December 24, 2025 • 21 mins
This week, we’re sharing an episode from the podcast Click Here, from our friends at Recorded Future News and PRX:
Jake Gallen was a rising star in crypto. Then, after what seemed like a routine YouTube interview, his digital world unraveled. His NFTs? Liquidated. His social accounts? Hijacked. It turns out, the hackers didn’t need phishing links or fake job offers. They needed something much simpler: a Zoom invite.
Subscribe to Click Here on Apple Podcasts (https://podcasts.apple.com/us/podcast/click-here/id1225077306) or wherever you get your podcasts.
Got something you’re curious about? Hit us up killswitch@kaleidoscope.nyc, or @killswitchpod, or @dexdigi on IG or Bluesky.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
A what's going on? It's dexter. So we're doing something
a little different this week. While our team is away
for the holiday, We're going to bring you an episode
of a podcast called click here. It's produced by our
friends that recorded Future News and PRX, and it's all
about the people who are making and breaking our digital world.
Today's episode follows a hacking group called Elusive Comet. They
don't rely on zero days or ransomware. They just use
(00:22):
charm and zoom to fall into their trap. You don't
need to be reckless, just polite. Here's Dina temple Rastin,
the host of click Here, with the story.
Speaker 2 (00:33):
Jake Gallen used to work behind the velvet ropes in
Las Vegas. Among other things, he worked the cabanos at
Planet Hollywood and for a while he thought that life sparkled.
Speaker 3 (00:45):
You know, it's funny because when I was going to UNLV,
I was in a fraternity there, and you'd say, yeah,
you know, I would love to have a nightclub job
because I can continue this type of lifestyle.
Speaker 2 (00:56):
But it got a little old once you get.
Speaker 4 (00:58):
Into that lifestyle. After about a year, you're like, man,
this kind of sucks.
Speaker 2 (01:02):
It wasn't just that he was awake when the rest
of his friends were asleep, or that he missed all
kinds of milestones in other people's lives. It was just
kind of lonely, and he worried that he'd never find
something as exciting where he'd be making that kind of
money until one day he was on a Reddit forum
(01:22):
and found Ethereum, the cryptocurrency.
Speaker 3 (01:25):
So I found Ethereum in twenty sixteen on a Reddit
forum called Wall Street Bets.
Speaker 2 (01:31):
To Jake, trading ethereum, the second largest cryptocurrency after Bitcoin,
felt like opening a secret door into a whole new world,
one that was intoxicating, unpredictable, and full of promise.
Speaker 3 (01:43):
I was very fascinated by this idea of how it
kind of strips power away from a lot of the
central authorities, and for me, I was very certain that
this was going to be the industry that changes the world.
Speaker 4 (01:56):
I still have that.
Speaker 2 (01:57):
Believer, and like so many true believers, he didn't want
to just watch from the sidelines. So we started training
crypto and then he stumbled into the world of NFTs
that short for non fungible tokens. There are blockchain based collectibles,
think beanie babies, but with code, and before long he'd
carved out a reputation in one of the strangest corners
(02:20):
of the NFT universe, a niche known as historical NFTs.
Think of them as relics, pixelated artifacts from Crypto's adolescence.
Speaker 4 (02:30):
So's one of the largest Mooncat collectors at the time.
Speaker 2 (02:33):
Mooncats primitive, quirky, little pixelated pictures of cats and among
the very first NFTs ever minted.
Speaker 3 (02:40):
And I said that I had some that I was
interested in auctioning off.
Speaker 2 (02:44):
They were valuable, a kind of Mickey Mental Rookie card
of the blockchain. This wasn't an obvious career choice for
a health science major, but Jake understood collectibles in a
kind of visceral way because he'd lived it.
Speaker 3 (03:00):
I had actually owned an antique store in Vegas with
my father. That was my first business, and so we
are very knowledgeable in this world of like antiquities and collectibles.
Speaker 2 (03:09):
Which is probably why Southeby's came calling. Yes, that's Southeby's
the one that sells Van Goes.
Speaker 3 (03:16):
Six Sasi painting by Vassin Vngeur sendor Remo Marte.
Speaker 1 (03:19):
Painted in eighty eighty seven.
Speaker 2 (03:21):
And they asked him if you wanted to participate in
their second ever NFT auction. It was a huge deal.
One of the world's oldest auction houses was now moving
into digital.
Speaker 3 (03:31):
Ward eleven million, two d and fifty thousand euros adiuge.
Speaker 2 (03:38):
And just like that, Jake was suddenly orbiting Crypto Royalty,
rubbing elbows with celebrities like Steve Aoki and Paris Hilton.
He was hosting panels, being interviewed live streaming, He started
a podcast, and his profile exploded. And in the middle
of all this, he made an unusual decision. In the
(04:01):
crypto world, everyone hides, they use avatars or fake names
VPNs on top of VPNs, that's the culture, anonymous, encrypted
and untouchable. But not Jake Gallon. He in essence doxed himself.
Speaker 3 (04:18):
Since I started in twenty seventeen, you know, being a
docs person was unheard of.
Speaker 4 (04:23):
That was like a very rare thing to do.
Speaker 2 (04:26):
He used his real name, told people what he owned,
where he worked, what he bought into. He thought the
transparency would help him earn trust, so he leaned into it.
Speaker 3 (04:37):
You know, well, obviously it makes you a target, but
it also makes you a little bit more respectable and
it leads, in my opinion, to more opportunities.
Speaker 2 (04:45):
That openness got him noticed. He started getting nonstock media
requests three, five, sometimes eight interviews a week, so when
a show called Tactical Investing reached out in April, it
was just another thing he had to fit in into
his schedule.
Speaker 3 (05:01):
The message was like, hey, you know doing a cohort
of individuals with leaders in the industry for my channel.
Would love to interview you. So I respond and say,
hey man, sure, yeah, I'd love to.
Speaker 2 (05:17):
A week later, he logged onto zoom ready for his interview.
But this was not just any interview, this was a trap.
I'm Dina Templewrestent and this is click here, a podcast
about all things cyber and intelligence. We tell true stories
about the people making and breaking our digital world today.
(05:40):
We're used to watching for a shady link, a sketchy email,
a too good to be true promise. But what if
danger comes wrapped in something ordinary, A zoom call, a
friendly face, a simple request. You don't need to be careless,
just courteous. Stay with us. From Record of Future News,
(06:08):
This is click Here. Jake Gallon had always known that.
Deciding to use his real name publicly and talking so
openly about his life would be a risk, so he
made sure his security was air tight.
Speaker 4 (06:29):
I generally consider myself to be very careful. I mean
I have.
Speaker 3 (06:33):
Maybe five to ten different hardware wallets with different assets.
On top of it, multiple computers which hold different types
of wallets.
Speaker 2 (06:42):
So anytime he got an interview request, he would vet
them thoroughly. And that's exactly what he did in April
when he got an interview request from a YouTube show.
He'd never heard of something called Tactical Investing. Did they
have mutual followers? Check history of posts with the original
check check a show that appears to be a real show.
Speaker 4 (07:06):
Hey, guys, what is up? It is Alexander here back
with Tactical Investing, and in today's video, I want to
do a step by step staking.
Speaker 3 (07:13):
The YouTube channel had close to one hundred thousand subscribers,
had like six years of posting history. I had interviews
with people that I'm familiar with in the industry, and
had a bunch of recent posts, posting videos every few
days or so.
Speaker 2 (07:31):
So we said yes, and he was excited. By this point.
He was CEO of a crypto company and they had
a new product. He wanted to demo. So the day
of the interview, he logged on and it started like
so many interviews before it, but the host had his
camera off.
Speaker 3 (07:47):
So when we get on the interview, he has his
screen off, and he says, do you mind that I'm
going to keep my screen off?
Speaker 2 (07:56):
Why wouldn't he want his camera on? He was a
YouTuber after all, That alone set off a flicker of
doubt in Jake's mind, but just a flicker.
Speaker 3 (08:05):
This industry is, you know, it's full of pseudononymous and
anonymous people.
Speaker 4 (08:10):
But what was weird is that he's a YouTuber.
Speaker 2 (08:15):
But then the guy kept talking. He sounded confident, casual,
and Jake he let the flicker fade.
Speaker 3 (08:22):
So I'd actually watched a handful of his interviews, you
kind of understand who this person is, or like what
their interview style is like. It sounds just like him,
literally just like him.
Speaker 2 (08:34):
And pretty quickly he wasn't just feeling relaxed, he was
feeling kind of impressed. The questions were smart, technical. The
interviewer clearly understood Emblem Vault, the crypto company that Jake
was running.
Speaker 3 (08:48):
What he was asking me actually was was kind of nuanced,
questions about emblem vault, which to understand what elmbum vault is,
you have to be pretty deep into the industry.
Speaker 2 (08:59):
So what any founder would do when somebody really gets it,
he let his guard down.
Speaker 3 (09:05):
And so after about thirty or forty minutes into the interview,
the gentleman says, okay, I would love for you to
demo Agent Hustle.
Speaker 2 (09:15):
Agent Hustle not a nineteen seventies crime show, but an
AI tool for tracing blockchain activity. And Jake was really
proud of it. So when the interviewer said he'd give
Jake access to share his screen, he just clicked shared
his screen and walked the interviewer through the tool. When
the call ended, Jake thought it had gone pretty well.
Speaker 3 (09:36):
I tell him, hey, he is a great interview. He
asked the right questions, and he says he'll be up
in a few days, and then that's it.
Speaker 4 (09:45):
Everything is fine.
Speaker 2 (09:46):
But everything was not fine. It started the next day
Jake got a notification that a Mooncat NFT that he'd
bought for one hundred thousand dollars was suddenly sold at
the bargain basement price of one thousand dollars.
Speaker 4 (10:03):
And then I see another sale happen.
Speaker 3 (10:06):
I get another notification from open Sea saying that another
sales happened, very.
Speaker 2 (10:09):
Low ball, and his heart started to raise.
Speaker 4 (10:12):
And I know there's a hack that's happening. I don't
know how or what or why.
Speaker 2 (10:18):
He scrambled change passwords, reached for every security switch he knew.
Speaker 3 (10:23):
Just minimizing the blast radius of what was going on,
trying to figure out what was happening.
Speaker 2 (10:30):
And then came the moment everyone dreads. He was logged
out of his email, his social media, and every time
he tried to regain control, the hacker just kicked him
right back out. It was like whack a mole with
his life. He tried to revoke permissions on revoke cash no.
Speaker 3 (10:47):
Look, and I could see more Mooncats being listed, and
then I see other collections being listed.
Speaker 2 (10:53):
And then a chilling realization.
Speaker 3 (10:55):
Oh fuck, this is like a full on like somebody
has my seat phrase.
Speaker 2 (11:00):
Seed phrase like a master key to all of his
wallets and NFTs.
Speaker 4 (11:04):
Which is crazy because I've never written that seed phrase
down anywhere nowhere digitally. It's written down on a piece
of paper inside of a save.
Speaker 2 (11:12):
That's when it clicked. Breaking into his computer was as
good as breaking into his safe. How much did you lose?
Speaker 3 (11:20):
It's about between one hundred and fifty to two hundred thousand,
depending on how you value the assets themselves.
Speaker 2 (11:26):
Jake was gutted and pretty confused. Who would do this
and how? His gut told him that this had to
be connected to that interview. But what kind of hacker
launches a YouTube channel and runs it for six years
just so they can scam someone. None of it made sense,
so he called nine one one, actually SEAL nine one one.
Speaker 5 (11:50):
The official name is Open Security Alliance, but everybody just
says SEAL.
Speaker 2 (11:54):
There were a team of white hat hackers who respond
to crypto attacks.
Speaker 5 (11:58):
We do everything from people who got fished for one
thousand dollars to kidnappings to big North Korean heists. There's
all sorts of crazy things. Whatever people need, we'll figure
out a way to do it.
Speaker 2 (12:15):
When we come back, the SEAL team gets to work,
the FBI steps in, and the real host of Tactical
Investing sends a very unexpected message, stay with us. Nick
(12:41):
Box is an incident responder at SEAL, and they've worked
on thousands of crypto hacking cases like Jakes.
Speaker 5 (12:48):
Yeah, it's just you know, we're always on call. Some
days are a lot worse than others. Yesterday I woke
up and it felt like every single threat actor we
were looking at had decided to do something at the
exact same time. Fridays are worse. I think a lot
of hackers know that if they start hacking on Friday,
the FEDS won't get involved until Monday.
Speaker 2 (13:08):
Nick didn't waste any time trying to get to the
bottom of what happened.
Speaker 5 (13:12):
First thing we do in triage is give them a
set of instructions to follow.
Speaker 3 (13:15):
Apparently phrasing you're supposed to actually is unplug your computer
from the Internet.
Speaker 5 (13:19):
Disconnect your computer from the Internet.
Speaker 3 (13:21):
I wish I would have knowne that probably would have
saved myself a lot, a lot of money.
Speaker 2 (13:25):
Then came the forensic work, retracing every click, and as
they dug Nick Spidey sense started tingling he'd seen something
like this before.
Speaker 5 (13:36):
Yeah, you know, as soon as we heard he suspected
a zoom call, we immediately start to think it's DPRK.
Speaker 2 (13:43):
DPRK North Korea the most prolific crypto thieves on the planet,
and they've been using Zoom too. Traders and even crypto
companies with fake job interviews and investor.
Speaker 5 (13:54):
Calls, and they play a video of a person that
might be the person you're supposed to be meeting with,
and they look bored and they're not talking, but it's
actually a loop of a video, and then they tell
you over text that there's trouble with the audio. And
then they write, oh, we've seen this problem before.
Speaker 2 (14:11):
Just go to this link, a link to malware. But
Jake didn't click on anything like that. There was no
fake video. He just had a conversation one he thought
was a pretty good one.
Speaker 5 (14:23):
The fake interview was new. We hadn't seen this vector before.
We realized it probably wasn't North Korea.
Speaker 2 (14:30):
So the team went back to the drawing board. They
went over everything again and that's when they caught it.
Speaker 5 (14:36):
They kept trying to get him to screen share.
Speaker 2 (14:40):
The screen share that Jake used to demo agent hustle.
And while there are lots of things you can do
to protect yourself from a hack, antivirus software, avoid spamy leaks,
there's one thing that's as hard to see coming as
it is easy to fall for social engineering hackers exploiting
somebody's humanity, their ego, their enthusiasm, their fears. When it
(15:07):
came time to demo his project, Jake was enthusiastic. They
just launched this new AI tool and he wanted everyone
to know about it, so he wasn't quite as focused
as he went through the screenshare process.
Speaker 5 (15:20):
They had a Zoom account where the name on the
account was Zoom, and then they requested remote control and
a notification pops up on Zoom that says something like
Zoom is requesting permission or remotely controller device.
Speaker 2 (15:37):
In that moment, it didn't look like a red flag.
It just looked like part of the process.
Speaker 5 (15:42):
People just think it's requesting permission to share my screen,
but it's actually requesting permission to remotely control your desktop.
Speaker 2 (15:52):
Jake barely remembers clicking, which is exactly how the best
hacks work.
Speaker 5 (15:58):
When you do get hacked, it's like a magic trick,
like an illusion. It's like when someone pulls a coin
from behind my ear. They didn't really make a coin appear.
They used a sleight of hand and tricked me.
Speaker 2 (16:11):
And with that the hackers had everything remote access files, passwords, wallets.
Speaker 5 (16:17):
Once you get you know, remote code execution on someone's computer,
you can do a lot. You can look for all
of the high value targets, private keys, SSH keys, access tokens, whatever.
Then they'll get your password manager. They'll try and take
over your Twitter account and your Telegram account.
Speaker 2 (16:35):
The Seal team had a hunch maybe this wasn't North Korea,
maybe this was someone borrowing from their playbook.
Speaker 5 (16:42):
It was actually a group of Western people, a US
or Europe or North America based hackers who had had
a clever method and were using it a lot.
Speaker 2 (16:54):
A method that appeared to be piggybacking on North Korea's mo.
Speaker 5 (16:59):
We have seen people try to imitate North Korean tactics,
and I think what happened is they heard about this
video chat zoom call vector and thought, oh, that sounds
like a good idea. We can modify that to fit
to our strengths.
Speaker 2 (17:14):
Maybe they even thought that looking like they were North
Korean hackers would help them get away with it whatever
it was. Seal wrote about the group and in their
report they called them elusive comment.
Speaker 5 (17:26):
I don't know if they think we'll just give up
because we know that they're beyond the reach of law
enforcement or what. But it's actually the exact opposite of
what you should do because there are a lot of
federal resources that focus completely on North Korea. So it's
not in your interest if you're a hacker to have
them think you're North Korea. Despite what some people might think.
Speaker 2 (17:49):
The FBI is now investigating. Jake says they reached out
not long after he reported the attack and gave him
even more detail.
Speaker 3 (17:58):
This is a very large scammering that's going on that
could total potentially, you know, eight or maybe nine figures
and lost to value, and they're all using zim apparently
for all of this.
Speaker 2 (18:11):
But the FBI wasn't the only one who reached out.
Speaker 6 (18:17):
Heyjake, it's Alex. Otherwise is known as Tactical Investing. My
account was compromised Wednesday of last week.
Speaker 2 (18:24):
Tactical Investing is a real YouTube channel run by a
real person, Alex Banister. He's in the Air Force, and
to prove who he was, he sent Jake a video
of himself in uniform, you know.
Speaker 6 (18:36):
For proof I'm in the military. There's my uniform Air
Force and then my last name is Banister. I'm check
it out here. It's on my uniform.
Speaker 2 (18:46):
So the hackers hadn't just fooled Jake they'd hijacked someone
else's identity to trick him. Jake lost a lot that
day time money trust. But what bothers him most is Zoom.
That remote access button that Jake was tricked in depressing,
(19:07):
it's not some obscure setting. It's enabled by default for
all personal Zoom accounts. If you use Zoom, it's probably
enabled on your computer right now.
Speaker 3 (19:18):
Basically, the whole scam is that if you're a host
of a Zoom interview, you can request remote access to
the guests. This is like a default feature that's on. Like,
if you turn that default feature off, this whole thing
goes away. It's literally that simple.
Speaker 2 (19:35):
We reached out to Zoom and they told us they
take security seriously and that users must give explicit consent
before allowing anyone to take control of their screen, which
is technically true, but cybersecurity experts say that's not the point.
While no one would be hurt, if Zoom just turned
it off from a default setting, it could save unsuspecting
(19:58):
victims a lot of time money in hassle.
Speaker 3 (20:00):
If they just did, they could easily fix the side
just making remote access default off, Like that's literally all
they have to do to fix it, but they don't
seem to be interested in wanting to make that change.
Speaker 2 (20:13):
Jake says he's spoken with people at Zoom. He's even
heard their CEO was made aware of his case, but
so far nothing's changed. So Jake's doing the only thing
he can, the only thing he's been doing since he
first stumbled into the crypto spotlight. He's talking about his
life and telling people what happened to him, Journalists, crypto traders,
(20:35):
Twitter followers, anyone who will listen.
Speaker 3 (20:38):
Yeah, it is embarrassing, but I felt like there's it's
much more important to keep people protected, to ensure that
this doesn't happen again and again and again. You know,
do I want to be the face of this, No,
not really, But do I want people to be aware
of what's going on?
Speaker 4 (20:55):
Yeah? Absolutely?
Speaker 2 (20:58):
This is quick Here.
Speaker 1 (21:02):
That was Dina temple Rastin, host and managing editor of
the click Here podcast from Record of Future News and PRX.
The show tells true stories about the people making and
breaking our digital world. New episodes come out every Tuesday
and Friday. You can find click Here wherever you get
your podcasts, and starting in twenty twenty six, on selected
public radio stations will put a link to the podcast
(21:23):
in the show notes. Thank you for listening to kill Switch,
and we'll be back in the new year with new episodes.
A what's going on? It's dexter. So we're doing something
a little different this week. While our team is away
for the holiday, We're going to bring you an episode
of a podcast called click here. It's produced by our
friends that recorded Future News and PRX, and it's all
about the people who are making and breaking our digital world.
Today's episode follows a hacking group called Elusive Comet. They
don't rely on zero days or ransomware. They just use
(00:22):
charm and zoom to fall into their trap. You don't
need to be reckless, just polite. Here's Dina temple Rastin,
the host of click Here, with the story.
Speaker 2 (00:33):
Jake Gallen used to work behind the velvet ropes in
Las Vegas. Among other things, he worked the cabanos at
Planet Hollywood and for a while he thought that life sparkled.
Speaker 3 (00:45):
You know, it's funny because when I was going to UNLV,
I was in a fraternity there, and you'd say, yeah,
you know, I would love to have a nightclub job
because I can continue this type of lifestyle.
Speaker 2 (00:56):
But it got a little old once you get.
Speaker 4 (00:58):
Into that lifestyle. After about a year, you're like, man,
this kind of sucks.
Speaker 2 (01:02):
It wasn't just that he was awake when the rest
of his friends were asleep, or that he missed all
kinds of milestones in other people's lives. It was just
kind of lonely, and he worried that he'd never find
something as exciting where he'd be making that kind of
money until one day he was on a Reddit forum
(01:22):
and found Ethereum, the cryptocurrency.
Speaker 3 (01:25):
So I found Ethereum in twenty sixteen on a Reddit
forum called Wall Street Bets.
Speaker 2 (01:31):
To Jake, trading ethereum, the second largest cryptocurrency after Bitcoin,
felt like opening a secret door into a whole new world,
one that was intoxicating, unpredictable, and full of promise.
Speaker 3 (01:43):
I was very fascinated by this idea of how it
kind of strips power away from a lot of the
central authorities, and for me, I was very certain that
this was going to be the industry that changes the world.
Speaker 4 (01:56):
I still have that.
Speaker 2 (01:57):
Believer, and like so many true believers, he didn't want
to just watch from the sidelines. So we started training
crypto and then he stumbled into the world of NFTs
that short for non fungible tokens. There are blockchain based collectibles,
think beanie babies, but with code, and before long he'd
carved out a reputation in one of the strangest corners
(02:20):
of the NFT universe, a niche known as historical NFTs.
Think of them as relics, pixelated artifacts from Crypto's adolescence.
Speaker 4 (02:30):
So's one of the largest Mooncat collectors at the time.
Speaker 2 (02:33):
Mooncats primitive, quirky, little pixelated pictures of cats and among
the very first NFTs ever minted.
Speaker 3 (02:40):
And I said that I had some that I was
interested in auctioning off.
Speaker 2 (02:44):
They were valuable, a kind of Mickey Mental Rookie card
of the blockchain. This wasn't an obvious career choice for
a health science major, but Jake understood collectibles in a
kind of visceral way because he'd lived it.
Speaker 3 (03:00):
I had actually owned an antique store in Vegas with
my father. That was my first business, and so we
are very knowledgeable in this world of like antiquities and collectibles.
Speaker 2 (03:09):
Which is probably why Southeby's came calling. Yes, that's Southeby's
the one that sells Van Goes.
Speaker 3 (03:16):
Six Sasi painting by Vassin Vngeur sendor Remo Marte.
Speaker 1 (03:19):
Painted in eighty eighty seven.
Speaker 2 (03:21):
And they asked him if you wanted to participate in
their second ever NFT auction. It was a huge deal.
One of the world's oldest auction houses was now moving
into digital.
Speaker 3 (03:31):
Ward eleven million, two d and fifty thousand euros adiuge.
Speaker 2 (03:38):
And just like that, Jake was suddenly orbiting Crypto Royalty,
rubbing elbows with celebrities like Steve Aoki and Paris Hilton.
He was hosting panels, being interviewed live streaming, He started
a podcast, and his profile exploded. And in the middle
of all this, he made an unusual decision. In the
(04:01):
crypto world, everyone hides, they use avatars or fake names
VPNs on top of VPNs, that's the culture, anonymous, encrypted
and untouchable. But not Jake Gallon. He in essence doxed himself.
Speaker 3 (04:18):
Since I started in twenty seventeen, you know, being a
docs person was unheard of.
Speaker 4 (04:23):
That was like a very rare thing to do.
Speaker 2 (04:26):
He used his real name, told people what he owned,
where he worked, what he bought into. He thought the
transparency would help him earn trust, so he leaned into it.
Speaker 3 (04:37):
You know, well, obviously it makes you a target, but
it also makes you a little bit more respectable and
it leads, in my opinion, to more opportunities.
Speaker 2 (04:45):
That openness got him noticed. He started getting nonstock media
requests three, five, sometimes eight interviews a week, so when
a show called Tactical Investing reached out in April, it
was just another thing he had to fit in into
his schedule.
Speaker 3 (05:01):
The message was like, hey, you know doing a cohort
of individuals with leaders in the industry for my channel.
Would love to interview you. So I respond and say,
hey man, sure, yeah, I'd love to.
Speaker 2 (05:17):
A week later, he logged onto zoom ready for his interview.
But this was not just any interview, this was a trap.
I'm Dina Templewrestent and this is click here, a podcast
about all things cyber and intelligence. We tell true stories
about the people making and breaking our digital world today.
(05:40):
We're used to watching for a shady link, a sketchy email,
a too good to be true promise. But what if
danger comes wrapped in something ordinary, A zoom call, a
friendly face, a simple request. You don't need to be careless,
just courteous. Stay with us. From Record of Future News,
(06:08):
This is click Here. Jake Gallon had always known that.
Deciding to use his real name publicly and talking so
openly about his life would be a risk, so he
made sure his security was air tight.
Speaker 4 (06:29):
I generally consider myself to be very careful. I mean
I have.
Speaker 3 (06:33):
Maybe five to ten different hardware wallets with different assets.
On top of it, multiple computers which hold different types
of wallets.
Speaker 2 (06:42):
So anytime he got an interview request, he would vet
them thoroughly. And that's exactly what he did in April
when he got an interview request from a YouTube show.
He'd never heard of something called Tactical Investing. Did they
have mutual followers? Check history of posts with the original
check check a show that appears to be a real show.
Speaker 4 (07:06):
Hey, guys, what is up? It is Alexander here back
with Tactical Investing, and in today's video, I want to
do a step by step staking.
Speaker 3 (07:13):
The YouTube channel had close to one hundred thousand subscribers,
had like six years of posting history. I had interviews
with people that I'm familiar with in the industry, and
had a bunch of recent posts, posting videos every few
days or so.
Speaker 2 (07:31):
So we said yes, and he was excited. By this point.
He was CEO of a crypto company and they had
a new product. He wanted to demo. So the day
of the interview, he logged on and it started like
so many interviews before it, but the host had his
camera off.
Speaker 3 (07:47):
So when we get on the interview, he has his
screen off, and he says, do you mind that I'm
going to keep my screen off?
Speaker 2 (07:56):
Why wouldn't he want his camera on? He was a
YouTuber after all, That alone set off a flicker of
doubt in Jake's mind, but just a flicker.
Speaker 3 (08:05):
This industry is, you know, it's full of pseudononymous and
anonymous people.
Speaker 4 (08:10):
But what was weird is that he's a YouTuber.
Speaker 2 (08:15):
But then the guy kept talking. He sounded confident, casual,
and Jake he let the flicker fade.
Speaker 3 (08:22):
So I'd actually watched a handful of his interviews, you
kind of understand who this person is, or like what
their interview style is like. It sounds just like him,
literally just like him.
Speaker 2 (08:34):
And pretty quickly he wasn't just feeling relaxed, he was
feeling kind of impressed. The questions were smart, technical. The
interviewer clearly understood Emblem Vault, the crypto company that Jake
was running.
Speaker 3 (08:48):
What he was asking me actually was was kind of nuanced,
questions about emblem vault, which to understand what elmbum vault is,
you have to be pretty deep into the industry.
Speaker 2 (08:59):
So what any founder would do when somebody really gets it,
he let his guard down.
Speaker 3 (09:05):
And so after about thirty or forty minutes into the interview,
the gentleman says, okay, I would love for you to
demo Agent Hustle.
Speaker 2 (09:15):
Agent Hustle not a nineteen seventies crime show, but an
AI tool for tracing blockchain activity. And Jake was really
proud of it. So when the interviewer said he'd give
Jake access to share his screen, he just clicked shared
his screen and walked the interviewer through the tool. When
the call ended, Jake thought it had gone pretty well.
Speaker 3 (09:36):
I tell him, hey, he is a great interview. He
asked the right questions, and he says he'll be up
in a few days, and then that's it.
Speaker 4 (09:45):
Everything is fine.
Speaker 2 (09:46):
But everything was not fine. It started the next day
Jake got a notification that a Mooncat NFT that he'd
bought for one hundred thousand dollars was suddenly sold at
the bargain basement price of one thousand dollars.
Speaker 4 (10:03):
And then I see another sale happen.
Speaker 3 (10:06):
I get another notification from open Sea saying that another
sales happened, very.
Speaker 2 (10:09):
Low ball, and his heart started to raise.
Speaker 4 (10:12):
And I know there's a hack that's happening. I don't
know how or what or why.
Speaker 2 (10:18):
He scrambled change passwords, reached for every security switch he knew.
Speaker 3 (10:23):
Just minimizing the blast radius of what was going on,
trying to figure out what was happening.
Speaker 2 (10:30):
And then came the moment everyone dreads. He was logged
out of his email, his social media, and every time
he tried to regain control, the hacker just kicked him
right back out. It was like whack a mole with
his life. He tried to revoke permissions on revoke cash no.
Speaker 3 (10:47):
Look, and I could see more Mooncats being listed, and
then I see other collections being listed.
Speaker 2 (10:53):
And then a chilling realization.
Speaker 3 (10:55):
Oh fuck, this is like a full on like somebody
has my seat phrase.
Speaker 2 (11:00):
Seed phrase like a master key to all of his
wallets and NFTs.
Speaker 4 (11:04):
Which is crazy because I've never written that seed phrase
down anywhere nowhere digitally. It's written down on a piece
of paper inside of a save.
Speaker 2 (11:12):
That's when it clicked. Breaking into his computer was as
good as breaking into his safe. How much did you lose?
Speaker 3 (11:20):
It's about between one hundred and fifty to two hundred thousand,
depending on how you value the assets themselves.
Speaker 2 (11:26):
Jake was gutted and pretty confused. Who would do this
and how? His gut told him that this had to
be connected to that interview. But what kind of hacker
launches a YouTube channel and runs it for six years
just so they can scam someone. None of it made sense,
so he called nine one one, actually SEAL nine one one.
Speaker 5 (11:50):
The official name is Open Security Alliance, but everybody just
says SEAL.
Speaker 2 (11:54):
There were a team of white hat hackers who respond
to crypto attacks.
Speaker 5 (11:58):
We do everything from people who got fished for one
thousand dollars to kidnappings to big North Korean heists. There's
all sorts of crazy things. Whatever people need, we'll figure
out a way to do it.
Speaker 2 (12:15):
When we come back, the SEAL team gets to work,
the FBI steps in, and the real host of Tactical
Investing sends a very unexpected message, stay with us. Nick
(12:41):
Box is an incident responder at SEAL, and they've worked
on thousands of crypto hacking cases like Jakes.
Speaker 5 (12:48):
Yeah, it's just you know, we're always on call. Some
days are a lot worse than others. Yesterday I woke
up and it felt like every single threat actor we
were looking at had decided to do something at the
exact same time. Fridays are worse. I think a lot
of hackers know that if they start hacking on Friday,
the FEDS won't get involved until Monday.
Speaker 2 (13:08):
Nick didn't waste any time trying to get to the
bottom of what happened.
Speaker 5 (13:12):
First thing we do in triage is give them a
set of instructions to follow.
Speaker 3 (13:15):
Apparently phrasing you're supposed to actually is unplug your computer
from the Internet.
Speaker 5 (13:19):
Disconnect your computer from the Internet.
Speaker 3 (13:21):
I wish I would have knowne that probably would have
saved myself a lot, a lot of money.
Speaker 2 (13:25):
Then came the forensic work, retracing every click, and as
they dug Nick Spidey sense started tingling he'd seen something
like this before.
Speaker 5 (13:36):
Yeah, you know, as soon as we heard he suspected
a zoom call, we immediately start to think it's DPRK.
Speaker 2 (13:43):
DPRK North Korea the most prolific crypto thieves on the planet,
and they've been using Zoom too. Traders and even crypto
companies with fake job interviews and investor.
Speaker 5 (13:54):
Calls, and they play a video of a person that
might be the person you're supposed to be meeting with,
and they look bored and they're not talking, but it's
actually a loop of a video, and then they tell
you over text that there's trouble with the audio. And
then they write, oh, we've seen this problem before.
Speaker 2 (14:11):
Just go to this link, a link to malware. But
Jake didn't click on anything like that. There was no
fake video. He just had a conversation one he thought
was a pretty good one.
Speaker 5 (14:23):
The fake interview was new. We hadn't seen this vector before.
We realized it probably wasn't North Korea.
Speaker 2 (14:30):
So the team went back to the drawing board. They
went over everything again and that's when they caught it.
Speaker 5 (14:36):
They kept trying to get him to screen share.
Speaker 2 (14:40):
The screen share that Jake used to demo agent hustle.
And while there are lots of things you can do
to protect yourself from a hack, antivirus software, avoid spamy leaks,
there's one thing that's as hard to see coming as
it is easy to fall for social engineering hackers exploiting
somebody's humanity, their ego, their enthusiasm, their fears. When it
(15:07):
came time to demo his project, Jake was enthusiastic. They
just launched this new AI tool and he wanted everyone
to know about it, so he wasn't quite as focused
as he went through the screenshare process.
Speaker 5 (15:20):
They had a Zoom account where the name on the
account was Zoom, and then they requested remote control and
a notification pops up on Zoom that says something like
Zoom is requesting permission or remotely controller device.
Speaker 2 (15:37):
In that moment, it didn't look like a red flag.
It just looked like part of the process.
Speaker 5 (15:42):
People just think it's requesting permission to share my screen,
but it's actually requesting permission to remotely control your desktop.
Speaker 2 (15:52):
Jake barely remembers clicking, which is exactly how the best
hacks work.
Speaker 5 (15:58):
When you do get hacked, it's like a magic trick,
like an illusion. It's like when someone pulls a coin
from behind my ear. They didn't really make a coin appear.
They used a sleight of hand and tricked me.
Speaker 2 (16:11):
And with that the hackers had everything remote access files, passwords, wallets.
Speaker 5 (16:17):
Once you get you know, remote code execution on someone's computer,
you can do a lot. You can look for all
of the high value targets, private keys, SSH keys, access tokens, whatever.
Then they'll get your password manager. They'll try and take
over your Twitter account and your Telegram account.
Speaker 2 (16:35):
The Seal team had a hunch maybe this wasn't North Korea,
maybe this was someone borrowing from their playbook.
Speaker 5 (16:42):
It was actually a group of Western people, a US
or Europe or North America based hackers who had had
a clever method and were using it a lot.
Speaker 2 (16:54):
A method that appeared to be piggybacking on North Korea's mo.
Speaker 5 (16:59):
We have seen people try to imitate North Korean tactics,
and I think what happened is they heard about this
video chat zoom call vector and thought, oh, that sounds
like a good idea. We can modify that to fit
to our strengths.
Speaker 2 (17:14):
Maybe they even thought that looking like they were North
Korean hackers would help them get away with it whatever
it was. Seal wrote about the group and in their
report they called them elusive comment.
Speaker 5 (17:26):
I don't know if they think we'll just give up
because we know that they're beyond the reach of law
enforcement or what. But it's actually the exact opposite of
what you should do because there are a lot of
federal resources that focus completely on North Korea. So it's
not in your interest if you're a hacker to have
them think you're North Korea. Despite what some people might think.
Speaker 2 (17:49):
The FBI is now investigating. Jake says they reached out
not long after he reported the attack and gave him
even more detail.
Speaker 3 (17:58):
This is a very large scammering that's going on that
could total potentially, you know, eight or maybe nine figures
and lost to value, and they're all using zim apparently
for all of this.
Speaker 2 (18:11):
But the FBI wasn't the only one who reached out.
Speaker 6 (18:17):
Heyjake, it's Alex. Otherwise is known as Tactical Investing. My
account was compromised Wednesday of last week.
Speaker 2 (18:24):
Tactical Investing is a real YouTube channel run by a
real person, Alex Banister. He's in the Air Force, and
to prove who he was, he sent Jake a video
of himself in uniform, you know.
Speaker 6 (18:36):
For proof I'm in the military. There's my uniform Air
Force and then my last name is Banister. I'm check
it out here. It's on my uniform.
Speaker 2 (18:46):
So the hackers hadn't just fooled Jake they'd hijacked someone
else's identity to trick him. Jake lost a lot that
day time money trust. But what bothers him most is Zoom.
That remote access button that Jake was tricked in depressing,
(19:07):
it's not some obscure setting. It's enabled by default for
all personal Zoom accounts. If you use Zoom, it's probably
enabled on your computer right now.
Speaker 3 (19:18):
Basically, the whole scam is that if you're a host
of a Zoom interview, you can request remote access to
the guests. This is like a default feature that's on. Like,
if you turn that default feature off, this whole thing
goes away. It's literally that simple.
Speaker 2 (19:35):
We reached out to Zoom and they told us they
take security seriously and that users must give explicit consent
before allowing anyone to take control of their screen, which
is technically true, but cybersecurity experts say that's not the point.
While no one would be hurt, if Zoom just turned
it off from a default setting, it could save unsuspecting
(19:58):
victims a lot of time money in hassle.
Speaker 3 (20:00):
If they just did, they could easily fix the side
just making remote access default off, Like that's literally all
they have to do to fix it, but they don't
seem to be interested in wanting to make that change.
Speaker 2 (20:13):
Jake says he's spoken with people at Zoom. He's even
heard their CEO was made aware of his case, but
so far nothing's changed. So Jake's doing the only thing
he can, the only thing he's been doing since he
first stumbled into the crypto spotlight. He's talking about his
life and telling people what happened to him, Journalists, crypto traders,
(20:35):
Twitter followers, anyone who will listen.
Speaker 3 (20:38):
Yeah, it is embarrassing, but I felt like there's it's
much more important to keep people protected, to ensure that
this doesn't happen again and again and again. You know,
do I want to be the face of this, No,
not really, But do I want people to be aware
of what's going on?
Speaker 4 (20:55):
Yeah? Absolutely?
Speaker 2 (20:58):
This is quick Here.
Speaker 1 (21:02):
That was Dina temple Rastin, host and managing editor of
the click Here podcast from Record of Future News and PRX.
The show tells true stories about the people making and
breaking our digital world. New episodes come out every Tuesday
and Friday. You can find click Here wherever you get
your podcasts, and starting in twenty twenty six, on selected
public radio stations will put a link to the podcast
(21:23):
in the show notes. Thank you for listening to kill Switch,
and we'll be back in the new year with new episodes.
kill switch News
Hosts And Creators
Oz Woloshyn
Karah Preiss
Show Links
AboutPopular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!