CZ warns crypto firms of North Korean hackers posing as job seekers as SEAL finds 60 fake IT profiles linked to infiltration attempts.
Binance co-founder and former CEO Changpeng “CZ” Zhao has raised fresh warnings about North Korean hackers targeting the crypto industry.
He wrote on X, about how attackers are getting inside companies through fake job applications, phishing links and even bribery.
Zhao painted a detailed picture of how hackers operate. They pose as candidates for roles in development, finance and security. Once they gain access, they can steal sensitive information or even user funds.
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ
BNB (@cz_binance) September 18, 2025
During interviews, hackers trick candidates and employees with fake “Zoom updates” or scams hidden in “sample code.” These files infect devices and give attackers remote access.
Hackers also create support tickets with harmful links designed to spread malware. In other cases, they bribe employees or outsource contractors for data access. This has already led to major losses in the industry.
Zhao pointed to Coinbase, which outsourced customer service to TaskUs in India.
An employee there stole customer data, including social security numbers. This resulted in $400 million in losses.
These incidents show that even top exchanges are vulnerable.
At the same time Zhao issued his warning, the Security Alliance (SEAL), a group of ethical hackers, published a repository of at least 60 North Korean agents.
These individuals were impersonating IT workers, using fake names, email addresses, and citizenships.
North Korean developers are eager to work for your company, but it's important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company. pic.twitter.com/3Td2vX4C2v
— Security Alliance (@_SEAL_Org) September 17, 2025
SEAL researchers explained that these agents apply for freelance or remote roles. Once hired, they gain inside access to crypto firms and sometimes steal directly from company wallets.
The repository includes aliases, websites, addresses and even GitHub profiles linked to the impostors. It serves as a resource for companies to verify applicants and avoid hiring disguised operatives.
This trend is even more disturbing because in June, four North Korean operatives infiltrated crypto startups as freelance developers. They stole around $900,000 in total. SEAL said the group has conducted more than 900 investigations since its launch last year, showing how frequent these attempts have become.
Zhao noted that North Korean hackers are not just after company profits. The stolen crypto often gets funnelled into state-backed programs, including nuclear development. This makes every breach not just a company issue but an international one.
Chainalysis data shows that North Korean hackers stole over $1.34 billion worth of assets across 47 incidents last year. That marked a 102% increase from $660 million stolen in 2023.
The infamous Lazarus Group has been tied to many of these heists, including the record $1.4 billion Bybit hack.
Crypto exchanges and service providers hold billions in value. They are attractive targets, and small lapses in security can lead to massive losses.
Some companies have already started to strengthen their internal defences. Coinbase CEO Brian Armstrong, for example, said all staff must now undergo in-person training in the US.
Employees with access to sensitive systems must be US citizens and submit to fingerprinting.
Armstrong added that North Korea seems to train hundreds of hackers every quarter. He compared it to schools focused entirely on producing cyber operatives. This scale of training makes the threat a constant and difficult one to contain.
The post Binance Founder Raises Alarms Over North Korean Hackers Targeting Crypto Jobs appeared first on Live Bitcoin News.
Also read: Trump Takes Fed Governor Lisa Cook to the Supreme Court
