In a recent alert, Changpeng Zhao, the founder of Binance, raised significant concerns about the evolving threat posed by North Korean hackers to cryptocurrency projects. In a post shared on September 18 via social media platform X, Zhao characterized these hackers as “advanced, creative, and patient,” emphasizing their sophisticated methods to infiltrate companies.
Zhao detailed how one of the most common approaches used by these cybercriminals involves posing as job applicants. By securing roles in key areas such as development, security, and finance, they create opportunities for deeper access into corporate networks. Moreover, there have been instances where the hackers impersonate employers during interview processes, leveraging this interaction as a means to distribute malicious software. For example, attackers might claim an issue with a video conferencing platform like Zoom, subsequently sending a link purportedly for an “update” that actually contains a virus. They have also been known to provide coding challenges along with sample code embedded with malware.
Another method reported involves hackers masquerading as customers filing support requests, which include malicious links. Zhao pointed to a particularly concerning case in India, where compromised data from a major U.S. exchange led to substantial financial losses exceeding $400 million. This revelation underscores the lengths to which these operatives will go, including bribing employees or vendors to obtain sensitive information.
These warnings coincide with a report from the cybersecurity group Security Alliance (SEAL), which identified over 60 impostors connected to North Korean operations. This research highlighted how attackers have gone so far as to create fake LinkedIn profiles, set up GitHub portfolios, and utilize forged government identification to lend authenticity to their job applications.
Historically, North Korean hackers have been a persistent threat within the cryptocurrency landscape, with reports revealing that they stole more than $1.3 billion worth of assets in 2024 alone. While they have typically relied on phishing tactics, malware, and the compromise of private keys to execute their heists, there is an observable shift towards targeting human resources and recruitment processes.
Supporting this trend, an investigation by ZachXBT uncovered that a small team of five IT workers from North Korea maintained more than 30 fraudulent identities across various crypto firms. Similarly, Coinbase has also reported an uptick in threats from these hackers, leading CEO Brian Armstrong to announce strategic adjustments to the company’s internal security measures. These changes include mandatory in-person onboarding for U.S. employees, implementation of fingerprinting, and requiring U.S. citizenship for individuals with access to critical systems. Stricter interview protocols have also been introduced, such as keeping video cameras on to deter impersonation and combat AI-assisted coaching.
In light of these rising threats in the job market, Zhao strongly encourages cryptocurrency platforms to enhance training for their employees on safe digital practices, particularly discouraging the downloading of files from unverified sources. He urges companies to thoroughly vet potential candidates to mitigate risks associated with these advanced hacking techniques.
