Binance founder Changpeng “CZ” Zhao has issued a severe warning to cryptocurrency corporations about North Korean hackers who’re pretending to be common IT staff to steal billions of {dollars}.
This warning comes after a bunch of safety researchers known as SEAL revealed particulars about 60 pretend employee profiles linked to North Korea.
On September 17-18, 2025, CZ posted on social media platform X concerning the rising downside. He defined how these hackers are getting smarter and extra affected person of their assaults on crypto corporations.
How North Korean Hackers Goal Crypto Corporations
CZ outlined 4 important methods these hackers attempt to break into corporations:
Faux Job Purposes: The hackers apply for actual jobs at crypto corporations, particularly concentrating on developer, safety, and finance positions. As soon as they get employed, they’ve entry to firm programs from the within.
Interview Tips: They faux to be employers conducting job interviews with staff from different corporations. Throughout video calls, they declare there’s an issue with Zoom and ship a hyperlink for an “replace.” This hyperlink really comprises a virus that takes over the particular person’s laptop.
Malicious Code: These hackers give folks coding challenges after which ship “pattern code” that comprises hidden malware. When somebody runs this code, it infects their system.
Bribery: They provide cash to staff and contractors to get entry to delicate firm knowledge. CZ talked about {that a} current hack of an Indian outsourcing firm led to over $400 million in losses at a significant U.S. crypto alternate.
SEAL Staff Creates Database of Faux Employees
The Safety Alliance (SEAL), a staff of moral hackers led by researcher Samczsun from Paradigm, has been monitoring these pretend staff. They created a public database at lazarus.group/team that reveals 60 totally different pretend profiles utilized by North Korean operatives.
Supply: @cz_binance
This database contains pretend names, e mail addresses, pretend citizenship paperwork, and even reveals which corporations employed these imposters. One instance profile reveals “Kazune Takeda,” listed as a Senior Software program Engineer who was employed by two totally different corporations.
The SEAL staff has performed over 900 investigations prior to now yr, exhibiting how massive this downside has change into for the crypto trade.
File-Breaking Crypto Theft in 2024
North Korean hackers had their largest yr ever in 2024. In accordance with Chainalysis data, these teams stole $1.34 billion price of cryptocurrency throughout 47 totally different assaults. This quantity represents 61% of all crypto stolen worldwide in 2024.
That is greater than double what they stole in 2023, when North Korean hackers took $660 million throughout 20 incidents. The whole international crypto theft reached $2.2 billion in 2024, a 21% improve from the earlier yr.
A number of the largest assaults included:
-
DMM Bitcoin misplaced $305 million price of Bitcoin in Might 2024
-
WazirX, an Indian alternate, misplaced $230 million in July 2024
-
A number of smaller assaults concentrating on varied crypto startups
These hackers are a part of teams linked to North Korea’s authorities, together with the well-known Lazarus Group. The stolen cash helps fund North Korea’s weapons applications and helps the nation keep away from worldwide sanctions.
Crypto Corporations Struggle Again
Main crypto corporations are taking motion to guard themselves. Coinbase now requires all new staff to finish coaching in particular person in the USA. Employees who deal with delicate programs have to be U.S. residents and supply fingerprints.
Coinbase CEO Brian Armstrong defined the size of the issue, saying it looks like “500 new folks graduating each quarter from some sort of college they’ve, and that’s their complete job.”
In July 2025, U.S. citizen Christina Marie Chapman was sentenced to eight.5 years in jail for serving to North Korean hackers get jobs at American corporations utilizing pretend identities. This case reveals how some folks contained in the U.S. are serving to these international hackers.
The Russia Connection Modifications All the pieces
One thing fascinating occurred in mid-2024 that modified North Korean hacking patterns. After Russian President Vladimir Putin met with North Korean chief Kim Jong Un in June 2024, the quantity of crypto stolen by North Korean hackers dropped by about 54%.
This decline occurred as a result of Russia began giving North Korea cash and weapons for different actions, together with sending North Korean troopers to struggle in Ukraine. When North Korea had different methods to make cash, they appeared to focus much less on crypto theft.
Nonetheless, safety consultants warn that this may very well be non permanent. The hackers are nonetheless lively and proceed to develop new methods to assault crypto corporations.
The Larger Image: A Nationwide Safety Risk
These assaults transcend simply stealing cash. U.S. and worldwide officers say North Korea makes use of stolen cryptocurrency to fund its nuclear weapons and missile applications. Studies counsel that crypto theft funds about half of North Korea’s missile growth.
The hackers are additionally getting higher at utilizing new know-how. They now use synthetic intelligence to create pretend profile images and even use deepfake know-how throughout video interviews to idiot hiring managers.
CZ warned all crypto platforms to coach their staff to not obtain unknown recordsdata and to rigorously verify all job candidates. He confused that these hackers are “superior, inventive, and affected person” – making them notably harmful.
The developer community has additionally been focused, with North Korean hackers posing as recruiters on LinkedIn and sending coding assignments that comprise hidden malware.
Preventing Fireplace with Fireplace
The crypto trade is combating again with higher safety measures, worker coaching, and cooperation with regulation enforcement. The SEAL staff’s work in exposing these pretend profiles offers corporations a helpful device to verify potential staff.
Corporations are additionally implementing stricter hiring practices, requiring in-person conferences, and utilizing higher background checks. Some are working instantly with the FBI’s North Korea cyber unit to share details about assaults.
Sven Luiv Sven Luiv Read More
