It could have been the most beautiful signature of the year. For this Parisian venture capital fund, the fires were green: full roadshow, several secure commitments, and, in apotheosis, the entry of a family office renowned for its discreet but decisive investments in European tech. At least that’s what everything suggested.
Chapter 1 – Contact
The email had fallen on a Tuesday morning, discreet, elegant, in the Box of Clément, partner in a Venture fund based in Paris.
Object : “Exploring synergies – BH Partners / Fund Name Confidential. »»
“Hello Clément,
We carefully follow your activities since your investment in (X and Y startups).
Brems & Hall is a family pan -European office interested in Early Growth vehicles.
Would you be available for a first exchange? »»
The name said nothing to him, but the formula was skillful. Personalized. Precise. Neither too enthusiastic nor too cold. Just what it took to awaken the attention of an investor experienced with opportunistic approaches.
Clément did a quick search. A sober site, white background, serif police. Mentions of Co-Investis deals with known names-it is difficult to say if they were coincidences or well planted illusions. He transfers to Julie, the CTO of the fund:
“Can you check if there is a wolf?” Otherwise we dig. »»
Julie’s return per hour:
“RAS for the moment. The estate is young, but clean. The IP is Londonian, no clear signals. Do you want me to monitor the next exchanges? »»
Clément approves an emoji. And the first Visio is wedged.
Chapter 2: Mirrors without tain
The call is perfect. In the sleek frame of a glass office, a certain Alexander Wells unrolls a pitch on the BH Partners’ strategy. Light English accent. Solid financial culture. He quotes quality funds, evokes the Family Governance, speaks sectoral allowances as a seasoned LP.
“We love ambitious but disciplined teams. Your Record Track in Climate Tech and B2B SaaS interests us. We want skin in the game. You have it. »»
The fund is not fooled. Hundreds of family offices promise mountains and wonders each year.
But there, Alexander sends a deck. Then access to their “data portal”. A month passes. Exchanges are intensifying. They are three now on the BH side: Alexander, Olivia (Head of Legal), and a certain Rupert (Operations). All credible. Available. Julie scans the documents. Not an error. Not an inconsistency. Even the Headers of the PDFs are clean.
Chapter 3 – The razor thread
The weeks are linked. We are approaching closing. A wire of 8 million euros is expected of BH in the first tranche. The fund loops the latest kyc. Lawyers are preparing the documentation. Clément exchanges almost daily with Alexander.
Then comes this Friday morning.
9:17 am. A short, trivial, almost trivial email:
“Hi Clément – Slight Firewall Issue This Morning. Can we use our google meet link for the call at 10:00 this? Just Easier on Side. Thanks! »»
Clement Lit. Hesitate. Almost click. Then … he thinks of Julie. By reflex, it transfers.
“Can you check this Visio link?” I don’t want to be shit at this stage. »»
Chapter 4 – Invisible break -ins
Julie does not open the link. She analyzes her.
In appearance, it is a classic URL: meet.google.com/xzz-rsvp-349.
But behind, a redrame redirection, hosted via a Ukrainian gateway, injects a silent script.
“Clément. This link is armed. If he is clicked, he installs a .dmg with a delayed execution. It’s malware. And not a toy. »»
The world stops.
Clément rereads all the messages. Retrack the videos in mind. The voices. Smiles.
They talked to these people during nine weeks.
They sent them Slides, CAP Tables, Term Sheets, Confidential LPS names.
And at the near three minutes, one of their computers would have been Completely cloned at a distance.
Julie triggers the emergency protocol.
Domaine blocking. Audit of all devices. Immediate notification to other co-investors.
And this cold email:
“Alexander, our compliance team flagged an anomaly. We need to break all interactions pending review. »»
He will never receive an answer.
Chapter 5 – Mirage
The following days, the team goes up the track.
The domain? Saved in Panama, via a proxy.
Linkedin photos? Stolen from inactive profiles.
The phone number? VoIP supplier based in Singapore.
Voices during videos? Generated, modified in real time. No recording makes it possible to draw a coherent spectrogram.
It was a high -level operationmounted carefully.
Not to hamper a password.
But for Plant system access In the deals room of a fund managing several hundred million euros.
Epilogue-doubt as a firewall
“What saved us?” An intuition, a click avoided. A doubt, to the near three minutes, ”said Clément during a confidential debrief with his LPS.
Since then, each new contact goes through a triple filter:
- Systematic identification via independent third party
- Generation of internal links only
- No link or file transits without scan
The fund was close to the disaster.
And in the shade, a certainty remains:
Others may have clicked.
