CZ Alerts Crypto Industry to Rising Insider Threats and Hiring Scams

Binance founder Changpeng “CZ” Zhao has warned that North Korean hackers are posing as job seekers to infiltrate crypto firms, urging stronger hiring security.

Published by Ecem EFE

18 September 2025, 18:10 published Updated 18 September 2025, 18:10

Binance Founder CZ Warns of North Korean Hackers Targeting Crypto Jobs

Changpeng “CZ” Zhao, the founder of Binance, has issued a stark warning to the crypto industry: North Korean hackers are disguising themselves as job seekers and recruiters in order to infiltrate exchanges and blockchain projects.

Hackers Exploit Hiring Processes

In a post on X, Zhao highlighted that state-backed actors from North Korea are applying for roles in development, security, and finance. These malicious applicants often send infected portfolios, distribute fake Zoom updates, or direct candidates to malicious interview links. Once opened, these tools can inject malware into internal systems before being detected.

Security analysts have tied these tactics to the infamous Lazarus Group, which has been linked to multiple high-profile crypto heists. U.S. authorities confirm that stolen digital assets are used to fund Pyongyang’s weapons programs, making the risks far greater than just financial losses.

Insider Threats and Bribery Attempts

Zhao also cautioned that the threat doesn’t stop with fake résumés. Hackers have reportedly attempted bribery schemes, offering financial incentives to employees, contractors, or vendors in exchange for sensitive system credentials or privileged access.

Industry experts note that insider compromises are often harder to detect than external attacks, with a single breached account potentially enabling large-scale withdrawals or manipulation of smart contracts.

Strengthening Defenses in the Crypto Sector

To counter these threats, Zhao urged crypto companies to enforce rigorous candidate screening, including identity verification and technical testing in controlled environments. He also advised teams to reject unsolicited files, scrutinize support-ticket attachments, and apply least-privilege access policies.

Security specialists further recommend continuous monitoring, mandatory multi-factor authentication, and rapid patching of vulnerabilities. Increased collaboration between exchanges and law enforcement could also mitigate the risks of these sophisticated social engineering attacks.

As North Korean cyber tactics become more deceptive, Zhao emphasized that well-trained staff and proactive security controls remain the most effective defense for safeguarding funds, user data, and platform integrity.