- Trending
- Comments
- Latest
North Korean hackers are escalating their attempts to infiltrate cryptocurrency companies by posing as IT workers, raising new concerns for the industry’s security. The warning came Thursday from Binance co-founder Changpeng “CZ” Zhao, who highlighted fresh schemes ranging from fake job interviews to employee bribery.
“They pose as job candidates to try to get jobs in your company. This gives them a ‘foot in the door,’ specifically for employment opportunities related to development, security and finance,” — Changpeng Zhao, Co-founder, Binance, on X.
Zhao explained that malicious actors are even impersonating employers. During fake interviews, they claim technical issues with Zoom, prompting victims to download “updates” laced with malware designed to seize control of their devices. Other schemes involve distributing corrupted code samples, phishing links to customer support staff, or outright bribing employees and vendors for data access.
“To all crypto platforms, train your employees to not download files, and screen your candidates carefully,” Zhao warned.
The warning follows similar alarms from Coinbase, which last month announced new safeguards against cyber infiltration. CEO Brian Armstrong confirmed stricter internal measures, including in-person training for all U.S.-based employees, citizenship verification for workers handling sensitive systems, and mandatory fingerprinting.
“We can collaborate with law enforcement […] but it feels like there’s 500 new people graduating every quarter, from some kind of school they have, and that’s their whole job,” — Brian Armstrong, CEO, Coinbase, on the Cheeky Pint podcast.
The move underscores how major exchanges are being forced to rethink their hiring and onboarding practices as North Korean hackers expand their attack surface.
Zhao’s warning coincided with new findings from Security Alliance (SEAL), a group of ethical hackers that recently published evidence of at least 60 North Korean hackers masquerading as freelance IT workers.
“North Korean developers are eager to work for your company, but it’s important to not get scammed by impostors when hiring,” — Security Alliance (SEAL), in a statement on X.
The group’s repository, shared publicly on Wednesday, catalogs aliases, email addresses, fake citizenships, and GitHub profiles tied to known impostors. The data also includes details of firms that inadvertently hired these operatives, alongside salary records and technical portfolios.
The scale of infiltration is not hypothetical. In June, four operatives successfully embedded themselves into multiple startups, stealing $900,000 through freelance development roles, according to a Cointelegraph report.
SEAL, led by Paradigm researcher Samczsun, has completed more than 900 cybercrime investigations since launching in 2023, reflecting the growing need for white-hat hackers to counter organized cybercrime syndicates.
The broader picture underscores why North Korean hackers are seen as a systemic threat to crypto markets. Groups like the Lazarus Group have been linked to some of the industry’s most damaging heists, including the $1.4 billion Bybit exploit which is the largest in cryptocurrency history.
Chainalysis data shows North Korean hackers stole more than $1.34 billion in digital assets across 47 incidents in 2024, marking a 102% surge from 2023 levels. With resources funneled into state coffers, these operations represent not only a cybersecurity challenge but also a geopolitical one.
“State-backed cybercrime has become a critical funding stream for Pyongyang’s regime, with crypto thefts playing a central role,” — Chainalysis 2025 Crime Report.
For crypto investors, the tactics deployed by North Korean hackers highlight a crucial risk: vulnerabilities don’t always stem from smart contract exploits or exchange cold wallets as they often begin with human error. A compromised developer or bribed vendor could provide attackers with entry points to billions in assets.
The rising sophistication of these operations suggests investors must monitor not only on-chain analytics but also off-chain risks, including corporate governance and exchange hiring practices. Exchanges that fail to protect against infiltration could expose user funds to unprecedented levels of theft.
The infiltration of crypto firms by North Korean hackers is not a fringe issue but a pressing systemic challenge. With top exchanges like Binance and Coinbase tightening defenses, the industry faces a defining test of resilience against state-backed cybercrime.
