CZ Issues New Warning on North Korean Hacker Attacks in Crypto

CZ warns North Korean hackers target crypto with insider hires and malware scams.
Fake interviews and support tickets flagged as key infiltration methods.
Vendor breaches linked to $400M in losses at U.S. crypto exchange.

Binance founder Changpeng Zhao has issued a detailed warning on how North Korean hacking groups are targeting the digital asset industry. He says their methods now combine social engineering, insider manipulation, and malware, hitting both exchanges and service providers.

These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ 🔶 BNB (@cz_binance) September 18, 2025

The scale of losses is mounting. Zhao pointed to recent vendor breaches that exposed U.S. exchange data and contributed to more than $400 million in stolen funds.

Related: North Korea Cybercrime: Millions in Stolen Crypto Fueling Missile Program

Job Scams and Fake Interviews

Attackers are disguising themselves as job seekers applying for developer, finance, and security roles where access to critical systems is direct. Once inside, they can move laterally across company networks, siphoning data over time.

Another tactic flips the script. Hackers pose as employers during interviews with existing crypto staff. They claim Zoom is malfunctioning and push candidates to download a fake update. That file installs malware, giving attackers full control of the device. In other cases, “sample code” sent to candidates contains hidden viruses.

Exploiting Customer Support Channels

Zhao also flagged how hackers exploit support desks. They file fake support tickets with malicious links masked as legitimate requests. Even one click by an employee can compromise an entire system. These schemes bypass standard filters by blending with day-to-day customer activity.

Insider Threats and Vendor Weakness

The warning extends beyond job scams and tickets. Zhao said hackers have bribed or paid contractors for insider access. Outsourced vendors remain weak points, one Indian service provider was breached recently, opening the door to losses at a U.S. exchange.

Zhao’s takeaway: the risk isn’t just technical exploits, it’s trust being abused at every layer, recruitment, support desks, and external partners. Firms must harden internal checks before becoming the next target.

Related: North Korean IT Workers Infiltrate Tech and Crypto Projects, Pocket Over $16 Million

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

Source: https://coinedition.com/cz-north-korea-crypto-hacker-warning/