North Korean Hackers Target Crypto Firms: CZ Issues Urgent Warning to Industry

A Rising Cybersecurity Threat

The cryptocurrency industry has always been a prime target for cybercriminals, but recent warnings from Binance founder Changpeng Zhao (CZ) highlight a troubling escalation. According to CZ, North Korean hacker groups are deploying increasingly sophisticated tactics to infiltrate crypto companies, steal sensitive data, and compromise billions of dollars in digital assets.

This development underscores the urgent need for crypto firms, exchanges, and service providers to strengthen their defenses against social engineering, insider threats, and malware-driven schemes. In this article, we will explore the methods being used, the impact on global exchanges, and what industry leaders are doing to fight back.

How Hackers Infiltrate Crypto Firms Through Hiring

One of the most concerning tactics exposed by CZ involves hackers disguising themselves as job applicants. They specifically target high-value positions in development, security, and finance, where access to internal systems is easier to obtain.

• Fake Candidates: Hackers create polished résumés, complete with fake LinkedIn profiles, GitHub portfolios, and even forged government IDs to appear legitimate.
• Malicious Interviews: In some cases, the attackers pose as employers, setting up fake interviews. During these sessions, they send malware disguised as “Zoom updates” or “sample code” files.
• Support Requests as Entry Points: Another tactic involves hackers posing as customers and submitting malicious files through support channels, exploiting employees who fail to verify attachments.

Zhao described these attackers as “advanced, creative, and patient,” warning that they use long-term strategies to build trust before executing major breaches.

High-Profile Breaches and Global Losses

The scale of damage caused by these hackers is staggering. According to recent reports, North Korean groups stole more than $1.3 billion in crypto assets during 2024 alone.

One example CZ highlighted was a case in India where outsourced employees were bribed. Their access was exploited to breach a U.S.-based exchange, resulting in a $400 million loss of data and assets.

These operations are often linked to the group known as “The Com”, a cybercriminal network notorious for SIM-swapping attacks, ransomware deployments, and token theft. The FBI has confirmed that “The Com” consists mainly of young hackers who conceal their identities with advanced digital techniques.

From Phishing to Human Resources Attacks

Traditionally, North Korean hackers relied heavily on phishing emails, malware, and stolen private keys. However, the trend is shifting towards human resource infiltration.

• Fake Identities: A report by Security Alliance (SEAL) profiled over 60 impostors linked to North Korean operations, with detailed fake credentials.
• Remote Work Exploits: Investigations by on-chain researcher ZachXBT revealed that five DPRK operatives used 30 fake identities to secure jobs across crypto firms.
• Coinbase Adjustments: Coinbase, a major U.S. exchange, responded to the threat by introducing stricter security measures, including in-person onboarding, fingerprinting, and mandatory U.S. citizenship for sensitive roles.

This shift highlights a dangerous reality: hackers no longer only attack systems; they are embedding themselves inside organizations.

Industry Response and New Security Standards

In response to these rising threats, industry leaders are implementing stronger security protocols.

• Employee Awareness: CZ has urged crypto companies to train staff not to download unknown files or click suspicious links during hiring and customer support processes.
• Stricter Onboarding: Companies like Coinbase have set new standards with in-person verification and biometric requirements.
• Law Enforcement Partnerships: Crypto platforms are increasingly collaborating with agencies like the FBI, Interpol, and Europol to track and dismantle these hacking groups.

As North Korean cybercrime grows more sophisticated, cooperation between governments, regulators, and the crypto industry will be vital in preventing catastrophic breaches.

A Warning Crypto Cannot Ignore

CZ’s warning serves as a stark reminder that the most significant risk to crypto firms today is not only technical vulnerabilities but also human vulnerabilities. From manipulated hiring processes to bribed employees, North Korean hackers are exploiting every possible weakness to steal billions.

For crypto projects and exchanges, the message is clear: strengthen your defenses, train your teams, and never underestimate the lengths hackers will go to breach your systems. The survival of projects may depend on how well they prepare against this growing wave of cyberattacks.