Summary6 min read

Click Here — "The Ego Exploit"

Podcast: Click Here (Recorded Future News)
Air Date: December 19, 2025
Host: Dina Temple Raston
Guest: Dan Guido (CEO, Trail of Bits)
Main Theme:
An in-depth look at how hackers are increasingly leveraging social engineering—more than technical exploits—to compromise victims, especially those in the crypto world. Through the story of cybersecurity expert Dan Guido being targeted via a Zoom-based scam, the episode explores how human vulnerabilities, not technical ones, often remain the weakest link.

Episode Overview

This episode revisits a true hacking attempt aimed at Dan Guido, a seasoned cybersecurity expert and CEO of Trail of Bits. The attack didn't employ malware or zero-day exploits, but instead exploited trust, ego, and a little-known Zoom feature to try and take over his device. The story shines a light on how even the most tech-savvy are vulnerable when human psychology, urgency, and digital fatigue are manipulated by cybercriminals.

Key Discussion Points & Insights

1. The Anatomy of a Social Engineering Attack

Setup:
- Dan receives a Twitter DM from someone claiming to be a Bloomberg Crypto reporter requesting an interview on Zoom—a plausible scenario for someone of Dan's profile.
- Despite some initial alarm bells (e.g., switching to Telegram, using Gmail for correspondence), Guido's curiosity led him to play along safely by using a spare Chromebook.
- The attackers never appeared for the call, prompting Dan to investigate further.
- [04:46] Dan: "The fact that a Bloomberg News person, like, wouldn't talk over text, wouldn't talk over signal, wouldn't talk over email. ... And then the email confirmation from a Gmail address, like, I don't think so."
Hacker's Methods:
- Elusive Comet, the hacker group, relies not on technical exploits but on social engineering combined with Zoom's built-in "remote support" feature.
- This feature allows remote control—keyboard, mouse, screen—after user consent, which can be manipulated easily with urgent-sounding requests.
- [06:20] Dan: "There's actually this IT remote support feature that's built into Zoom that allows somebody else to take control of your screen, your keyboard, your mouse..."
- [06:38] Dan: "It was just sort of a shockingly easy trick to play that only requires social engineering. And it gets you code execution out the other end."
Psychological Tactics Used:
- Time pressure: Making the target feel urgency to comply.
- Ego stroking: Flattering the target to lower their guard.
- [07:29] Dan: "They're saying, you're so important to talk to. We know all the great work that you've done and like, this is going to be great exposure for you. It's Bloomberg, you know, it's huge. And they just lean into it and lay it on pretty thick. Right away you feel really good about yourself, like, oh, somebody finally noticed me."

2. Why Go After Individuals, Especially in Crypto?

Crypto Wallets as Fast Targets:
- It's easier and more lucrative for hackers to target individual crypto holders than hack corporate systems or smart contracts.
- [10:27] Dan: "You don't have to navigate through a big company to find the secret formula to Coke buried 10 levels deep... Instead, you've just got a single person's computer that has a private key on it, and as soon as you read it, you can go grab $2 million."
Evolution of Attack Tactics:
- Early hacks targeted smart contracts—a "low-hanging fruit" in the early days as they were poorly coded, but now these contracts are much more secure.
- Today’s focus is back to social engineering individuals, as humans are easier to trick than upgraded blockchain code.
- [12:24] Dan: "They're no longer cardboard pinatas, now they're made out of steel. ... So now it is harder to hack a smart contract on a blockchain than it is to just go after people's laptops and steal their private keys."

3. Protecting Yourself—Lessons from the Attack

Operational Security Tips:
- Never store large crypto sums or sensitive keys on devices used for daily communication. Use a separate (even inexpensive) device for accessing large holdings.
- [13:33] Dan: "The number one piece of advice that I always give is just separate your crypto wallet from the device you use every day."
- Training is beneficial, but as long as there are new (or untrained) users, social engineering will continue to work.
Persistence of Threat Actors:
- Even after such campaigns are exposed, some malicious Twitter accounts (like those targeting Dan) keep operating, accumulating more victims.
- [14:10] Dan: "The effectiveness of these techniques don't really go down. There are always people out there that haven't seen and internalized this information. ... I would bet that there have been additional victims from those same two Twitter accounts since Trail of Bits published our blog on it."
Law Enforcement & Attribution:
- FBI is investigating the Elusive Comet group, suspected to be operating from the West (possibly even within the U.S.).
- Blockchain’s privacy isn’t absolute—transactions can eventually be traced, making lasting anonymity for criminals unlikely.
- [15:07] Dan: "I think the privacy protections on blockchains are notoriously porous, that in a lot of cases where somebody really applies all the effort ... you can generally track it down."

Notable Quotes & Memorable Moments

On Social Engineering Success:
- [07:53] Dan: "A lot of people I think are willing to take that step and just click these buttons because they don't know what they actually do once they click them."
On Hacker Mindset and Ease of Attack:
- [10:58] Dina: "Imagine a vending machine. You put in your dollar, press B7, and you get your nacho cheese Doritos. No cashier, no small talk, no tip. That's a smart contract."
On Law Enforcement Hopefulness:
- [15:44] Dan: "So a likelihood over the long term that these guys get caught is probably pretty high in my mind. So enjoy your stolen cryptocurrency while you can, because I don't assume that this is going to last forever."
Parting Insight:
- [15:58] Dina: "Security threats aren't just about code. They're about human frailty, ego, urgency, a momentary lapse in skepticism. So install all the cybersecurity you want, but also keep your skepticism and that ego of yours in check."

Important Segment Timestamps

[01:10] — Live hacker audio: setup of the fake interview scam.
[04:46] — Red flags about message legitimacy.
[06:20] — Exploitable Zoom feature explained.
[07:23]–[07:46] — How time pressure and flattery are used in social engineering.
[10:27] — Why individual crypto wallets are a prime target.
[12:24] — Modern smart contracts vs. exploits.
[13:33] — Security best practices for crypto holders.
[15:07] — On blockchain privacy and likelihood of catching attackers.
[15:58] — Episode conclusion on human vulnerabilities.

Takeaways

Even high-profile cybersecurity professionals are targets—nobody is immune.
Social engineering is often more dangerous and successful than technical exploits.
A little-known Zoom feature can be weaponized to devastating effect.
Human psychology (ego, urgency, confusion) remains a perennial vulnerability.
Best defense for crypto holders: isolate critical assets/devices and be relentlessly skeptical.
The digital chain of evidence and persistent nature of blockchains mean most criminals eventually leave a trail.

Summary Prepared For:
Anyone interested in cybersecurity, social engineering, personal digital security (especially in crypto), or how everyday technology tools can be covertly weaponized.

Loading summary

Transcript54 lines

[00:00]
Dina Temple Raston
Chatgpt AI Machine Satellite engine ignition. Click here. And lift up. Hey, it's Dena. The Click Here team is taking a short breather, just long enough to get ahead on reporting for 2026. And when we come back in the new year, we've got a surprise waiting for you. It involves transmitters and antennas, and let's just say we're going back to our roots. More on that soon. But for now, we want to revisit a story from last spring about a communications platform many of us use every single day. Zoom. It was built for speed, but in its rush to connect us, it may have left a few doors open. We talked to a cybersecurity expert named Dan Guido, and he walked us through how one of Zoom's most mundane features became a hacker's best friend. And why the weakest link in cryptocurrency isn't the blockchain. It's the person who thinks they're too smart to get scammed. Here's the story.
[01:10]
Benson
But before we do start a call, I just want to give you an introduction about myself and our team. So my name is Benson. I'm currently part of.
[01:18]
Dina Temple Raston
That's the voice of an actual hacker, not a voiceover or recreation. And he's in mid scale.
[01:25]
Benson
And my background speaks of tech and crypto. And joining alongside me, co authoring this piece is Alex.
[01:30]
Dina Temple Raston
We rarely get to hear something like this. No modulated voice, just a guy pretending to be a journalist looking to take over someone's computer. He's from a hacker group called Elusive Comet, and they don't use zero days or ransomware. Their weapon of choice is charm and zoom, and in a world of remote work and screen shares, that can be pretty dangerous.
[01:53]
Dan Guido
It's hard to pay attention to all these hacks because there's just so many of them. So, like, bringing up an individual like, oh, this person got hacked? Well, like, yeah, him and like 10,000 other people.
[02:09]
Dina Temple Raston
From Recorded Future News and prx. This is Clickier's mic Drop. A longer listen to one of our favorite interviews of the week. I'm Dina Temple Raston, and today we talk to one of the people who was targeted by Elusive Comet, Dan Guido. He's a cybersecurity expert. He runs red teams, he fights nation state hackers, and yet the elusive Comet hackers took aim at him anyway.
[02:36]
Dan Guido
Yeah, to any hackers out there listening, not a strategy I would recommend.
[02:44]
Dina Temple Raston
Stay with us.
[02:47]
Recorded Future News Announcer
Looking for more of the cybersecurity and intelligence coverage you get on Click Here, then check out our sister Publication the Record from Recorded Future News. You'll get breaking cyber news from reporters in New York, Washington, London and Kyiv, among others. And you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.
[03:13]
Dina Temple Raston
I'm Dena Temple Roost and this is Click Here's Mic Drop. Dan Guido runs a cyber security company with a curious name Trail of Bits.
[03:27]
Dan Guido
I like the name. There's a lot, there's a lot to like about it. There's a long story about that. It's like alternately ancient Mayan death chant. It's like a punk rock band, fun little play on words to describe the trail of digital evidence that you leave behind on computers.
[03:54]
Dina Temple Raston
It's a company trusted by the likes of darpa, Facebook and a variety of crypto platforms. So you'd think that would put him off limit to hackers. It didn't. Back in April, Dan Guido got a message on Twitter. Someone claiming to be a reporter from Bloomberg Crypto wanted to set up an interview over Zoom. Now, Bloomberg Crypto is a real thing, a unit of Bloomberg News focused on digital currencies, blockchain tech, and the billionaires who orbit them. In other words, a perfectly plausible place for someone like Dan to appear. So at first, he was flattered a journalist wanted to talk to him about crypto. Of course they did. But then the flattery wore off and the flags, the red ones, started to wave.
[04:46]
Dan Guido
The fact that a Bloomberg News person, like, wouldn't talk over text, wouldn't talk over signal, wouldn't talk over email. They really insisted on Twitter, DMs or Telegram. They said, oh yeah, or we'll do Telegram, which is like a huge use red flag. And then the email confirmation from a Gmail address, like, I don't think so.
[05:12]
Dina Temple Raston
He was pretty sure this guy asking for an interview wasn't on the up and up. But Dan was intrigued. So he agreed to talk to him over Zoom and pulled out an old Chromebook to take the call.
[05:27]
Dan Guido
And I was ready to join a call and record it on a device that I thought would be impenetrable.
[05:35]
Dina Temple Raston
But the hackers never showed. So Dan got to work figuring out who had targeted him. And he discovered that he'd been targeted in a hacking campaign launched by Elusive Comet.
[05:49]
Dan Guido
I did figure out what they were up to, which was sort of shocking to me.
[05:54]
Dina Temple Raston
At the heart of their methods is this a feature built into Zoom that most users never think twice about.
[06:01]
Dan Guido
Zoom is a great product. It enables connectivity and interaction with people the world over and during COVID it definitely added a ton of value to people's lives. But it has so many features in it that I don't think everyone knows what it can do.
[06:19]
Dina Temple Raston
Things like remote access.
[06:21]
Dan Guido
There's actually this IT remote support feature that's built into Zoom that allows somebody else to take control of your screen, your keyboard, your mouse, and basically just sort of look over your shoulder and work on your computer.
[06:35]
Dina Temple Raston
We've talked about this in the past in previous episodes.
[06:39]
Dan Guido
It was just sort of a shockingly easy trick to play that only requires social engineering. And it gets you code execution out the other end.
[06:49]
Dina Temple Raston
It only takes two clicks and, and looks a lot like some of the day to day popups you get on Zoom.
[06:55]
Dan Guido
You have to go into your system settings in macOS and specifically allow the Zoom application to like, interact with the computer, record your screen, whatever. But that's a process that I think a lot of people have been sensitized to, and I don't think people know what that really means when they flip those settings.
[07:14]
Dina Temple Raston
The hackers leverage people's general confusion about technology by adding some expert social engineering and their first step pressure.
[07:24]
Dan Guido
And they're adding this time pressure of like, hey, we need to go to recording next.
[07:28]
Dina Temple Raston
Some ego stroking.
[07:30]
Dan Guido
They're saying, you're so important to talk to. We know all the great work that you've done and like, this is going to be great exposure for you. It's Bloomberg, you know, it's huge. And they just lean into it and lay it on pretty thick. Right away you feel really good about yourself, like, oh, somebody finally noticed me.
[07:46]
Dina Temple Raston
And they use that to get inside your computer without you even knowing.
[07:54]
Dan Guido
And a lot of people I think are willing to take that step and just click these buttons because they don't know what they actually do once they click them.
[08:03]
Dina Temple Raston
When we come back, we follow Dan into the blockchain trenches where hackers are hoping to trick their unsuspecting victims into handing over millions. We'll be right back. Support for Click here comes from GiveWell. Let's say you're a detail oriented person. You don't just go to a movie. You read the reviews first. You recon the menu before going to a restaurant. I'm guilty of that. So how do you do your homework when giving to charity? That's where GiveWell comes in. GiveWell is an independent resource doing rigorous and transparent research into charities. They figure out which ones do the most good for every dollar donated. And they only recommend programs with the biggest impact on helping people and saving lives. That's why over 150,000 donors have already trusted them to direct over $2.5 billion to great causes around the world. So check out GiveWell next time you're giving to charity. To make a tax deductible donation Today, go to givewell.org and pick podcast and enter click here at checkout. Make sure they know you heard about GiveWell from. Click here again, that's givewell.org to donate or find out more.
[09:33]
Benson
Every day it's getting harder to tell what's real and what's not.
[09:36]
Dan Guido
Alex reassured me that he was a fully licensed and certified psychologist. But in fact, Alex is not a person. But it is an unfeeling chatbot.
[09:48]
Benson
I'm Dexter Thomas, and every week on my podcast, Kill Switch, we look at the right now of living in the future. To help you take back control of your life. Listen to Kill switch in the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
[10:14]
Dina Temple Raston
Hackers like the ones that targeted Dan Guido are usually looking for something really specific. A crypto wallet. And the reason is simple. It potentially offers a way to make a lot of money really fast.
[10:27]
Dan Guido
The community of attackers out there have realized that if you socially engineer somebody or get malware on their computer, the path to getting a payout is instantaneous. You don't have to navigate through a big company to find the secret formula to Coke buried 10 levels deep in some active directory domain. Instead, you've just got a single person's computer that has a private key on it, and as soon as you read it, you can go grab $2 million.
[10:58]
Dina Temple Raston
So in the beginning, hackers exploited what used to be a vulnerable corner of crypto wallet tech, something called smart contracts, which sounds like something dreamed up by a Silicon Valley marketing department after a few too many lattes. But really, it's just bits of code, small self executing programs written onto the blockchain that essentially say, if X happens, then do Y. Imagine a vending machine. You put in your dollar, press B7, and you get your nacho cheese Doritos. No cashier, no small talk, no tip. That's a smart contract.
[11:40]
Dan Guido
I think about them as like little finance bots. They follow their instructions and they can't do anything else. So, you know, you could have smart contracts that provide loans, right? Anything you could imagine a piece of software doing, they'll. They'll do it.
[11:54]
Dina Temple Raston
And a lot of smart contracts are wallets where people store crypto tokens so they can be targets.
[12:00]
Dan Guido
Hack them, and it's Like a financial pinata. And if you hit them hard enough and you find a way to exploit a vulnerability in them, you get all the cryptocurrencies stored inside.
[12:16]
Dina Temple Raston
So hackers went after them as a sort of low hanging fruit. But these days, smart contracts are, well, smarter.
[12:24]
Dan Guido
They're no longer cardboard pinatas, now they're made out of steel. People are writing smart contracts that are pretty reasonably complex. They're like multiple thousands, sometimes tens of thousands of lines long. So now it is harder to hack a smart contract on a blockchain than it is to just go after people's laptops and steal their private keys. And that wasn't true for the last five or six years. That really only flipped, I'd say, a couple months ago.
[12:55]
Dina Temple Raston
It's become so much harder to hack a smart contract that hackers have had to innovate with things like this zoom hack. And in a lot of ways, it's easier to just go after someone's laptop and steal their private keys than to try to hack a contract. Humans are a lot easier to fool.
[13:12]
Dan Guido
I mean, I feel like we've got enough evidence out there, enough people have been hacked where this seems to be pretty clear.
[13:28]
Dina Temple Raston
So if you're into crypto, how do you protect yourself? Dan has some words to the wise.
[13:34]
Dan Guido
The number one piece of advice that I always give is just separate your crypto wallet from the device you use every day. I think a single purpose device, you know, some cheap Chromebook that you use to access your giant holdings of cryptocurrency, is the most appropriate strategy. You shouldn't have $2 million or whatever it is at risk every time you talk to some guy on discord.
[13:59]
Dina Temple Raston
Trail of Bits has been getting more calls lately. People in crypto suddenly interested in training around operational security, which is good, but Dan Guido says that's not enough.
[14:11]
Dan Guido
The effectiveness of these techniques don't really go down. There are always people out there that haven't seen and internalized this information. And, you know, case in point, the Twitter accounts that contacted me, they're still up. They're seemingly still active. They are Twitter accounts you could talk to right now. And I would bet that there have been additional victims from those same two Twitter accounts since Trailer Bits published our blog on it. So I don't see a good reason for them to stop unless somebody actually tracks down who they are and literally arrests the people behind it.
[14:50]
Dina Temple Raston
And in the case of Elusive Comet, Dan thinks arrests may be coming. The FBI is investigating, and the hackers are believed to be based in the west, maybe even somewhere inside the United States. Because while crypto might be mostly anonymous, it isn't completely untraceable.
[15:08]
Dan Guido
I think the privacy protections on blockchains are notoriously porous, that in a lot of cases where somebody really applies all the effort available to figure out who did what transaction, you can generally track it down. There's also all kinds of operational security mistakes that happen from an attacker perspective, too. You know, if you have a single transaction or a single interaction with some company that you're trying to hack that exposes your identity, that information usually just lives out there forever. You can't take it back. So a likelihood over the long term that these guys get caught is probably pretty high in my mind. So enjoy your stolen cryptocurrency while you can, because I don't assume that this is going to last forever.
[15:59]
Dina Temple Raston
So what do we take away from Dan's experience? Maybe it's this. Security threats aren't just about code. They're about human frailty, ego, urgency, a momentary lapse in skepticism. So install all the cybersecurity you want, but also keep your skepticism and that ego of yours in check. From Recorded Future News, this is Click Here's Mic Drop. It was written and produced by Zach Hirsch, Megan Dietrich, Sean Powers, Erica Guida, and me, Dina Temple Raston. It was edited by Karen Duffin. We'll be back on Tuesday. Until then, have a great weekend.
[17:01]
Recorded Future News Announcer
Looking for more of the cybersecurity and intelligence coverage you get on Click Here, Then check out our sister publication, the Record. From Recorded Future News, you'll get breaking cyber news from reporters in New York, Washington, London, and Kyiv, among others, and you'll see for yourself why it attracts hundreds of thousands of page views every month. Just go to the Record Media.