A crypto founder lost control of his laptop after joining what appeared to be a legitimate Microsoft Teams call. The victim was technically savvy, but a deepfake of a known contact and the urgency of a fake 'update' were enough to make him execute a malicious command in Terminal. This incident, which occurred on April 24, 2026, is not an isolated case — it represents a new era of scams where generative AI allows attackers to replicate anyone's appearance and voice in real time.

The Signal

Deepfake Crypto Scams: OpenAI's Model Makes Social Engineering Lethal

On April 24, 2026, Pierre Kaklamanos, a Cardano Foundation member, posted on X that his Telegram account had been hacked and someone was impersonating him. Hours earlier, a crypto founder had accepted a Teams invite from 'Pierre,' speaking with someone who looked and sounded exactly like him. The call dropped, a fake Teams update prompt appeared, and the victim ran a command that compromised his machine. Only a dying battery limited the damage, preventing the attacker from exfiltrating more data.

deepfake video call scam
deepfake video call scam

Real-time deepfake is no longer science fiction — it's the new standard attack vector for stealing private keys and credentials in crypto.

This incident is not isolated. Microsoft documented 'ClickFix' campaigns in February and March 2026 targeting macOS users, with malicious files like msteams.exe and zoomworkspace.clientsetup.exe mimicking legitimate meeting workflows. Google Cloud's Mandiant unit reported a similar intrusion: compromised Telegram account, spoofed Zoom meeting with deepfake-style executive video, and troubleshooting commands that launched the infection. The attacker even continued the conversation after the call, showing the campaign is still active and attackers are refining their techniques.

The sophistication of these attacks lies in the use of generative AI models, such as OpenAI's latest model, which enable real-time deepfake video and audio with near-indistinguishable quality. This eliminates the last barrier of trust: visual verification. Previously, scammers needed weeks of rapport-building or compromised accounts; now, with just a few seconds of audio or video from a contact, they can replicate their appearance and voice instantly.

On-Chain Data

On-Chain Data — web3
On-Chain Data
  • Compromised wallets: The attack targeted browser passwords, crypto wallets, cloud credentials, and developer keys, per Microsoft's report. This suggests attackers are after both liquid assets and development infrastructure access.
  • Active campaigns: Microsoft detected malware disguised as workplace apps (Teams, Zoom) in February-March 2026, with phishing lures mimicking legitimate workflows. The 'ClickFix' campaigns are particularly dangerous because they trick technical users into executing commands.
  • Mandiant confirmation: Google Cloud's unit could not verify which AI model generated the video but confirmed the use of fake meetings and AI tools in social engineering. This indicates attackers are using state-of-the-art models, possibly open-source or commercial.
  • Trust network: The attacker leveraged prior relationship history — the victim had spoken with Pierre before — to lower suspicion. This AI-powered spear-phishing approach is far more effective than generic attacks.
on-chain scam analytics
on-chain scam analytics

Market Impact

This attack represents a qualitative leap in social engineering. Previously, scammers needed weeks of rapport-building or compromised accounts. Now, with image and video models like OpenAI's latest, replicating a known contact's appearance and voice is within reach. The video call — the last layer of trust for many users — has become the attack vector.

For the crypto ecosystem, implications are profound. Exchanges, custodians, and DeFi protocols that rely on video verification for high-value approvals (whitelisting, large transfers) face existential risk. Hot wallets and browser-stored keys are direct targets. Trust in digital communications — even with video — is eroding. Moreover, the market for decentralized identity (DID) tokens could see increased demand as they offer an alternative to traditional visual verification.

Investors should watch how crypto platforms react. Those that quickly implement multi-layer security measures, such as out-of-band authentication or biometric verification, could gain a competitive edge. Conversely, those still relying on video verification may suffer loss of trust and users.

Your Alpha

Your Alpha — web3
Your Alpha
  1. 1Audit your verification channels: Don't rely on a single video call to confirm identities. Establish a second factor out-of-band: a unique code via another app, a phone call to a known number, or in-person verification. For high-value transactions, consider using hardware wallets with physical confirmation.
  2. 2Protect private keys: Never store seed phrases or private keys in browsers or messaging apps. Use hardware wallets for cold storage and avoid entering keys on systems that can execute remote commands. Additionally, use password managers with two-factor authentication.
  3. 3Educate your team: 'ClickFix' attacks disguise themselves as legitimate updates. Any Terminal command or software installation requested during a call should be treated as an immediate red flag. Establish a security protocol where all update requests are verified through an independent channel.
crypto security checklist
crypto security checklist

Next Catalyst

Microsoft and Google are expected to publish detailed reports on these campaigns in the coming weeks, potentially accelerating adoption of security standards like passkeys and biometric verification on crypto platforms. Additionally, the Cardano community is on high alert after Kaklamanos's Telegram hack, which could trigger updates to the foundation's communication protocols.

Regulators are watching. The ability to generate convincing deepfakes in real time could prompt new SEC or CFTC guidelines on identity verification in crypto transactions. Any policy announcement in the next few weeks could shift market attention toward decentralized identity (DID) solutions. Companies like Polygon ID or Civic could benefit from increased regulatory scrutiny.

Furthermore, the release of more advanced AI models by OpenAI and competitors could exacerbate the problem but also drive innovation in deepfake detection tools. Startups developing blockchain-based identity verification solutions could attract significant investment.

The Bottom Line

The Bottom Line — web3
The Bottom Line

Deepfake is no longer a theoretical threat — it's an active tool in crypto scams. The combination of compromised accounts, fake meetings, and accessible AI models is redefining the risk landscape. For investors and builders, the immediate priority is migrating to multi-layer verification channels and cold storage. The next wave of security innovation — decentralized identity, proof-of-humanity, biometric verification — may be the answer, but for now, caution is the best asset. The crypto market must adapt quickly or face a crisis of trust that could hinder institutional adoption.