← Back to Blog

Zoom Call Phishing: The $25M Deepfake CFO Crypto Scam (2026)

Four of the five "executives" on the video call were deepfakes. The one real employee on the call wired roughly $25 million across 15 transfers. That was 2024 and the payout went to bank accounts. In 2026 the same attack is being run with the payout settled as a crypto wire. Here is the case, the playbook, the one defense that actually works, and the on-chain trace path after the wire confirms.

Editorial illustration: a Zoom-style meeting grid with one real participant labeled YOU and four other participants tagged as synthetic CEO, CFO, legal, and ops, with an arrow showing a 4.2M USDT wire flowing from the victim treasury to an attacker wallet on the right
30-SECOND ANSWER

One real employee, four synthetic executives, $25M out the door.

What it is: An attacker stages a live video meeting populated by deepfake replicas of a company's real executives — CEO, CFO, general counsel, board members — and uses the meeting to pressure a real finance employee into executing an urgent payment. The first widely confirmed case was the January 2024 attack against Arup, in which a Hong Kong finance employee was convinced by deepfake replicas to send approximately HK$200 million (about US$25 million) across 15 transfers to 5 bank accounts.

The 2026 variant: The payout rail is shifting from bank wires to crypto wires — USDT on Tron, BTC, or stablecoins on Ethereum and Base. Crypto settles faster, cannot be recalled at the protocol level once confirmed, and routes around the bank-side freeze machinery that has caught a meaningful share of traditional deepfake-BEC wires since 2024.

The defenses that don't work: Visual recognition, voice recognition, dual approval on the same call, single-wire transaction caps. Each one is defeated by the attack pattern.

The defense that does work: Out-of-band callback verification. Hang up the meeting. Call the executive on a phone number you already had in your directory. Ferrari, WPP, and several other 2024 targets stopped the attack right there.

If the wire has already settled: The on-chain trace from the settled wallet through fragmentation, bridges, and off-ramp deposits builds the evidence package an attorney or federal investigator uses to subpoena the destination exchange. The trace does not undo the wire. Nothing does.


Why Zoom Call Phishing Is the New Business Email Compromise

For roughly a decade, business email compromise (BEC) was the dominant high-dollar fraud against companies. The FBI's Internet Crime Complaint Center has consistently ranked BEC as the single largest category of reported losses to wire fraud each year, with annual reported totals routinely in the multiple billions of US dollars. The pattern was predictable. An attacker compromised an executive's email (or spoofed it convincingly), inserted themselves into a real wire-payment thread, and rerouted the destination. Companies built defenses around that pattern: callback verification on email-only wire requests, banner warnings on first-time-sender emails, mandatory in-person or voice confirmation for changes to vendor banking details.

Those defenses worked — well enough to push attackers up the cost curve. The cheap end of BEC, the spoofed-email-only wire scam, is now well-defended at most mid-cap-and-above companies. So the attacker moved up the cost curve: from email alone, to email plus a voice call (the cloned-voice BEC variant we cover in the SIM swap crypto theft piece, which uses similar voice-cloning technology applied to a different attack surface), and now to email plus a live video meeting in which the executive being impersonated is visibly present and visibly speaking.

That last step — the live deepfake video call — collapses the callback-verification defense, because the entire point of the defense was to add a second-channel confirmation. A voice call from the supposed executive used to be the second channel. A video meeting with the executive is now the second channel and the third channel and the fourth channel at once. The defense that worked for a decade now reinforces the attack: the employee saw the CEO, saw the CFO, heard them speak, watched them gesture, watched them nod when general counsel agreed. The same callback verification that defeated text-only BEC validates the deepfake call.

That is the inflection. Companies that have been hardening against email-only BEC for ten years are not, in practice, hardened against the deepfake-video variant, because the new variant satisfies the defenses they built. The attacker did not get around the defense; the attacker passed it.


The Arup Case: How $25M Was Stolen on a Video Call

Every conversation about deepfake video-call fraud starts with the Arup case, because it is the first fully documented, multi-million-dollar example of the archetype and because the company — an internationally respected British engineering firm responsible for some of the most prominent infrastructure projects of the last fifty years — is exactly the kind of organization that was assumed to be sophisticated enough to detect this kind of attack.

The attack ran in mid-January 2024 against Arup's Hong Kong office. It was publicly disclosed in May 2024 when Hong Kong police, briefing local media on the broader trend of AI-enabled fraud, named the case and described the mechanics. Arup's East Asia chair confirmed in subsequent reporting that the firm had been victimized, that no internal systems or data had been breached, and that the loss had come from authorized payments executed by a deceived employee.

Based on the briefings provided by Hong Kong police and Arup's subsequent public statements, the reconstructed sequence is roughly this:

  1. Initial phishing email. The targeted Arup employee, working in the finance function in Hong Kong, received an email purportedly from the firm's UK-based chief financial officer. The email requested a confidential transaction and emphasized urgency and discretion.
  2. Initial suspicion. The employee's first reaction was suspicion. The email pattern resembled known phishing patterns — the surprise request, the urgency, the confidentiality demand. Without the next step, the attack stops here.
  3. Escalation to video conference. The attackers, anticipating the suspicion, offered to substantiate the request on a video meeting. The employee joined what appeared to be a multi-participant call that included the CFO and several other senior Arup executives the employee recognized.
  4. The deepfake meeting. All of the other participants on the call — reportedly several senior leaders in addition to the CFO — were synthetic. The faces matched the real executives. The voices matched the real executives. The mannerisms were consistent enough to pass.
  5. Wire instructions. The synthetic executives on the call instructed the employee to proceed with a series of transfers totaling approximately HK$200 million.
  6. Execution across multiple transfers. Over a window of roughly one week in mid-January 2024, the employee executed approximately 15 separate transfers to 5 different bank accounts, totaling the full HK$200 million (approximately US$25 million at then-prevailing exchange rates).
  7. Discovery. The employee eventually verified the original request with head office and discovered the request had never come from the real CFO. The fraud was reported to Hong Kong police, who opened an investigation. As of the May 2024 disclosure, no arrests had been announced.

Two operational details from the Arup case deserve specific attention because they generalize to every subsequent variant of the attack.

The fragmentation across 15 transfers and 5 accounts is the bypass for transaction caps. Any reasonable corporate treasury control would have a per-wire approval threshold — a number above which a single transfer requires additional sign-off. Splitting the same total across fifteen sub-threshold wires evades that control entirely. Most published guidance on wire fraud prevention focuses on the single-large-wire scenario; the Arup attackers operated below that radar.

The employee's initial suspicion was real and the deepfake call overcame it. This is the part that should chill any executive reading along. The employee did the thing security training teaches: they paused and were skeptical. The video meeting was the resolution of that skepticism. The defense behaved exactly as designed and the attack still completed.

The Arup quantification

Approximately HK$200 million (US$25 million). 15 transfers. 5 bank accounts. One employee on a video call with what appeared to be four or five senior executives, all of whom were synthetic. Attack window approximately one week. Disclosed by Hong Kong police in May 2024. As of public reporting through mid-2026, no arrests have been announced.


Other Named Cases: WPP, Ferrari, and the Long Tail

The Arup loss is the largest publicly attributed to a deepfake video-call attack as of mid-2026, but it is not the only one and not even the only well-documented attempt. A handful of other named cases, all from 2024, demonstrate both the scale of attempts against major companies and the surprisingly thin margin between a successful attack and a defeated one.

WPP and Mark Read (May 2024)

The advertising holding company WPP — one of the largest such firms in the world — was the target of a deepfake attempt impersonating chief executive Mark Read in spring 2024. The attack pattern, reported in The Guardian and other outlets in May 2024, used a WhatsApp account created in Read's name (with a publicly available photo) to set up a Microsoft Teams meeting with WPP senior leaders. The meeting included a voice clone of Read and, in some accounts, video material assembled from public footage. The pretext was a request to set up a new business venture in a way that would have required moving funds and providing personal information to the attackers.

WPP staff identified the attempt as suspicious before any money or sensitive information was transferred. Read himself sent an internal memo to leadership warning about the pattern. No financial loss was reported. The case is significant because it demonstrates the attack being run against a different industry, with a different impersonation tooling stack (WhatsApp plus Teams rather than a direct meeting), and against more leaders than the typical single-target attempt.

Ferrari (July 2024)

The Ferrari attempt, widely reported in mid-2024, targeted a senior Ferrari executive with WhatsApp messages and a follow-up voice call purporting to be from chief executive Benedetto Vigna. The synthetic voice was reportedly good enough to pass the executive's initial recognition test — the cadence, accent, and mannerisms were consistent with Vigna. What broke the attack was a verification challenge from the executive: they asked Vigna a question only the real Vigna could plausibly answer in real time, reportedly referencing the title of a book they had recently discussed. The synthetic voice could not answer, the executive ended the call, and the attempt failed without financial loss.

The Ferrari case is the cleanest demonstration of the "ask a question only the real person could answer" defense at the moment of the live call. It works. It also depends on the receiving party being suspicious enough to deploy it. Most published commentary on the Ferrari case has emphasized that the executive was already on guard — the WhatsApp number was unfamiliar, the request had unusual urgency — before the verification question. The recognition challenge was the closing move, not the only line of defense.

The unattributed long tail

Beyond Arup, WPP, and Ferrari, the publicly documented set of deepfake video-call attacks expanded substantially through 2024 and 2025. Reports from incident-response firms, law enforcement agencies, and security researchers describe attacks against energy companies, financial institutions, technology firms, government agencies, and family offices. The FBI's March 2024 public service announcement (PSA-I-031224-PSA) on deepfake-enabled fraud, the IC3 industry alerts that followed, and the cybersecurity guidance from CISA in conjunction with NSA and FBI on deepfake threats all treat the archetype as established and rising rather than novel.

The dollar amounts in the unnamed long tail vary widely — some attempts are stopped before any transfer, some succeed at low six-figure amounts, and a smaller number reach the seven- and eight-figure totals that draw the kind of public reporting the Arup case did. The honest assessment is that the publicly reported cases are a fraction of the underlying volume. Companies do not benefit reputationally from disclosing a successful deepfake fraud, and most jurisdictions do not yet require disclosure unless a securities-law materiality threshold is hit. The visible cases are the iceberg tip.


How the Attack Actually Works: Stage by Stage

Patent-style technical drawing of the six-stage deepfake video call attack: harvest video samples weeks before, train deepfake model days before, compromise calendar invite one day before, execute live video call at T equals zero, demand urgent wire two minutes later, on-chain settlement five to twenty-five minutes after the call
The six-stage attack timeline. Preparation is measured in weeks; execution is measured in minutes.

The deepfake video-call attack has a stable structure across the cases I have seen and the cases I have read. Six stages, two distinct phases: a long preparation window measured in weeks, and a sharp execution window measured in minutes.

Stage 1: Harvest the source material

The attacker collects video and audio of the executive being impersonated. Sources are entirely public: keynote talks on YouTube, podcast appearances, earnings calls, conference panels, corporate videos, LinkedIn videos, news interviews, brand-channel videos. For any public-facing executive of a mid-cap company or larger, there is dramatically more source material in circulation than the technical floor requires. The harvest is patient — weeks ahead of the attack, conducted in a way that leaves no flag against the target organization.

Stage 2: Train the model

Face cloning and voice cloning have collapsed in cost. Modern consumer-grade voice cloning services produce a passable real-time clone from roughly 30 seconds of clean source audio. Face cloning for a real-time video avatar (where the attacker speaks into a webcam and the synthesis renders the avatar in real time) requires more source material — a few minutes of varied angle, lighting, and expression — but again, every C-suite executive of a public company has dramatically more than that in circulation. The compute is negligible: a single consumer GPU. The technical skill required to operate the tooling has fallen to roughly the level of running a video editor.

Stage 3: Compromise the calendar invite

The attacker needs to put the target inside a Zoom or Teams or Webex meeting they control. The most common path is to phish credentials for a low-privilege account inside the target organization — often an executive assistant, sometimes the targeted finance employee themselves — and either insert a forged meeting invite into the calendar or hijack a real upcoming meeting. Alternatively, a high-quality spoofed external invite (a domain that visually resembles the executive's real address, a meeting link on the attacker's controlled video infrastructure) sufficed in some of the documented cases. Either way, the goal is to get the target onto an attacker-controlled meeting URL with the expectation that the executives will be present.

Stage 4: Run the live meeting

This is the execution phase. The targeted employee joins the meeting and sees what appears to be three to five senior executives. In the documented cases, the synthetic participants typically remain on camera but speak relatively little; the attack tends to rely on visual presence and short, decisive statements rather than extended dialog. The Arup-style pattern involves the "CFO" or "CEO" instructing the action and the other synthetic participants nodding and offering brief agreement. The runtime of the meeting itself is typically short: 90 to 180 seconds in most accounts.

Stage 5: Issue the urgent wire instruction

The instruction is delivered with three load-bearing elements: urgency (the deal closes tonight, the regulator is asking right now, the board needs this resolved in the next hour), confidentiality (do not discuss this outside this room, this is a sensitive matter), and specificity (an exact amount, an exact destination, exact instructions for the wire). The combination short-circuits the employee's consultation reflex: they cannot ask anyone else because they have been told it is confidential, they cannot pause to think because the deadline is immediate, and the instructions are precise enough to be actionable without follow-up. The pasted-in-chat written confirmation of the wire details, sent at the end of the meeting, becomes the artifact the employee references when they actually execute the wire minutes later.

Stage 6: Settlement

The employee executes the wire. In the 2024 cases the wire was a traditional bank wire; in 2025-2026 the attack is increasingly demanding settlement as a crypto wire — usually USDT on Tron because of low fees and fast confirmation, sometimes BTC, occasionally stablecoins on Ethereum or Base. For the bank-wire variant, the destination is typically a Hong Kong, UAE, or Southeast Asian mule account. For the crypto-wire variant, the destination is a freshly-funded wallet that has been gas-loaded by the attacker minutes before the attack. The wire confirms. The attack is over. The forensic work begins.


Why the Crypto Variant Is Worse

The bank-wire variant of this attack has been the dominant pattern since 2024. The shift toward crypto-wire settlement in 2025-2026 is structural and worth understanding because the trajectory is going to continue. Four forces are pulling the payout rail off bank rails and onto blockchain rails.

1. Settlement speed

A USDT transfer on Tron confirms in under a minute. A BTC transfer typically confirms within ten to twenty minutes. An ETH or Base transfer confirms within seconds to a few minutes. By comparison, an international bank wire moves through SWIFT messaging that includes multiple intermediary banks, each of which holds the message for compliance review. The fastest international bank wires settle within a few hours; many take a business day or more. The longer settlement window for bank wires is the window in which fraud teams have a chance to intercept — and bank fraud teams have gotten substantially better at catching deepfake-induced wires within that window.

2. Irreversibility and recall

A meaningful share of bank wires reported as fraudulent within 24 to 72 hours can be recalled through correspondent banking relationships. The success rate varies dramatically by destination jurisdiction, by reporting speed, and by the receiving bank's cooperation, but a recall path exists and is occasionally used. A confirmed crypto transaction has no protocol-level recall path. Once the on-chain transfer confirms, the asset has moved and the only remaining mechanism is a downstream freeze if the asset reaches a custodial off-ramp that honors a freeze request. The recall option is structurally unavailable for the on-chain leg.

3. Bank-side freeze coordination has caught up; crypto-side has not

Major Hong Kong banks, UAE banks, and several Southeast Asian institutions have measurably improved their coordination with foreign law enforcement on BEC freezes in the last two years. The FBI's Financial Fraud Kill Chain process, which routes urgent BEC freeze requests through bank-to-bank channels, has documented recovery rates in the 30-40% range for cases reported within the first 24 hours. The crypto-side equivalent — the Tron T3 Financial Crime Unit, individual exchange freeze programs, and stablecoin-issuer freeze authority — has improved substantially but is still fragmented across many issuers, many exchanges, and many jurisdictions. For the attacker, the fragmented response surface is a feature.

4. Off-ramp laundering through OTC and offshore exchanges is faster than mule-account spreading

A successful bank-wire-out scam still requires the attacker to disperse the proceeds across a network of money-mule accounts before the funds are seized in place. Mule-account networks in the major destination jurisdictions are increasingly under coordinated enforcement pressure. A crypto wire can land in a single attacker-controlled wallet and be split, bridged, and routed through OTC desks or offshore exchanges in minutes rather than days. The labor cost of the laundering step is dramatically lower on the crypto rail.

The trade-off the attacker accepts is that crypto wires leave a permanent, public, traceable record. That is the forensic opening the victim's investigator works, and it is the reason that in some respects a crypto-settled deepfake fraud is more attributable than a bank-settled one once it has happened. The victim cannot recall the wire. The investigator can document where it went, in a way that the bank-wire variant often cannot (mule-account banking records being subject to foreign jurisdiction, sealed by privacy law, or simply unobtainable). For the broader forensic methodology, see our piece on crypto forensic investigation and on tracing the stolen USDT recovery rail specifically.


The Voice and Face Cloning Stack in 2026

I want to spend a section on the underlying tooling because the lazy framing — "this is sci-fi, only state actors can do this" — was already wrong in 2023 and is now actively misleading. The deepfake video-call attack is within reach of any reasonably technical individual operator working with consumer-grade tools.

Voice cloning

Real-time voice cloning has been a solved problem for consumer-tier services since roughly 2023. Several public platforms (ElevenLabs, Resemble AI, PlayHT, Speechify, and a long tail of open-source projects derived from Tortoise, VALL-E, and similar architectures) offer voice cloning that produces convincing real-time output from a short source sample. The technical thresholds, as of 2026:

  • Sample required: 10 to 60 seconds of clean source audio for a passable clone; 2-5 minutes for a high-quality clone that withstands extended dialog without artifacting.
  • Real-time latency: Sub-300 milliseconds in major commercial services. Indistinguishable from a normal speaking cadence to a listener not actively probing for synthesis artifacts.
  • Cost: Free tier to a few hundred dollars per month for the commercial services. Negligible on self-hosted open-source.
  • Skill required: Operating the service. No machine-learning expertise required.

Several commercial services have introduced voice-cloning guardrails (mandatory consent verification, watermarking, no-go lists for public figures). The guardrails are circumventable and have not measurably reduced the supply of working tooling.

Face cloning and real-time video synthesis

Face cloning for real-time video avatars is several years behind voice in maturity but caught up substantially in 2024 and 2025. The relevant tooling spans live avatar systems (the attacker speaks into a webcam, the synthesis renders the target's face on the attacker's body in real time), pre-rendered short video clips that can be inserted into a meeting, and full deepfake video generation from a script. For the attack pattern documented in the Arup case — multiple synthetic participants on a single live meeting, each delivering relatively short statements — the live avatar approach is sufficient. For more elaborate productions (extended monologues, two synthetic participants speaking to each other) the technical bar is higher, but the documented attacks have not yet required that level.

Detection is not catching up

The arms race between deepfake generation and deepfake detection has gone badly for detection. Detection tools that worked against 2022-era deepfakes do not reliably work against 2026-era synthesis. Real-time detection — the kind that would alert a meeting participant that a co-attendee is synthetic — is in even worse shape. The major video conferencing platforms (Zoom, Microsoft Teams, Google Meet, Webex) have announced various deepfake-detection initiatives but have not, as of mid-2026, shipped reliable real-time detection at the platform layer. The practical implication is that the victim cannot rely on the platform to flag a synthetic participant. The defense has to be procedural, not technical.


Why Standard BEC Defenses Don't Work Against This

Side-by-side comparison: five common defense controls each marked with red X icons except the bottom control. The right column explains how the deepfake attack defeats each weak control. The bottom row in green shows that out-of-band callback verification survives the attack because the attacker does not control the executive's real phone.
Of five common controls, four collapse against a deepfake video call. The fifth — out-of-band callback — is the layer that holds.

The corporate AP and treasury defenses that have evolved over the last decade of BEC are largely defeated by the deepfake video-call attack pattern. This is worth spelling out because the natural intuition — "we already have controls" — obscures which specific controls hold and which collapse.

Visual recognition collapses

The defense: "I would recognize the CEO on a video call." The reality: real-time face cloning trained on a few minutes of public footage produces a likeness that is indistinguishable to a casual viewer, especially on the typical compression and bandwidth conditions of a corporate video meeting. The defense was never robust against deliberate impersonation; it has been thoroughly defeated since 2024.

Voice recognition collapses

The defense: "I know the CFO's voice; that's definitely her." The reality: voice cloning from a 30-second sample produces output that listeners cannot distinguish from the real voice in controlled tests, and certainly not in the time-pressured context of a meeting. The Ferrari case is interesting precisely because the receiving executive caught minor inconsistencies in the synthetic voice — that level of sensitivity is the exception, not the norm.

Dual approval on the same call collapses

The defense: "Wires of this size require two senior approvals." The reality: the attack stages enough synthetic participants on the call to satisfy whatever number of approvals are required. The Arup case had multiple synthetic executives. The dual-control defense was never structured to assume both approvers could be synthetic. The Arup pattern is, in retrospect, the obvious bypass.

Single-wire transaction caps collapse

The defense: "Our per-wire limit is $500K; nobody can lose more than that to a single fraudulent instruction." The Arup pattern: fragment the total across fifteen sub-cap wires to five accounts over a one-week window. The cap was satisfied per wire and the total still hit eight figures. Any treasury control that focuses on the single-transaction size is naturally vulnerable to fragmentation when the attacker controls the cadence.

Email-channel callback collapses

The defense: "We always verify out-of-band before executing a wire requested via email." The reality: the attack provides the out-of-band verification. The video meeting is the second channel. The defense is being satisfied by the attack itself.

Each of these controls is meaningful against the BEC variant it was designed for. None of them, individually, survives the deepfake-video pattern. What survives is the next section.


The Defense Playbook That Actually Works

The defenses that hold against deepfake video-call fraud have one thing in common: they assume that anything on the meeting itself could be synthetic, and they require verification through a channel that the attacker does not control. The two channels the attacker cannot easily synthesize are the executive's real phone (which they do not own) and the executive's prior in-person knowledge (which they cannot replicate in real time). The playbook builds around those.

1. Out-of-band callback to a number from your own directory

The single highest-value control. Procedure: any wire request received in or after a meeting — regardless of how convincing the meeting was — is verified by a callback to the requesting executive's phone number, with the number pulled from the company's internal directory or the AP team's own pre-existing contact list. Not a number provided in the meeting. Not a number in the meeting invite. Not a number in the email that scheduled the meeting. A number you already had on file before this transaction came up.

This is the control that worked at Ferrari (the executive's callback would have reached the real Vigna, which is part of why the attempt was abandoned at the recognition-challenge step) and at WPP (the WhatsApp-only escalation never reached a callback-confirmed channel). It is the control that did not happen at Arup — the employee's suspicion was resolved by the meeting itself rather than by an independent callback. If only one procedural control is added in response to the deepfake-video archetype, this is the one.

2. Pre-shared verification questions or codewords

A shared secret known only to the real executive and the AP team. On any urgent wire request, the AP officer asks the executive to confirm the codeword or answer a verification question that only the real executive would know. The Ferrari book-title example is the unscripted version of this; a deliberate, pre-shared system is more robust. The codewords should rotate, should not exist in any email or shared document, and should be impossible for an attacker working from public footage to derive.

3. Wire-and-wait procedure for any urgent crypto or bank wire over a threshold

Procedure: any wire above the company's threshold (set well below the single-wire cap, so the total fragmentation pattern is also caught) requires a fixed cooling-off period — commonly 2 to 24 hours — between authorization and execution. The cooling-off period is the window in which the receiving party can independently verify and the requesting executive can object. For genuinely urgent legitimate transactions, the procedure has an explicit override that requires more than one senior signoff and a documented business justification. The override is the exception, not the default. The cooling-off period is non-negotiable for the standard case. The Arup wires were executed over a week, which provides a long window in which a wire-and-wait procedure with daily checkpoints could have caught the fragmentation.

4. Cumulative-wire threshold monitoring

The Arup pattern exploited the gap between per-wire approval and total-flow monitoring. The defense is automated monitoring of the cumulative flow to any single counterparty (or any set of counterparties associated with a single transaction theme) across a rolling window. Treasury operations that already do this for sanctions and AML purposes can extend the same telemetry to fraud detection. Any abnormal cumulative flow to a destination triggers an automatic hold and an out-of-band verification, regardless of whether each individual wire was within the per-wire cap.

5. Crypto-specific wire controls

For organizations that maintain crypto treasury balances or routinely send crypto wires, additional controls specific to the crypto rail materially reduce the deepfake-attack surface:

  • Address allowlists. Crypto wires can only go to pre-approved destination addresses; new addresses require a 24-72 hour cooling-off and dual-control approval. The procedure works because the deepfake call cannot satisfy the cooling-off period — if the address must be allowlisted with delay before any wire executes, the attack window closes.
  • Multi-signature treasury wallets. Wires require independent signatures from multiple key-holders, with at least one signer on a different physical device and (ideally) a different physical location from the AP officer who initiated the request. The deepfake call cannot reach the second signer in time.
  • Threshold transaction-monitoring with on-chain risk feeds. Outbound transactions to addresses flagged by Chainalysis, TRM, Elliptic, or similar risk feeds are paused for review.

6. Mandatory AP training that includes the deepfake archetype

Annual security training that ends at "watch for suspicious emails" is no longer adequate. The training should include the deepfake video-call archetype explicitly, walk through the Arup, WPP, and Ferrari cases, and emphasize that the meeting itself is not a verification channel. SANS, KnowBe4, and several other security-awareness providers have published deepfake-specific training modules since 2024. CISA's joint guidance with NSA and FBI on deepfake threats to organizations is a good free starting reference.

None of these defenses are exotic. None require investment in deepfake-detection technology. All of them operate on the assumption that everything visible in the meeting could be synthetic and that verification has to happen elsewhere. That is the right assumption.


The On-Chain Trace After the Wire

Network constellation diagram showing the on-chain forensic trace: a victim treasury node on the left wires 4.2M USDT to a settlement wallet, which fragments to four intermediary hop wallets, which all feed into a bridge node converting ERC-20 USDT to TRC-20 USDT on Tron, which then routes to three offshore centralized exchange deposit addresses labeled CEX-A, CEX-B, and CEX-C. A banner at the bottom right marks the exchange deposits as the evidence terminus and KYC subpoena point.
The trace path: victim wire → settlement wallet → fragmentation → bridge to USDT-Tron → off-ramp exchange where KYC identity becomes subpoenable.

Once the crypto wire has confirmed, the question shifts from prevention to forensics. What can actually be done is the same set of moves we run for any post-wire crypto-theft case: trace, document, attribute, refer. None of those moves are guarantees of restitution. All of them produce evidence that supports the legal and law-enforcement actions that follow.

Stage 1: Identify the settlement wallet and document the wire

The forensic record starts with the outbound transaction hash. From the hash, the investigator identifies the destination wallet, pulls the wallet's pre-attack and post-attack transaction history, and documents the funding pattern. In nearly every case I have seen, the destination wallet was funded with gas only minutes before the attack — a fresh wallet with no prior history. That pattern is itself an evidentiary point because it demonstrates premeditation and rules out the "accidental misdirection" defense that occasionally surfaces in civil proceedings.

Stage 2: Document the immediate post-receipt activity

The receiving wallet does one of two things within minutes of receiving the funds: it splits the proceeds across multiple intermediary wallets (the most common pattern, designed to obscure the trace and complicate freeze requests against any single downstream wallet) or it bridges directly to a different chain (typically Tron via a major bridge if the wire arrived on Ethereum, or to BSC, Avalanche, or another chain with adequate off-ramp liquidity). Both patterns are correlatable. The bridge transactions in particular are paired events — the deposit on the source chain and the withdrawal on the destination chain happen in the same minute, for the same notional value minus the bridge fee, through deposit/withdrawal events emitted by the bridge contract.

Stage 3: Trace through fragmentation and bridges to the off-ramp

The fragmented funds typically move through one to three intermediary hops before consolidating at a deposit address belonging to a centralized exchange. The investigator uses standard heuristics — common-input clustering, time-correlated movement, address-reuse tracking — combined with commercial blockchain analytics tools (Chainalysis Reactor, TRM Labs, Elliptic Investigator) to follow the funds across the hops. The cross-chain leg is the more technically involved portion; recent improvements in cross-chain attribution from all three of the major commercial vendors have made the bridge step routine work for trained investigators. For more on the cross-chain mechanics specifically, see our piece on the attack methods catalog and the methodology in crypto forensic investigation.

Stage 4: Identify the off-ramp exchange and produce the subpoena package

The forensic terminus of the trace is the deposit address at the off-ramp exchange. That address is tied to a real KYC'd account on the exchange. The investigator's deliverable is a documented chain from the victim's outbound wire to the exchange deposit, written in a form that an attorney or a federal investigator can attach to a subpoena request to the exchange. The subpoena returns the account-holder information that allows the case to proceed to attribution. For the mechanics of the subpoena process specifically, see how to report a crypto scam to the FBI.

What the trace produces and what it does not

The forensic deliverable is an evidence package. It is not a recovery. The package supports:

  • The IC3 complaint and any FBI Virtual Assets Unit referral.
  • The Section 1782 application against a foreign off-ramp exchange.
  • A bank's Suspicious Activity Report and any correspondent-bank freeze coordination.
  • A civil pleading naming the destination wallets as John Doe defendants and seeking pre-judgment asset preservation.
  • Any subsequent restitution or remission application in the event of a criminal recovery downstream.

What the package does not do is reverse the on-chain wire. Once confirmed, the transaction is permanent. Anyone who tells you they can guarantee recovery of a settled crypto wire is selling the secondary scam — the same recovery-fraud pattern we describe in detail in our knowledge-base entry on what to do after theft. Independent forensic work produces evidence, supports legal action, and occasionally results in restitution through downstream enforcement; it does not unwind the wire.

Why the on-chain leg favors the investigator

The deepfake-video attack is good at defeating human verification. It is bad at defeating on-chain forensics. Every step of the laundering process — the receiving wallet, the fragmentation, the bridge, the off-ramp deposit — is permanently recorded on a public ledger. The attacker who chose the crypto rail for settlement speed gave up the privacy that the bank-mule network would otherwise have provided. For the victim, that trade-off is the only structural advantage available in the post-incident phase.


First 24 Hours: What to Do If You've Been Hit

If the wire has executed and you are reading this in the immediate aftermath, work three tracks in parallel. Do not wait to complete one before starting the next.

Track 1: Stop the bleeding

  • Notify the originating bank or crypto custodian in writing immediately. If any leg of the wire originated through a bank (a fiat-to-crypto on-ramp at an exchange, a fiat wire that funded the crypto purchase), the bank's fraud team has the strongest near-term ability to act. The Financial Fraud Kill Chain process, where applicable, runs through bank-to-bank channels and time-decays sharply after 72 hours.
  • If the wire executed from a corporate crypto custody account, contact the custodian. Major institutional custodians have fraud-response protocols and can sometimes flag the destination address internally even when the on-chain leg is irreversible.
  • If the destination wallet has had any prior or pending interaction with a major centralized exchange, notify that exchange's compliance team in writing. Some exchanges will freeze pending deposits against the address if notified promptly with a credible fraud claim. Tron specifically has the T3 Financial Crime Unit for USDT-on-Tron cases; see T3 financial crime unit USDT freeze for the mechanics.
  • Lock down internal systems. Force password resets on the affected employee's email and AP system credentials. Disable the calendar invite that was used. Preserve everything — do not delete the meeting recording or the email chain.

Track 2: Report and document

  • File with IC3 within 24 hours. The FBI Internet Crime Complaint Center is the federal record of the loss and the entry point for the FBI Virtual Assets Unit. Include the transaction hash, the destination wallet, the dollar value, and a brief narrative of the deepfake meeting.
  • Notify the FBI field office covering your headquarters. A parallel direct contact to the local field office, in addition to the IC3 filing, materially raises the chance of agent assignment for any large-dollar case.
  • For US-domiciled victims, consider an SEC disclosure analysis. Material cyber incidents are subject to the SEC's 2023 cyber incident disclosure rules; counsel should evaluate whether the loss triggers a Form 8-K filing.
  • Preserve the meeting recording. Zoom, Teams, Webex, and Google Meet retain recordings on the host's account by default for a finite window — export the recording from any account you control immediately and request the host's recording through legal process if you do not control the host.
  • Preserve the email chain, the calendar invite metadata, the chat transcripts, and any other artifacts. Litigation-hold letter to any affected employee within 24 hours.

Track 3: Engage the forensic and legal team

  • Engage an independent blockchain forensic investigator within 72 hours. The on-chain trace gets harder (not impossible, but harder) as the funds move further into fragmentation and bridging. For the broader forensic engagement model, see digital asset tracing and crypto scam investigation.
  • Engage counsel with crypto-fraud experience. The civil playbook for John Doe asset-freeze actions, Section 1782 discovery against foreign exchanges, and any subsequent restitution work has structural similarities across deepfake-BEC, pig-butchering, and wallet-drainer cases. Our piece on pig-butchering scam recovery walks through the closely-related civil framework.
  • Do not engage any third party that contacts you offering guaranteed recovery. Recovery-fraud secondary scams are heavily prevalent in the wake of high-dollar incidents. No legitimate investigator guarantees recovery of a settled crypto wire.

Hit by a deepfake-driven crypto wire? Start with a free scoping call.

We produce the on-chain forensic trace from the settled wallet through the laundering path to the off-ramp exchange. That trace is the evidence package your counsel and the FBI need. Initial scoping call is free — tell us the date of the wire, the destination, and the chain.

Start a Free Case Review

Frequently Asked Questions

What is a Zoom call phishing crypto scam?
A Zoom call phishing crypto scam is a deepfake-driven variant of business email compromise in which an attacker stages a live video meeting populated by synthetic executives — the CEO, CFO, general counsel, or board members — and uses the meeting to pressure a real finance employee into authorizing an urgent payment. In the 2026 variant the payout is increasingly settled as a crypto wire (USDT on Tron, BTC, or stablecoins on Ethereum or Base) rather than a traditional bank wire, because crypto settlement is faster than international banking, irreversible the moment the transaction confirms on-chain, and outside the reach of bank-level recall procedures. The first widely reported case of this archetype was the January 2024 attack against the engineering firm Arup, in which a Hong Kong finance employee was convinced by deepfake replicas of the company's UK-based CFO and several other executives to send approximately 200 million Hong Kong dollars (about 25 million US dollars) across fifteen transfers to five separate accounts.
How did the Arup deepfake scam actually work?
Hong Kong police described the Arup case as a multi-stage social-engineering attack that began with a phishing email purporting to be from the company's UK-based chief financial officer, requesting a confidential transaction. When the targeted employee expressed initial suspicion, the attackers escalated to a video conference. On the call, the employee saw and heard what appeared to be the CFO and several other Arup executives, all of whom had been replicated using deepfake video and voice cloning trained on publicly available footage. The attackers had the synthetic executives instruct the employee to proceed with a series of transfers, which were executed over a roughly one-week window in mid-January 2024. Fifteen transfers totaling approximately HK$200 million (about US$25 million) were sent to five different bank accounts before the employee verified the request through head office and discovered the fraud. Arup confirmed publicly in May 2024 that the firm had been victimized and that its financial systems and data were not directly compromised — the loss came entirely from authorized wires the employee believed were legitimate.
Why are deepfake video-call scams shifting to crypto payouts in 2026?
Four pressures are pushing the payout rail from bank wires to crypto. First, settlement speed: a USDT transfer on Tron clears in under a minute and is irreversible once confirmed, while a bank wire crosses international SWIFT messaging that bank fraud teams have hours and sometimes days to interrupt with recall requests. Second, claw-back risk: a portion of bank wires that get reported within 24 to 72 hours can be recalled through correspondent banks; once a crypto wire confirms there is no protocol-level recall. Third, freeze-program risk for attackers: high-volume bank-account mule networks in Hong Kong, the Gulf, and Southeast Asia are increasingly under coordinated freeze orders, while crypto provides a fragmented set of off-ramps where freezes are slower and less universal. Fourth, KYC laundering through OTC desks and offshore exchanges is structurally faster than spreading proceeds across dozens of money-mule bank accounts. The trade-off for the attacker is that crypto wires are permanently traceable on a public ledger, which is the forensic opening the victim's investigator works.
Did Ferrari and WPP also get hit by deepfake executive scams?
Both companies were targeted in 2024 and both attacks failed because a human caught them. The Ferrari attempt, widely reported in mid-2024, targeted a senior executive with WhatsApp messages and a follow-up voice call impersonating CEO Benedetto Vigna. The executive on the receiving end grew suspicious of small inconsistencies in the synthetic voice and asked a verification question only the real Vigna could plausibly answer — reportedly the title of a book they had recently discussed. The synthetic voice could not answer correctly and the call ended. The WPP attempt, reported in May 2024, targeted senior leaders using a fake WhatsApp account in chief executive Mark Read's name, followed by a Microsoft Teams meeting with a synthetic likeness of Read, asking the targets to set up a new business as a pretext for moving funds. WPP staff identified the attempt and no money was lost. Both cases share the same attack pattern as Arup and both demonstrate that the controls that actually work are out-of-band verification and human pattern recognition — not technical detection.
How fast can an attacker clone an executive's face and voice in 2026?
In 2026 the technical floor for a usable deepfake clone is minutes of compute and seconds of source material. Consumer-grade voice cloning services produce a passable real-time clone from roughly 30 seconds of clean source audio — the kind of sample available from any podcast appearance, earnings call, conference talk, or YouTube video. Face cloning for a real-time video avatar requires somewhat more source material (a few minutes of varied angle and lighting), but every public-facing CEO, board chair, and CFO of a mid-cap or larger company has dramatically more than that in public circulation. The compute cost for a single attack is negligible — a consumer GPU is sufficient. The skill barrier is mostly social engineering, not synthesis. Attackers no longer need a research lab; they need a copy of public footage and a target's calendar.
Are crypto wires sent under deepfake-induced fraud traceable?
Yes. Every transaction is permanent on the relevant blockchain from the moment of confirmation. A forensic trace follows the funds from the victim's outbound wire through the attacker's settlement wallet, through whatever fragmentation, hops, and cross-chain bridges the attacker uses to obfuscate, to the deposit address at the off-ramp exchange where the funds are converted to fiat or another asset. That deposit address is tied to a real account-holder identity at the exchange. The forensic deliverable is the documented chain from the victim's wire to the exchange deposit, which an attorney or federal investigator then uses to subpoena the exchange for the account-holder records. The trace does not undo the wire on its own — nothing does — but it creates the evidence package that supports the FBI complaint, the Section 1782 application against a foreign exchange, and any subsequent civil or criminal action.
What defense actually works against a deepfake video call?
Out-of-band callback verification is the only control that consistently survives a deepfake call. The rule for any large or urgent wire authorization is: hang up the video call, call the executive back on a phone number you already had in your own directory (not a number provided during the meeting, not a forwarded number, not a number from the meeting invite), and confirm the instruction. The attacker does not control the executive's real phone, so the callback either reaches the real executive (who confirms the request is fake) or reaches voicemail and the wire waits. Every other commonly cited control — visual recognition, voice recognition, dual approval on a single call, single-wire transaction caps — is defeated by the deepfake attack pattern. Dual approval fails when both approvers are synthetic. Single-wire caps fail when the attacker fragments the total across many sub-cap wires, as happened at Arup. Out-of-band verification is the layer that holds.
What should a company do in the first 24 hours after a deepfake crypto wire?
Move on three parallel tracks immediately. First, the bank and crypto track: notify the bank that originated any fiat leg and any off-ramp the wire touched in writing, request a freeze on the destination wallet through the bank's correspondent network and through any centralized exchange the wallet has previously interacted with, and preserve every wire confirmation, transaction hash, and on-chain receipt. Second, the regulatory and law enforcement track: file with the FBI's Internet Crime Complaint Center (IC3) within 24 hours, notify the FBI field office covering the company's headquarters, and where applicable file a Suspicious Activity Report through the company's bank. Third, the forensic and evidence track: preserve the meeting recording (Zoom, Teams, Webex, and Google Meet retain recordings on the host's account by default for a finite window), preserve every email and chat that led to the meeting, preserve the calendar invite metadata, and engage an independent blockchain forensic investigator to begin the on-chain trace from the destination wallet forward. The first 72 hours determine how much of the trace is recoverable later.

The deepfake video-call attack is one of several high-impact crypto-theft archetypes where forensic work and legal work have to run in parallel from the moment the wire confirms. For the closely-related voice-cloning attack surface that targets carrier authentication, see SIM swap crypto theft. For the signature-fraud archetype where the breach is at the wallet rather than the wire, see wallet drainer attacks. For the long-form social-engineering archetype that ends at a crypto wire, see pig-butchering scam recovery. For the FBI reporting mechanics, see how to report a crypto scam to the FBI. For the broader USDT-trace methodology, see stolen USDT recovery. The procedural playbook in our knowledge-base hub on what to do after theft applies regardless of attack vector.

Zack Coffing

Founder of Wallet Witness. Independent blockchain forensic investigator specializing in crypto scam analysis, digital asset tracing, and litigation support. Based in the United States, serving victims and attorneys worldwide.