Warning from Binance CEO
Changpeng Zhao, the CEO of Binance, has issued a stark warning to the cryptocurrency sector regarding the deceptive tactics employed by North Korean hackers. These cybercriminals aim to penetrate the infrastructure of leading cryptocurrency companies either by impersonating employees or even seeking assistance as legitimate users.
Deceptive Tactics of North Korean Hackers
In a recent social media post, Zhao shed light on the various sophisticated strategies that these state-sponsored groups, particularly the infamous Lazarus Group, implement to exploit vulnerabilities within blockchain environments and target prominent firms for valuable information that can facilitate unauthorized access to cryptocurrency wallets and assets.
Zhao characterized these North Korean intruders as exceptionally skilled, innovative, and patient in their efforts to execute their attacks. Drawing from his experiences and accounts he has gathered, he detailed one significant approach: aspiring hackers often apply for positions within crypto firms. By securing a role, they can embed themselves within the organization and gain critical insights.
“They especially focus on roles in development, security, and finance to establish their foothold,”
remarked Zhao.
Changing Tactics When Job Applications Fail
In cases where job applications are unsuccessful, these hackers tend to switch tactics. They may present themselves as recruitment agents, attempting to lure existing employees from competitor firms by offering enticing job opportunities. During these interactions, Zhao noted that they often exploit technical issues with video conferencing software, such as Zoom, instructing employees to click on a link to resolve the problem, which turns out to be malicious.
Another method is the use of deceptive coding challenges, wherein potential victims are asked to run sample code ostensibly relevant to a job application. However, this code is designed to grant hackers access to the victim’s device. This tactic has previously been employed by a group known as Famous Chollima, which created fraudulent job postings to entice candidates into compromising their own systems. Similarly, hackers have used a malware variant called JSCEAL that posed as popular crypto services to infiltrate user devices.
Impersonation and Malware Attacks
Additionally, Zhao noted that some hackers impersonate users within customer support forums, providing links through service requests that, when clicked, can infect systems with malware. He cited a particular incident involving an Indian outsourcing service that leaked sensitive information from a significant U.S.-based exchange this past year, an event that purportedly led to the loss of over $400 million in user funds.
While Zhao did not name the exchange directly, speculation suggests it could be Coinbase, particularly after an incident in May 2025 where hackers utilized bribed customer service representatives from India to gain unauthorized access to sensitive client data. According to reports, the information compromised included personal details like names, birth dates, and banking information, affecting high-profile figures including Sequoia Capital’s Managing Partner, Roelof Botha. Users reported receiving alerts indicating that their information may have been improperly accessed, illustrating the grave risks posed by these cyber threats.
Alarming Statistics on Cryptocurrency Theft
Recent statistics from Chainalysis reveal an alarming trend, with approximately $2.17 billion in cryptocurrency having been stolen this year alone, led primarily by a notable breach at Bybit amounting to $1.5 billion. Zhao’s insights serve as a crucial reminder of the sophisticated landscape surrounding crypto security, particularly amid the increasing prevalence of state-sponsored cybercrime.
