- Changpeng Zhao (CZ), Binance co-founder, received a Google warning of a state-backed hacking attempt, potentially linked to North Korea’s Lazarus Group.
- The incident underscores renewed threats from government-backed hackers targeting crypto executives and firms.
- Experts warn of North Korean operatives infiltrating crypto startups as IT workers, responsible for over $1.34 billion in stolen assets in 2024.
Binance co-founder Changpeng “CZ” Zhao revealed that his Google account was the target of a hacking attempt, suspected to be part of a broader wave of attacks by state-backed hacker collectives, particularly North Korea’s Lazarus Group.
In a post on X (formerly Twitter), Zhao shared a screenshot of a Google alert stating that “government-backed attackers” were trying to steal his password.
I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account,” Zhao wrote.
Newsletter
Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.
The Lazarus Group has been linked to several of the largest crypto-related cybercrimes in history, including the $1.4 billion Bybit exploit on February 21 the biggest crypto hack to date.
Lazarus-linked cyber threats intensify
According to U.S. intelligence reports, Lazarus operates a sophisticated network of agents posing as remote IT workers, channeling stolen funds into North Korea’s weapons programs.
Anndy Lian, intergovernmental blockchain adviser and author, confirmed that several government officials have received similar Google warnings, but Google declined to provide additional details “due to security reasons.
Cybersecurity experts describe these campaigns as multi-layered and persistent, targeting not only exchange executives but also developers, auditors, and financial officers in the crypto sector.
North Korean impersonators infiltrating crypto firms
This recent incident follows Zhao’s earlier warnings about a surge in North Korean operatives posing as job seekers to infiltrate blockchain and crypto companies.
They pose as job candidates to get a foot in the door especially in roles tied to development, security, and finance,” Zhao cautioned in a Sept. 18 post.
A group of ethical hackers known as Security Alliance (SEAL) has identified over 60 North Korean agents operating under false identities and attempting to infiltrate U.S. crypto firms.
In 2024, several high-profile breaches validated these concerns:
- Coinbase suffered a data breach in May, impacting under 1% of users and potentially costing up to $400 million in reimbursements.
- In June, four Lazarus-linked developers infiltrated multiple startups, stealing $900,000 in digital assets.
Overall, North Korean hackers stole $1.34 billion across 47 incidents in 2024, marking a 102% increase from 2023, per Chainalysis.
Strengthening crypto’s cybersecurity posture
Analysts emphasize that crypto companies must adopt more advanced defense mechanisms to counter such threats. Recommendations include:
- Dual-wallet management systems to isolate operational and treasury funds.
- AI-driven threat monitoring for real-time detection of suspicious activity.
- Enhanced background screening for remote developers and contractors.
As state-sponsored attacks grow in scale and sophistication, the industry faces mounting pressure to bolster its cyber resilience, especially against nation-state actors leveraging social engineering, employment fraud, and cross-platform intrusion tactics.
Zhao’s case serves as a stark reminder that even the most security-conscious leaders in crypto remain prime targets in the ongoing cyberwar over digital assets.
