North Korean cybercriminals are intensifying efforts to breach cryptocurrency companies by posing as legitimate job applicants, according to Binance co-founder Changpeng “CZ” Zhao and a coalition of ethical hackers.
Zhao issued a public warning on Thursday, noting that attackers are applying for developer, security, and finance roles to gain access to sensitive systems. In some cases, they impersonate recruiters, tricking employees into clicking malicious links during fake video interviews. Other tactics include sending infected “sample code,” bribing staff or contractors, and embedding malware in supposed software updates.
“Train your employees not to download unverified files and vet every candidate carefully,” Zhao urged in a post on X.
His alert follows similar concerns from Coinbase. CEO Brian Armstrong recently announced stricter hiring protocols, including in-person training in the United States and citizenship requirements for employees with access to critical infrastructure.
The warning coincides with new findings from Security Alliance (SEAL), a white-hat hacker group led by Paradigm researcher Samczsun. SEAL has documented at least 60 fake developer profiles linked to North Korea, complete with aliases, forged documents, email addresses, and salary histories. The group maintains a public repository to help companies screen applicants.
North Korea’s state-backed Lazarus Group has already been blamed for some of the largest cryptocurrency heists on record. Chainalysis estimates that hackers tied to the regime stole more than $1.3 billion in digital assets across 47 attacks in 2024, double the haul from the previous year.
For crypto businesses, the message is clear: strengthen internal defenses, scrutinize job candidates, and educate staff to resist increasingly sophisticated social-engineering schemes.
