Changpeng Zhao Alerts Crypto Industry After SEAL Exposes 60 North Korean Fake IT Workers

Highlights:

• Changpeng Zhao warns that North Korean hackers use fake jobs and recruiters to infiltrate firms.
• CZ highlights insider threats and Customer Support scams causing multimillion-dollar crypto exchange losses.
• Zhao urges stronger staff training after the Security Alliance flagged over 60 hacker-linked fake profiles.

Crypto security is now a big focus after Binance founder Changpeng “CZ” Zhao warned about North Korean hackers. Several state-backed groups, including the infamous Lazarus Group, target blockchains and breach major companies to steal data and crypto assets. “These North Korean hackers are advanced, creative and patient,” CZ said.

Fake Job Tactics and Recruiter Scams

Zhao said he has seen these tricks himself and heard stories of people scammed by North Korean groups. He explained that attackers pose as job seekers, join crypto companies, and infiltrate them as insiders. Their goal is to install malware or steal insider access.

If they fail to secure jobs, they switch tactics and pose as recruiters, using fake competitor offers to target crypto employees. CZ explained that in interviews, these hackers claim a Zoom issue and push employees to install updates using a malicious link. 

Another common trick involves sending coding tasks that require candidates to run “sample code.” Instead of being harmless, these codes secretly grant hackers access to the user’s device. In the past, the hacking group Famous Chollima used this tactic. They posted fake job listings pretending to be top crypto firms to lure candidates and make them run malware-infected code. Attackers used the same trick and spread JSCEAL malware by posing as big crypto platforms to make users install the malicious software.

These North Korean hackers are advanced, creative and patient. I have seen/heard:

1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.

2. They pose as employers and try to… https://t.co/axo5FF9YMV

— CZ 🔶 BNB (@cz_binance) September 18, 2025

Zhao warned after Security Alliance (SEAL), a team of ethical hackers, compiled profiles of over 60 North Korean agents. These operatives, posing as IT workers with false identities, attempted to infiltrate U.S. crypto exchanges and steal sensitive user data. “North Korean developers are eager to work for your company, but it’s important to not get scammed by impostors when hiring,” Security Alliance said. Zhao urged crypto firms to boost security and train staff to avoid suspicious files and links, calling employee awareness the best defense.

North Korean developers are eager to work for your company, but it's important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company. pic.twitter.com/3Td2vX4C2v

— Security Alliance (@_SEAL_Org) September 17, 2025

Hackers Use Support Tricks and Insider Threats on Crypto Firms

CZ also pointed out that some hackers pretend to be regular users seeking help through Customer Support requests. Hackers send harmful links within support tickets, and when someone clicks them, a virus automatically downloads into the system, giving hackers access.

Zhao added that insider threats are just as serious. Hackers sometimes bribe staff or outside vendors to get secret information. He mentioned that hackers breached a service provider in India, causing a U.S. crypto exchange to lose over $400 million.

Although Zhao did not directly name the exchange, X user cryptobraveHQ suggested he might have been referring to Coinbase. In May 2025, hackers breached Coinbase by bribing customer service staff in India. Hackers accessed critical personal data, including names, birth dates, addresses, nationalities, ID numbers, bank details, and account information.