Jake Gallen, CEO of crypto firm Emblem Vault and a reputed name in the NFT and podcasting space, has confirmed that he was targeted by a phishing attack over Zoom call that led to the loss of more than $100,000 in Bitcoin and Ethereum. The attack reportedly occurred after a deceptive Zoom interview, during which attackers gained unauthorized access to his computer.
Jake Gallen Loses $100K in Crypto Attack
Gallen shared details of the incident on X on April 11, revealing he had suffered a “complete computer compromise” that resulted in significant losses across multiple crypto wallets. He later disclosed that the attackers had installed malware, known as “GOOPDATE”, during a Zoom call with someone posing as a YouTube personality with over 90,000 subscribers.
Working with @_SEAL_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs.
Below I will share details about that person, my experience, and this malicious software known as GOOPDATE ↓ https://t.co/xXoeSWLUXA
— jake (@jakegallen_) April 14, 2025
The cybersecurity firm SEAL (The Security Alliance) has since linked the attack to an organized group known as ELUSIVE COMET, a threat actor notorious for impersonating executives of a fake venture firm named Aureon Capital. SEAL reports that ELUSIVE COMET has already caused millions in crypto losses through social engineering tactics that trick victims into installing malicious software.
Gallen explained that he had agreed to an interview after being contacted by a seemingly credible X account boasting 26,000 followers and claiming to represent a crypto mining startup. During the Zoom session, the alleged YouTuber kept their video feed off while Gallen’s camera remained active. In the background, GOOPDATE malware was discreetly working on Gallen’s device through Zoom’s default remote access feature, which allows hosts to request control over a participant’s system which is often without users realizing the risk.
Following the attack, Gallen has been collaborating with SEAL to track down the perpetrators and raise awareness within the crypto community. According to SEAL researchers, Zoom’s remote access setting is turned on by default, a vulnerability that attackers are actively exploiting. They have urged all users, especially from the crypto industry, to disable this feature immediately.
Security expert and NFT enthusiast Leonidas emphasized the same point: “If this setting isn’t changed, anyone in a Zoom call could take over your computer by default.”
Moreover, the attackers also managed to access Gallen’s Ledger hardware wallet in spite of the limited logins over the past three years and no digital records of its password. They also breached his X account in an attempt to lure additional victims using private messages.
SEAL has issued a warning about Aureon Capital and is encouraging anyone who may have had interactions with the firm to contact their emergency hotline on Telegram.
