- CZ said he received a Google alert of state-backed attack, hinting at Lazarus involvement.
- North Korea-linked hackers stole over $2 billion in crypto this year, Elliptic reports.
- Experts say hackers now target individual executives, not just exchanges.
Changpeng Zhao (CZ) posted a screenshot of a Google security warning that said a government-backed attacker may be trying to steal his password.
He asked whether it was “North Korea Lazarus,” light-hearted but revealing. That single tweet reignited debate over how state-sponsored groups choose targets within crypto.
Google’s threat notifications are reserved for high-risk users facing nation-state attempts. The alert suggests hackers linked to North Korea’s Lazarus Group may have tested access to CZ’s personal account. It also echoes a pattern seen in other industries where cyber campaigns begin with social-engineering lures before technical exploits.
Related: CAKE Defies Hack as PancakeSwap Token Surges Roughly 16% After X Account Breach
North Korea’s Crypto Heists Reach Record High
According to blockchain analytics firm Elliptic, North Korean hackers have stolen over $2 billion in crypto assets in 2025 alone, their largest annual total on record.
This figure nearly triples the amount stolen in 2024 and pushes the country’s total confirmed crypto theft to more than $6 billion, funds widely believed to support Pyongyang’s nuclear weapons and missile development programs.
The Lazarus Group was behind several major breaches this year, including the $1.46 billion Bybit hack in February, the single largest crypto theft of 2025.
Other incidents targeting LND.fi, WOO X, Seedify, and BitoPro have also been traced to the same network. Notably, Elliptic’s findings reveal that the majority of recent hacks no longer rely on exploiting technical flaws.
Instead, the hackers now focus on manipulating individuals through social engineering, marking an evolution in tactics, shifting the weakest point in crypto security from technology to human behavior.
Crypto Security Experts Respond
Cybersecurity researchers warn that Google’s alert shouldn’t be ignored. CertiK data shows total crypto losses fell 37% in Q3 2025, from $803 million to $509 million, but the number of successful social-engineering breaches rose.
Influencers like Crypto Jargon advised CZ’s followers to treat the warning as a reminder to rotate passwords and enable 2-factor authentication through authenticator apps, not SMS. They also urged checking linked devices for unauthorized sessions.
Experts note that state-sponsored campaigns often probe well-known executives first, then use compromised contacts to reach projects or funds. That makes CZ’s experience a signal for the wider industry.
A Human Front in Crypto Cybersecurity
However, attackers are now targeting individuals and mid-sized operations rather than multi-million-dollar protocols, with September 2025 recording the highest number of million-dollar hacks in a single month.
Lazarus and other state-backed hackers are increasingly using multi-chain swaps, obscure blockchains, and custom token issuance to conceal their movements.
Related: UXLINK Hack Sparks Audit, Migration, and DAXA Review – Can Fixes Restore Trust?
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/cz-google-warning-lazarus-north-korea-hack-2025/