Close Menu
    Regulation

    North Korean Hackers Posing as IT Workers Target Crypto Companies; Changpeng “CZ” Zhao

    Binance CEO warns of North Korean hackers posing as IT workers to infiltrate crypto firms and steal sensitive data.
    Kelvin MuneneBy 4 Mins Read

    TLDR

    • North Korean hackers pose as IT workers to infiltrate crypto companies, warns CZ.
    • Hackers use fake job applications and malicious code to breach security.
    • 60 North Korean IT impostors identified by the SEAL team targeting crypto firms.
    • Hackers exploit crypto companies with malware, bribery, and phishing tactics.

    Binance co-founder Changpeng “CZ” Zhao raised alarms on September 17, 2025, about an increasing threat from North Korean hackers infiltrating cryptocurrency firms. These hackers, many allegedly associated with North Korea’s state-sponsored hacking group, Lazarus, are using deceptive tactics to breach crypto companies, posing as job candidates or employees.

    According to Zhao, these hackers often target positions in development, security, and finance, looking to gain access to sensitive company data. Once inside, they can manipulate or steal critical information, causing significant harm to the organization and its users. Zhao’s warning underscores the growing security risks the crypto industry faces from highly organized hacking groups, such as Lazarus and Chollima.

    How North Korean Hackers Infiltrate Crypto Firms

    North Korean hackers have developed several methods to infiltrate crypto firms, often disguising themselves as job applicants. In some cases, they directly apply for IT or security roles within these companies. Once they secure an interview, they use phishing techniques to plant malicious software on the employee’s device.

    For example, the hackers may pose as employers and trick employees into downloading updates for their video conferencing software or send malicious sample code as part of coding challenges.

    CZ warned crypto platforms to remain vigilant, emphasizing the importance of training employees not to download suspicious files or click on unknown links. “Train your employees to not download files, and screen your candidates carefully,” he advised.

    SEAL Team Identifies 60 North Korean IT Worker Impostors

    Zhao’s warning came as Security Alliance (SEAL), a team of ethical hackers, identified 60 fake IT worker profiles linked to North Korean operatives. These profiles were created to impersonate IT professionals seeking employment within the cryptocurrency sector. The SEAL team compiled a detailed repository of these impostors, sharing valuable information such as fake names, email addresses, and GitHub profiles. This information helps crypto companies avoid hiring these malicious actors and safeguard against future breaches.

    In addition to the hacker aliases, the SEAL team’s repository contains details of the firms that employed these fake workers and their subsequent exploits. The team’s efforts highlight the growing need for heightened security measures within the cryptocurrency industry.

    Past Attacks and Growing Security Concerns

    This alert follows a series of high-profile hacks linked to North Korean hackers, including the infamous Lazarus Group. The group has been responsible for some of the most devastating cryptocurrency heists, such as the $1.4 billion Bybit hack. North Korean operatives have increasingly targeted crypto firms through various means, including freelance development work and phishing scams, to steal millions of dollars in digital assets.

    In June 2025, four North Korean operatives infiltrated multiple crypto startups, stealing over $900,000 from them. These events highlight the need for robust security protocols and employee awareness, as hackers become more creative in their methods.

    The trend of North Korean hackers infiltrating crypto platforms also extends beyond the workplace. CZ pointed out that some hackers attempt to access platforms through customer service tickets, sending links containing malicious software that compromises systems when clicked.

    Industry’s Response and Need for Vigilance

    CZ’s warning comes at a time when crypto platforms are increasingly becoming targets for state-sponsored hacking groups. Other platforms, like Coinbase, have also reported rising threats from North Korean hackers. In response, Coinbase CEO Brian Armstrong has implemented stricter internal security measures, such as mandatory in-person training and fingerprinting for employees with access to sensitive systems.

    As the threat continues to grow, the crypto industry must stay ahead of malicious actors by improving employee training, implementing secure communication channels, and regularly auditing security systems. The efforts by teams like SEAL are essential in raising awareness and providing actionable insights to help companies defend themselves.

    Kelvin Munene is a crypto and finance journalist with over 5 years of experience in market analysis and expert commentary. He holds a Bachelor's degree in Journalism and Actuarial Science from Mount Kenya University and is known for meticulous research in cryptocurrency, blockchain, and financial markets. His work has been featured in top publications including Coingape, Cryptobasic, MetaNews, Coinedition, and Analytics Insight. Kelvin specializes in uncovering emerging crypto trends and delivering data-driven analyses to help readers make informed decisions. Outside of work, he enjoys chess, traveling, and exploring new adventures.

    Related Posts

    BC Game Crypto: 100% Bonus & 400 Free Casino Spins, Claim Here!