TLDR:
- Binance’s CZ warned that North Korean hackers pose as job candidates and recruiters to breach crypto company networks.
- Hackers use malicious links and sample code during fake interviews to infect employee devices and gain access.
- Outsourced vendors have been targeted, with one breach leading to $400M in user asset losses at a U.S. exchange.
- Security Alliance published 60+ impostor profiles and urged firms to share data to slow down hacker activity.
Crypto security has taken center stage after Binance founder Changpeng Zhao shared new warnings about North Korean hacking groups. He explained that these actors use creative methods to infiltrate crypto companies.
The tactics go far beyond phishing and include posing as job candidates and employers. The goal is to plant malware or gain insider access. Zhao urged crypto teams to stay vigilant and train staff to spot these threats before they spread.
North Korean Hackers Target Crypto Companies
Speaking on X, Zhao said North Korean hackers have evolved into persistent, organized groups targeting the crypto space. He shared that they often apply for jobs in development, security, and finance roles to gain access to company systems.
In other cases, they pretend to be recruiters, then send malicious links during fake interviews.
He warned that attackers trick employees by sending “updates” or sample code files that infect devices. These links can deliver viruses that give hackers full control over work machines. He also noted cases where hackers posed as customers and sent infected links through support requests.
According to Zhao, insider threats are just as dangerous. He said hackers bribe employees or third-party vendors to gain sensitive data. He referenced a case where an outsourced service provider in India was breached, leading to a loss of more than $400 million from a U.S. exchange.
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ
BNB (@cz_binance) September 18, 2025
Security Alliance, which tracks cybercrime activity, published a database of over 60 known North Korean impostor profiles. The group urged companies to share information to make attackers recycle identities more often.
CZ Calls for Better Employee Training and Screening
Zhao encouraged crypto firms to improve internal security practices and focus on education. He advised companies to teach staff not to download unsolicited files and to confirm links before clicking.
Employee awareness, he said, is a strong defense against infiltration attempts.
Security Alliance echoed this call, saying that public awareness forces hackers to constantly create new profiles, which slows them down. Members of the group’s private intelligence network get access to more detailed data not released publicly.
Users on X pointed out that while such lists are helpful, attackers can always generate new profiles. Security Alliance replied that the goal is to make this process harder and more time-consuming for malicious actors.
This discussion reflects a growing push to protect the crypto industry from state-sponsored hacking. As Zhao stated, training and screening are now essential steps for any exchange or blockchain project handling customer assets.
The post Binance’s CZ Warns Crypto Firms About North Korean Hacker Tactics appeared first on Blockonomi.
Source: https://blockonomi.com/binances-cz-warns-crypto-firms-about-north-korean-hacker-tactics/