Changpeng Zhao (CZ), founder of Binance, has issued a detailed security warning to the crypto community about sophisticated infiltration tactics used by North Korean state-funded hacking groups. In a September 18, 2025 post on X, CZ described these hackers as "advanced, creative, and patient" based on both personal experience and industry reports.
The primary methods outlined include: Posing as job candidates seeking positions in development, security, or finance to gain insider access; masquerading as employers conducting fake interviews where they prompt targets to download malicious Zoom updates or execute sample code containing malware; submitting fake customer support tickets with infected links; and bribing employees or outsourcing vendors for data access.
CZ highlighted a recent incident where a major Indian outsourcing service leaked data from a U.S. exchange (strongly implied to be Coinbase), resulting in over $400 million in user losses. This aligns with reports of Coinbase's May 2025 breach where hackers bribed customer service agents in India to access client data including names, identification numbers, and banking information.
The warning comes amid growing concerns about state-sponsored crypto theft, with Chainalysis reporting $2.17 billion stolen in 2025 alone, including Bybit's $1.5 billion hack. CZ concluded by urging exchanges to train employees against downloading files and carefully screen job candidates.