Binance founder Changpeng ‘CZ’ Zhao may be under attack by government-backed hackers, and he speculates the infamous North Korean state-backed hacking group, Lazarus, could be involved.
Summary
- Binance founder Changpeng Zhao shared a Google alert warning of a potential attack by “government backed hacking attackers” attempting to access his account.
- Google clarified that such security warnings are issued as a precaution and do not necessarily mean an account has been compromised.
- Zhao speculates that North Korean state-sponsored hacking group Lazarus may be involved.
On Oct. 10, the former Binance CEO took to X to share a screenshot of a Google alert warning him of a possible attempt by government‑backed attackers to access his account. See below.
“I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus?,” Zhao said, although he downplayed the severity of the alert by adding that he does not keep anything important on the account and urged others to stay safe.
Lazarus is one of the most notorious state-sponsored groups of hackers that are believed to have a direct mandate to help fund North Korea’s heavily sanctioned weapons programs by targeting crypto firms and stealing digital assets across the globe.
Over the past years, Lazarus has been widely documented for its role in several high-profile crypto heists, including the Bybit hack, one of the biggest in the industry’s history, and multiple wallet infrastructure attacks. They often carry out these operations through complex social engineering tactics where in some instances they pose as IT workers to infiltrate companies from the inside.
Earlier this year, Lazarus was linked to a multi-million dollar attack directed towards Lykke, a UK-registered exchange that was forced to shut down after losing Bitcoin, Ethereum, and other assets in the breach. Prior to this, they also allegedly played a role in the attack on WazirX, one of India’s largest exchanges, before it also met a similar fate as Lykke.
Latest estimates from security researchers at Elliptic claim the funds stolen by hacking teams like Lazarus Group could account for 13% of North Korea’s GDP.
However, these bad actors have often looked beyond company coffers and targeted high-profile personalities like Zhao on several occasions.
As an entrepreneur with an estimated net worth of over $60 billion and over 10 million followers on X, Zhao remains one of the most influential figures in the crypto space due to his involvement with some of the most prominent projects and businesses in the industry.
His continued visibility, even after stepping down as Binance CEO, along with his active role in mentoring startups and leading a multibillion-dollar venture firm, makes him a high-value target for cybercriminals seeking to exploit insider access or steal sensitive information.
Google says warnings are routine
According to a Google security blog, these security notifications are issued as a precaution and do not necessarily mean that an account has been compromised.
“We send these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example,” Google said in the 2017 blog.