The founder of the cryptocurrency exchange Binance, Changpeng Zhao (CZ), has warned representatives of the crypto industry about the increasing activity of North Korean hacker groups that are developing increasingly sophisticated schemes to infiltrate companies related to digital assets and financial technologies.
This is reported by Business • Media
Main Tactics of North Korean Hackers
According to Zhao, North Korean criminals employ four main tactics to gain access to the internal systems of crypto companies:
- Submitting fake job applications, primarily for positions in development, security, and finance, to gain initial access to the company.
- Imitating employers during online interviews: the attackers send candidates malicious links disguised as “updates” or “code samples” that contain viruses.
- Distributing infected links through customer support, masquerading as regular users.
- Bribing employees or contractors to gain access to confidential information.
“Just a few months ago, a large outsourcing company in India was hacked, and user data from a major American exchange was stolen. This led to asset losses of over $400 million,” Zhao noted.
Strengthening Security Measures Due to the Scale of Cybercrime
Changpeng Zhao emphasized that “these hackers are advanced, creative, and patient,” so cryptocurrency companies should be extremely diligent in their hiring processes, regularly conduct staff training, and strictly prohibit the downloading of unverified files or links.
This statement comes amid a series of high-profile incidents involving North Korean cybercriminals. In July, U.S. citizen Kristina Marie Chapman was sentenced to 8.5 years in prison for assisting North Korean hackers in securing employment under the guise of American IT specialists, which brought the criminals over $17 million. In August 2025, Coinbase CEO Brian Armstrong reported a change in hiring policy following attempts to bribe employees by North Korean IT specialists: the company implemented mandatory in-person orientations for new employees, limiting remote employment.
According to Microsoft security researcher James Elliott, North Korea remains one of the most dangerous players in cyberspace. Estimates from Google Cloud indicate that in 2025 alone, North Korean hacker groups TraderTraitor, Jade Sleet, and others stole cryptocurrency worth approximately $1.6 billion. Over the past decade, the total losses from North Korean attacks have reached several billion dollars, and experts believe that these funds were directed towards financing the regime’s nuclear program.