CZ warns cryptocurrency companies to watch out for threats from North Korean hackers

According to Coinjie.com, Binance founder Zhao Changpeng (CZ) issued a warning about North Korean hackers to the cryptocurrency project. He details how the gang uses increasingly complex strategies to gain access to the company. Operations staff are using the recruitment process CZ shared his concerns in a September 18 X post, calling the hackers “senior, creative and patient.” He explained that the most common method these people use is to impersonate job seekers to obtain corporate positions, especially in development, security and financial positions, thus providing them with a “step-back”. In other cases, the gang impersonated an employer and tried to interview employees, using the process to distribute malware. Zhao pointed out that during these meetings, attackers often claimed that Zoom had problems and then sent a "update" link with a virus, or they provided encoding issues and then provided "sample code" embedded with malware. Another strategy is to pretend to be a user who submits a customer support request containing a malicious link. CZ added that hackers will also pay or bribe employees and hired suppliers for data, noting a recent case in India where an outsourcing service company was hacked, resulting in a data breach on a major U.S. exchange, which cost more than $400 million. This alert comes after cybersecurity organization Security Alliance (SEAL) released a report describing more than 60 impostors linked to North Korea’s operations. The attackers built fake LinkedIn profiles, set up GitHub portfolios, and used fake government IDs to make their applications look real, the report said. Method shift North Korean hackers have been a major threat to the cryptocurrency industry, stealing more than $1.3 billion in assets in 2024 alone. Traditionally, they rely on phishing, malware and private key leaks to plunder from exchanges. However, recent reports suggest they are turning toward human resources. An independent survey by ZachXBT also revealed how a small DPRK team of five IT staff operated over 30 fake identities in cryptocurrency companies. In addition, Coinbase has recently reported similar threats from these bad actors. The exchange said it increasingly targets remote worker policies as a target for penetrating sensitive systems. CEO Brian Armstrong has since announced changes to the company's internal security protocols, including mandatory in-person on-boarding in the United States, fingerprinting and U.S. citizenship requirements for employees with system-level access. The exchange also introduced stricter interview procedures, such as requiring the camera to remain on to prevent impersonation and AI-assisted guidance. In view of the growing threat to the job market, CZ urges cryptocurrency platforms to train employees not to download files and carefully screen potential candidates.