Key Notes
- CZ warned that North Korean hackers pose as job seekers, employers, users, and even bribe insiders.
- He stressed training employees and screening candidates as critical defenses.
- A recent hack at an Indian outsourcing firm cost Coinbase over $400 million.
Binance co-founder and former CEO Changpeng “CZ” Zhao has issued a sharp warning to the crypto industry about the growing threat of North Korean hackers.
In a detailed post on X, CZ outlined how attackers are finding creative ways to infiltrate exchanges, companies, and even outsourced service providers.
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ 🔶 BNB (@cz_binance) September 18, 2025
North Korean Hackers’ Playbook
According to Zhao, North Korean hackers use multiple disguises to target crypto firms, including posing candidates for developer, finance, and security roles to get insider access.
They also trick people during interviews by sending malicious “Zoom updates” or tainted “sample code” designed to infect devices. CZ added that the hackers also open support tickets and sneak in harmful links that install malware.
Incidents of these hackers directly paying or bribing employees and contractors for access, throwing a jab at Coinbase, the leading digital asset exchange in the United States.
Coinbase outsourced its customer service to TaskUs in India, where an employee stole customer data, including social security numbers, resulting in losses of $400 million.
“These North Korean hackers are advanced, creative, and patient,” Zhao said, adding that the list of tactics is constantly growing.
Why the Warning Matters
CZ urged all crypto platforms to train staff to avoid downloading unknown files and to carefully vet job candidates.
North Korean developers are eager to work for your company, but it’s important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company. pic.twitter.com/3Td2vX4C2v
— Security Alliance (@_SEAL_Org) September 17, 2025
He cautioned that small lapses in security can cause massive losses, revealing that state-backed groups like DPRK often funnel stolen funds into national programs, making these hacks a global issue.
With crypto exchanges holding billions in value, they remain prime targets of these hackers.
Rumors of a Return
CZ recently changed his X bio from “ex-@binance” back to “@binance.” The move resulted in discussions across various platforms about a possible comeback to the exchange he founded.
While no official announcement has been made, the crypto community is watching closely.
CZ stepped down as the chief executive of Binance following a settlement with the United States Department of Justice under the Biden administration. He also served a four-month sentence in 2024.
next
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
A crypto journalist with over 5 years of experience in the industry, Parth has worked with major media outlets in the crypto and finance world, gathering experience and expertise in the space after surviving bear and bull markets over the years. Parth is also an author of 4 self-published books.
Parth Dubey on LinkedIn
Source: https://www.coinspeaker.com/cz-screen-candidates-hacker-threat/