Binance co-founder Changpeng Zhao (CZ) has sounded an alarm over a new wave of cyber threats targeting the digital asset industry. According to CZ, North Korean operatives, particularly the Lazarus Group, are posing as job seekers to gain access to companies handling cryptocurrencies. The warning follows a detailed report by cybersecurity outfit Security Alliance, which examined over 60 profiles linked to North Korean actors.
Investigators found that these impostors submitted professional-looking resumes and work histories to secure roles in development, finance, and IT teams inside crypto startups.
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ 🔶 BNB (@cz_binance) September 18, 2025
Lazarus Group Expands Its Playbook
North Korea’s Lazarus Group has long been notorious for phishing campaigns and malware attacks that have drained billions from exchanges. What is more worrying for the industry is the evolution of their tactics into human resources.
The Security Alliance highlighted incidents where candidates supplied government-issued IDs, LinkedIn pages, and well-crafted portfolios to strengthen their deception. In some cases, malicious code was slipped into projects during interviews, while fraudulent support tickets were laced with harmful links. There were also reports of operatives attempting to bribe employees for internal access.
Billions Lost to Sophisticated Campaigns
Industry trackers estimate that North Korean hackers siphoned off more than $1.3 billion in cryptocurrency during 2024 alone, hitting exchanges and cross-chain bridges. Binance itself has flagged and rejected fake job applications on a daily basis.
An August probe by on-chain investigator ZachXBT also identified at least five operatives who rotated through 30 different fake identities in an attempt to embed themselves inside crypto firms.
CZ Calls for Stronger Recruitment Defences
CZ has urged industry players to adopt stricter vetting of new hires, strengthen staff awareness programmes, and collaborate more closely on threat intelligence. He stressed that by planting insiders within companies, hackers can circumvent traditional security perimeters entirely.
With North Korean operations growing more advanced, crypto firms are under pressure to treat recruitment as a frontline defence against some of the most sophisticated cybercriminals in the world.
Disclaimer: Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Cryptocurrency is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Cryptocurrency market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.
