• T Filaret and M Bacina

Fake zoom invite leads to $8m being stolen from Aussie Hedge Fund

On Monday, the Australian Financial Review reported that Levitas Capital, a Sydney-based hedge find, was the target of a fake Zoom invite that was opened by one of the fund's co founders Michael Fagan or Michael Brookes.


After sending the fake Zoom invite on 10 September 2020, the hacker was able to install a malicious software program that gave them access to the funds email system. Amongst other things, the hackers used to send off fake invoices and approve unauthorised transactions.



Between 10 to 23 September 2020, the hackers siphoned off money in a number of ways, including:


  1. a payment of a fraudulent invoice for $1.2 million to an Australian company;

  2. a payment of $2.5 million to the Bank of China in Hong Kong (the payment was eventually stopped by one of the co-founders);

  3. a payment of $5 million to East Grand Trading at the United Overseas Bank in Singapore (the payment was eventually stopped by one of the co-founders);

  4. a withdrawal of $240,000 via at an ANZ branch in Bankstown

  5. a further withdrawal of two bank cheques of equal value of $240,000; and

  6. a further 64 withdrawals from the ANZ account totalling $300,000.


One of the co-founders, Michael Fagan, commented:


There were so many red flags which should have been spotted

Michael Fagan's comments that the red flags should have been spotted are correct. Basic training on awareness on brand impersonation and phishing would have prevented these issues from happening in the first place. This is not the first time an AFS licensee has had a similar mishap. Earlier this year, a hacker gained remote access to an AFS licensee, RI Advice Group, and spent more than 155 hours logged onto the server. The hacker did so simply through "brute-force" - attempting to log on using an employee login 27,814 times unsuccessfully from 10 different countries. It is astounding that AFS licensees cybersecurity systems were not adequately prepared for such an attack.


Levitas Capital was forced to close following its September attack after one of its largest institutional clients, Australian Catholic Super, withdrew its money out of concerns triggered by the cyberattack. Prior to the attack, Levitas Capital has $75 million under management.


We are yet to see whether ASIC will commence proceedings against Levitas Capital. Earlier this year in August, ASIC commenced proceedings for pecuniary orders against RI Advice Group following the 'brute-force' cybersecurity attack.