000. According to GK8, the data behind these campaigns often comes from fresh compromises.
Operators employ VoIP platforms, direct inward dialing numbers, SMS and real-time AI-driven voice and video tools to impersonate banks, regulators and crypto services. Forum listings show pay ranging from about $15 per 20-minute call up to monthly retainers of $20,000 for trusted operatives, reflecting a professionalized fraud model.
The trend fits a broader pattern: attackers — including North Korean-backed groups — have used deepfakes and fake companies to infiltrate crypto firms, contributing to reported losses of $1.34 billion across multiple incidents in 2024. Experts note some crude detection cues (like lagging audio) but warn AI tools will soon make fakes much harder to spot.
Security takeaways: assume executives’ personal data may be exposed; require multi-person approval for high-value transactions; separate signing authority and private keys; and train staff on voice/video social-engineering tactics. As GK8 warns, defenses must evolve as attackers prioritize quality and personalization over volume.
Source: Decrypt. Read the original coverage for full details.
