The founder of the cryptocurrency exchange Binance, Changpeng Zhao (CZ), addressed industry representatives, emphasizing the rise of cyber threats from North Korean hacking groups. He urged crypto companies to be particularly vigilant and implement additional security measures to counter modern attack methods.
This is reported by Finway
Four main tactics of North Korean hackers
Zhao highlighted four key techniques used by criminals to infiltrate companies related to cryptocurrencies and the fintech sector:
- Impersonating job candidates — hackers apply for positions, primarily as developers, security specialists, and financiers, to gain access to the company’s internal systems.
- During online interviews, the attackers disguise themselves as employers and send employees infected files disguised as “updates” or “code samples.”
- Using malicious links in support services — hackers leave infected links in support requests to compromise the companies’ infrastructure.
- Bribing employees or contractors to gain access to sensitive information or systems.
“Just a few months ago, a large outsourcing company in India was hacked, and user data from a major American exchange was stolen. This resulted in asset losses exceeding $400 million,” Zhao noted.
Rise of cybercrime and industry response
According to Zhao, cybercriminals from North Korea demonstrate a high level of training, creativity, and patience. This is why cryptocurrency platforms need to focus more on staff training, thorough vetting of new candidates, and implementing strict restrictions on uploading unverified files.
The issue has become particularly pressing in light of a series of incidents involving North Korean hackers. For instance, in July, U.S. citizen Christina Marie Chapman was sentenced to 8.5 years in prison for aiding North Korean criminals in securing employment under the guise of American IT specialists, which earned them over $17 million in illegal profits.
In August 2025, Coinbase CEO Brian Armstrong announced a change in the company’s policy: due to attempts to bribe employees by North Korean IT specialists, Coinbase is transitioning to in-person orientations instead of remote hiring for new employees.
Previously, Microsoft security researcher James Elliott pointed out that North Korea poses a serious cyber threat in the global arena. At the Cyberwarcon conference in November 2024, he emphasized that North Korean hacker groups systematically attack companies of various sizes.
According to Google Cloud analytics, in 2025 alone, North Korean hacker groups TraderTraitor, Jade Sleet, and others stole cryptocurrencies worth $1.6 billion. Over the past decade, the total losses from North Korean attacks are estimated in the billions of dollars. Experts believe that these funds are directed towards financing the North Korean regime’s nuclear program.