CZ Alerts Market: North Korean Hackers Suspected in $400M Crypto Heist
Binance’s former CEO Changpeng Zhao has sounded the alarm about North Korean state-backed hacking groups getting more sophisticated...
Quick overview
- Changpeng Zhao warns that North Korean hacking groups, like the Lazarus Group, are becoming more sophisticated in targeting cryptocurrency companies.
- Hackers use tactics such as fake job ads, malicious Zoom links, and insider recruitment to infiltrate crypto firms and steal sensitive data.
- A recent breach reportedly cost a major US exchange over $400 million, highlighting the urgent need for improved cybersecurity measures.
- Zhao emphasizes that these threats are real and evolving, combining social engineering with technical exploits to compromise even secure systems.
Binance’s former CEO Changpeng Zhao has sounded the alarm about North Korean state-backed hacking groups getting more sophisticated in the cryptocurrency space. In a recent post, he outlined how hackers, including the Lazarus Group, are exploiting blockchain networks and crypto companies to get access to wallets and sensitive data.
“These North Korean hackers are advanced, creative and patient,” Zhao said, having seen it himself. He explained how they often pose as job seekers to get into crypto companies, especially in development, security and finance roles.
If they fail, they switch tactics – posing as recruiters, luring employees with fake job offers and using fraudulent video calls to push malware updates. Once installed, these tools give them access to internal systems and they can steal critical info.
Tactics Used by Hackers
Zhao listed several infiltration methods that crypto companies need to watch out for:
- Fake Job Ads: Hackers post job listings to trick applicants into downloading malware through “sample code.”
- Malicious Zoom Links: During fake interviews, they share compromised links disguised as updates.
- Support Ticket Exploits: Hackers impersonate users, embed viruses in customer service requests.
- Insider Recruitment: Employees are targeted with offers from fake competitor sites to extract access.
These tactics have been used by groups like Famous Chollima which used malware like JSCEAL to infiltrate devices under the guise of legitimate platforms.
$400M Lost to Major Exchange
Zhao also mentioned a recent breach that cost a major US exchange more than $400M in user assets. He didn’t name the exchange but many speculated it was Coinbase which was hacked in May 2025.
Reports said an outsourcing service in India was compromised and employees were bribed to leak sensitive client info. The stolen data included names, addresses, IDs and banking details and was used to target high profile investors like Sequoia Capital’s Roelof Botha.
Chainalysis estimates $2.17B in crypto was stolen in 2025 alone and Bybit hack accounted for $1.5B. The scale of these thefts shows how important it is for companies to strengthen their cybersecurity, employee training and insider risk management.
As Zhao said, the threats are not theoretical. North Korean hackers are getting more innovative, combining social engineering with technical exploits to breach even the most secure crypto companies.
- Check out our free forex signals
- Follow the top economic events on FX Leaders economic calendar
- Trade better, discover more Forex Trading Strategies
- Open a FREE Trading Account
Save