Emblem Vault Jake Gallen Goopdate Malware Via Zoom Call

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 17:06, 22 May 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/emblemvaultjakegallengoopdatemalwareviazoomcall.php}} {{Unattributed Sources}} thumb|Emblem Vault Logo/HomepageEmblem Vault CEO Jake Gallen reports losing over $100,000 in digital assets—including Ethereum, Bitcoin, and NFTs after his computer was compromised, likely during a Zoom interview with someone posing as a YouTube content creator. The attacker exploit...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Emblem Vault Logo/Homepage

Emblem Vault CEO Jake Gallen reports losing over $100,000 in digital assets—including Ethereum, Bitcoin, and NFTs after his computer was compromised, likely during a Zoom interview with someone posing as a YouTube content creator. The attacker exploited Zoom’s default remote access settings to install malware called “GOOPDATE,” which enabled access to his hardware and web extension wallets. Within 24 hours, his assets were drained, including prized collectibles like his profile picture. Gallen has since regained control of his accounts and publicly shared the compromised wallet addresses. He is now seeking help from security experts, including @zachxbt, to confirm the source of the attack and investigate the individual known as "Elusive Comet," as part of an ongoing effort to trace the stolen funds and raise awareness in the Web3 community.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26]

About Emblem Vault

Emblem Vault is a Web3 platform that enables users to store and trade digital assets across multiple blockchains without the need for traditional bridges. By wrapping assets from various blockchains—such as Bitcoin, Dogecoin, Namecoin, and Tezos—into ERC-721 or ERC-1155 NFTs, Emblem Vault allows these assets to be traded on Ethereum, Polygon, and Binance Smart Chain marketplaces like OpenSea. This functionality has been particularly valuable for collectors of historical NFTs, including early Bitcoin Ordinals and Counterparty-based assets.

The platform operates by creating a vault as an ERC-721 token, which contains a series of blockchain addresses generated from a single secret phrase. While assets can be sent to these addresses, they cannot be accessed without the private keys, ensuring security until the vault is "unvaulted." Unvaulting involves revealing the private keys to the vault's owner, allowing them to import the assets into a native wallet of their choice. This process is designed to maintain the integrity and security of the assets during their time within the vault.

Emblem Vault has facilitated over 40,000 ETH in transactions and has been instrumental in bringing historical digital assets into the modern NFT ecosystem. Through its innovative approach, Emblem Vault bridges the gap between legacy blockchains and contemporary NFT marketplaces, offering a secure and efficient means for users to manage and trade their digital assets.

About Jake Gallen

Jake Gallen is the CEO of Emblem Vault, a pioneering platform that enables users to trade digital assets across multiple blockchains without the need for traditional bridges. His journey into the blockchain space began in 2016 when he first discovered Ethereum. Despite facing significant setbacks, including losing all his assets in 2018, Gallen's resilience led him to notable achievements such as auctioning MoonCats at Sotheby's in 2021. By 2024, he had ascended to the role of CEO at Emblem Vault, where he focuses on expanding the platform's reach and capabilities.

In addition to his role at Emblem Vault, Gallen is the host of "Jake Gallen's Guest List," a podcast that has featured over 250 guests and garnered more than 100,000 downloads since its inception in 2020. The podcast delves into topics related to blockchain technology, Web3, and digital collectibles, reflecting Gallen's deep engagement with the crypto community. He has also been featured in various media outlets and has spoken at numerous industry events, further establishing his presence in the blockchain space.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

Jake Gallen was hacked after a suspicious Zoom video call, resulting in the loss of over $100,000 worth of Bitcoin and Ethereum.

Key Event Timeline - Emblem Vault Jake Gallen Goopdate Malware Via Zoom Call
Date Event Description
April 9th, 2025 2:39:47 PM MDT AcclimatedMoonCat Trade Approval The very first transaction in the compromised Ethereum wallet approves the AcclimatedMoonCat NFT for trading on OpenSea:Conduit. This is believed to be the first transaction by the attacker.
April 10th, 2025 3:00:00 PM MDT Jake Gallen Tweet About Loss Jake Gallen tweets he suffered a major computer compromise in the past 24 hours that resulted in the loss of over $100,000 in digital assets, including Ethereum, Bitcoin, and NFTs—most notably his profile picture. Multiple wallets were affected, and his Twitter and Gmail accounts were also accessed. The breach reportedly left him devastated, especially given how long he’s been active in the space.
April 14th, 2025 11:28:00 AM MDT Seal Team Finds Malware Jake Gallen reports that, in collaboration with the SEAL team, he was able to isolate the malware which was installed and used to drain his funds. The software is known as GOOPUPDATE.
April 14th, 2025 10:57:00 PM MDT PaNewsLab Article Published PaNewsLab publishes an article about the incident.

Technical Details

The attacker posed as a YouTube content creator with over 90,000 subscribers and exploited Zoom’s default remote access settings during the interview to install malicious software named “GOOPDATE” on Gallen’s computer.

Jake believes the attack may have originated from a recent Zoom interview, where the guest—whose camera was turned off—asked him to screen share details about a project. He now suspects that this may have been the point of entry for the attacker to gain access to his machine. The individual involved has a large social media following and shared mutual connections, which made the request seem legitimate at the time.

Within 24 hours of that interaction, the exploitation began. Both his Ledger-connected hardware wallet and a Bitcoin web extension wallet were accessed.

Total Amount Lost

Losses were reported as $100,000 USD. Jake Gallen described his losses as "$100k+ in purchased digital assets being lost, including my pfp."

The total amount lost has been estimated at $100,000 USD.

Immediate Reactions

Jake has since regained control of his Twitter and Gmail accounts. He has shared the compromised wallet addresses publicly and is seeking help from security experts, including @zachxbt, to better understand the full scope of what happened before pointing fingers. Despite the setback, Jake says he will recover and urges others to stay vigilant.


Ultimate Outcome

Jake was able to isolate the issue to particular malware called Goopdate, and determine when and how he was infected through the Zoom call and the remote access feature, which Zoom enables by default.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

An investigation into where the funds went and who Elusive Comet is, is ongoing.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Encryption platform Emblem Vault CEO suffered a Zoom conference phishing attack, losing more than $100,000 - PANewsLab (Accessed May 20, 2025)
  2. Crypto exec warns of ‘ELUSIVE COMET’ threat after losing 75% of assets - CoinTelegraph (Accessed May 20, 2025)
  3. Jake Gallen - "The past 24 hours I've been battling a complete computer compromise that ended up with a loss of ETH and BTC assets from different wallets. Unfortunately, this lead to $100k+ in purchased digital assets being lost, including my pfp." - Twitter/X (Accessed May 20, 2025)
  4. Emblem Vault - "Emblem's Founder Vault collection is now live and available for purchase and trading!" - Twitter/X (Accessed May 21, 2025)
  5. Emblem Vaults - Circuits Of Value (Accessed May 22, 2025)
  6. What is Emblem Vault: Trading Bitcoin Ordinals NFTs on Ethereum - Dappradar (Accessed May 22, 2025)
  7. [Emblem & $COVAL — A Play on Historical NFTs Emblem & $COVAL — A Play on Historical NFTs - Tyu_Ponzi - Medium] (Accessed May 22, 2025)
  8. Emblem Vault for Ordinals - Stacks.Gamma.Io (Accessed May 22, 2025)
  9. Unvaulting - Emblem Vault Wiki (Accessed May 22, 2025)
  10. Jake Gallen Homepage (Accessed May 22, 2025)
  11. Jake Gallen - Miami NFT Week 2023 (Accessed May 22, 2025)
  12. Compromised Wallet On Bitcoin - Blockchain.com (Accessed May 22, 2025)
  13. Compromised Wallet On Ethereum - Etherscan (Accessed May 22, 2025)
  14. Approval Of AcclimatedMoonCat For Trading On OpenSea: Conduit - Etherscan (Accessed May 22, 2025)
  15. Ethereum Transaction Hash: 0xc222345abd... (Accessed May 22, 2025)
  16. Ethereum Transaction Hash: 0x2b8aad22d2... (Accessed May 22, 2025)
  17. Ethereum Transaction Hash: 0x9a52e783c5... (Accessed May 22, 2025)
  18. Ethereum Transaction Hash: 0x75c635996a... (Accessed May 22, 2025)
  19. Jake Gallen - "Working with @_SEAL_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs." - Twitter/X (Accessed May 22, 2025)
  20. Jake Gallen - "If you are an active @Zoom user please read this!" - Twitter/X (Accessed May 22, 2025)
  21. Jake Gallen - "Nope last access was 33 days before. They must have has accessed to the seed phrase as they initiated token approvals on behalf of the account to list and sell the NFTs. I was in my car when the attack began." - Twitter/X (Accessed May 22, 2025)
  22. Calendly (Accessed May 22, 2025)
  23. @jakegallen_ Twitter (Accessed May 22, 2025)
  24. @jakegallen_ Twitter (Accessed May 22, 2025)
  25. @jakegallen_ Twitter (Accessed May 22, 2025)
  26. @jakegallen_ Twitter (Accessed May 22, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Emblem_Vault_Jake_Gallen_Goopdate_Malware_Via_Zoom_Call&oldid=6724"