QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$100 000 USD
APRIL 2025
GLOBAL
EMBLEM VAULT
DESCRIPTION OF EVENTS
Emblem Vault is a Web3 platform that enables users to store and trade digital assets across multiple blockchains without the need for traditional bridges. By wrapping assets from various blockchains—such as Bitcoin, Dogecoin, Namecoin, and Tezos—into ERC-721 or ERC-1155 NFTs, Emblem Vault allows these assets to be traded on Ethereum, Polygon, and Binance Smart Chain marketplaces like OpenSea. This functionality has been particularly valuable for collectors of historical NFTs, including early Bitcoin Ordinals and Counterparty-based assets.
The platform operates by creating a vault as an ERC-721 token, which contains a series of blockchain addresses generated from a single secret phrase. While assets can be sent to these addresses, they cannot be accessed without the private keys, ensuring security until the vault is "unvaulted." Unvaulting involves revealing the private keys to the vault's owner, allowing them to import the assets into a native wallet of their choice. This process is designed to maintain the integrity and security of the assets during their time within the vault.
Emblem Vault has facilitated over 40,000 ETH in transactions and has been instrumental in bringing historical digital assets into the modern NFT ecosystem. Through its innovative approach, Emblem Vault bridges the gap between legacy blockchains and contemporary NFT marketplaces, offering a secure and efficient means for users to manage and trade their digital assets.
The attacker posed as a YouTube content creator with over 90,000 subscribers and exploited Zoom’s default remote access settings during the interview to install malicious software named “GOOPDATE” on Gallen’s computer.
Jake believes the attack may have originated from a recent Zoom interview, where the guest—whose camera was turned off—asked him to screen share details about a project. He now suspects that this may have been the point of entry for the attacker to gain access to his machine. The individual involved has a large social media following and shared mutual connections, which made the request seem legitimate at the time.
Within 24 hours of that interaction, the exploitation began. Both his Ledger-connected hardware wallet and a Bitcoin web extension wallet were accessed.
Losses were reported as $100,000 USD. Jake Gallen described his losses as "$100k+ in purchased digital assets being lost, including my pfp."
Jake has since regained control of his Twitter and Gmail accounts. He has shared the compromised wallet addresses publicly and is seeking help from security experts, including @zachxbt, to better understand the full scope of what happened before pointing fingers. Despite the setback, Jake says he will recover and urges others to stay vigilant.
Jake was able to isolate the issue to particular malware called Goopdate, and determine when and how he was infected through the Zoom call and the remote access feature, which Zoom enables by default.
An investigation into where the funds went and who Elusive Comet is, is ongoing.
Emblem Vault CEO Jake Gallen reports losing over $100,000 in digital assets—including Ethereum, Bitcoin, and NFTs after his computer was compromised, likely during a Zoom interview with someone posing as a YouTube content creator. The attacker exploited Zoom’s default remote access settings to install malware called “GOOPDATE,” which enabled access to his hardware and web extension wallets. Within 24 hours, his assets were drained, including prized collectibles like his profile picture. Gallen has since regained control of his accounts and publicly shared the compromised wallet addresses. He is now seeking help from security experts, including @zachxbt, to confirm the source of the attack and investigate the individual known as "Elusive Comet," as part of an ongoing effort to trace the stolen funds and raise awareness in the Web3 community.
Encryption platform Emblem Vault CEO suffered a Zoom conference phishing attack, losing more than $100,000 - PANewsLab (May 20)
Crypto exec warns of ‘ELUSIVE COMET’ threat after losing 75% of assets - CoinTelegraph (May 20)
Jake Gallen - "The past 24 hours I've been battling a complete computer compromise that ended up with a loss of ETH and BTC assets from different wallets. Unfortunately, this lead to $100k+ in purchased digital assets being lost, including my pfp." - Twitter/X (May 20)
Emblem Vault - "Emblem's Founder Vault collection is now live and available for purchase and trading!" - Twitter/X (May 21)
Emblem Vaults - Circuits Of Value (May 22)
What is Emblem Vault: Trading Bitcoin Ordinals NFTs on Ethereum - Dappradar (May 22)
Emblem & $COVAL — A Play on Historical NFTs - Tyu_Ponzi - Medium (May 22)
Emblem Vault for Ordinals - Stacks.Gamma.Io (May 22)
Unvaulting - Emblem Vault Wiki (May 22)
Jake Gallen Homepage (May 22)
Jake Gallen - Miami NFT Week 2023 (May 22)
Compromised Wallet On Bitcoin - Blockchain.com (May 22)
Compromised Wallet On Ethereum - Etherscan (May 22)
Approval Of AcclimatedMoonCat For Trading On OpenSea: Conduit - Etherscan (May 22)
Ethereum Transaction Hash: 0xc222345abd... (May 22)
Ethereum Transaction Hash: 0x2b8aad22d2... (May 22)
Ethereum Transaction Hash: 0x9a52e783c5... (May 22)
Ethereum Transaction Hash: 0x75c635996a... (May 22)
Jake Gallen - "Working with @_SEAL_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs." - Twitter/X (May 22)
Jake Gallen - "If you are an active @Zoom user please read this!" - Twitter/X (May 22)
Jake Gallen - "Nope last access was 33 days before. They must have has accessed to the seed phrase as they initiated token approvals on behalf of the account to list and sell the NFTs. I was in my car when the attack began." - Twitter/X (May 22)
Calendly (May 22)
@jakegallen_ Twitter (May 22)
@jakegallen_ Twitter (May 22)
@jakegallen_ Twitter (May 22)
@jakegallen_ Twitter (May 22)
