- An oversight from a16z helped a scammer trick a victim into downloading malware.
- The a16z website pointed to an employee's old X username that the scammer had commandeered.
- "A16z is one of the technology VC firms that I look up to," the victim said.
When pseudonymous crypto investor Zaiken received an out-of-the-blue message from someone he thought was from Andreessen Horowitz, a venture-capital firm also known as a16z, he was overjoyed.
The offer was enticing: to be featured on a podcast with a16z partner Peter Lauten, who has helped a16z invest $42 billion since he joined the firm in 2016.
But what followed was a deceptive social-engineering con.
A scammer, using Lauten’s old X username, convinced Zaiken to download malware onto his computer that swiped $245,000 worth of his crypto.
“The attacker just managed to take advantage of my lack of attention,” Zaiken, who has been active in the industry since 2016, told DL News.
‘It was convincing’
Key to the scam was the fact that the a16z website, along with several X posts from the firm’s account, pointed to Lauten’s old username that the scammer was using.
“It was convincing since a16z is one of the technology VC firms that I look up to,” Zaiken said.
The incident highlights how scammers are going to more extreme and elaborate lengths to trick victims. Influential companies and their employees can inadvertently aid such bad actors through something as seemingly innocuous as changing a username.
Lauten and a16z didn’t respond to requests for comment.
Impersonation scams are an increasing problem.
The US Federal Trade Commission said in an April 1 post that scams impersonating businesses and government agencies are among the top reported frauds.
UK banks have also reported that impersonation scams targeting both businesses and customers have increased.
My First 16
The scammer, posing as Lauten, reached out to Zaiken on X, offering him a spot on a16z’s My First 16 podcast.
The podcast, hosted by a16z partner Seema Amble, interviews founders of fintech companies about how they acquired their initial customers and the lessons they learned along the way.
Scammers often attempt to impersonate influential figures and accounts on X. The extent of these scams, however, usually stops at creating an account with a similar handle to the real account and copying the real account’s profile picture and display name.
In this case, though, the scammer exploited a novel tactic. A16z’s Lauten had changed his X handle from “peter_lauten” to “lauten.” Now that his account was no longer using the “peter_lauten” handle, there was nothing stopping the scammer from grabbing the name.
Cross-checking
To check if he was talking to the real Peter Lauten, Zaiken did what many would do — check the a16z website.
There, he found Lauten’s profile, complete with links to his X and LinkedIn accounts. However, since Lauten had recently changed his X handle, the link on the a16z site still pointed to his old handle, which the scammer now controlled.
A16z’s website now refers to the correct X account.
Zaiken said that after cross-checking the X username with the a16z website he felt comfortable and lowered his guard.
Thinking that the credentials checked out, Zaiken proceeded to organise a call with the scammer.
Downloading malware
The scammer convinced Zaiken to download a fake meeting app, which was actually malware.
Shortly after downloading the app, Zaiken’s crypto assets were transferred out from his wallets.
Onchain records seen by DL News, and first traced by pseudonymous crypto sleuth ZachXBT, show that the stolen crypto was transferred through multiple intermediary addresses before being deposited to exchanges.
The malware the scammer asked Zaiken to install was called Vortax. Even though it has a legitimate-looking website, a Google search reveals multiple reports that the software is a scam.
Zaiken isn’t alone. In the replies to ZachXBT’s post, others shared similar tales.
But aside from common sense security practices, there’s also a question of how much Lauten and a16z are to blame.
“If you change your username, inform the company you work at,” ZachXBT said.
Tim Craig is a DeFi Correspondent at DL News. Got a tip? Email him at tim@dlnews.com.