The post Binance Founder Changpeng Zhao North Korea’s $1.34B Crypto Theft Tactics appeared first on Coinpedia Fintech News
Binance co-founder Changpeng Zhao (CZ) has warned that North Korean hackers are using increasingly advanced methods to infiltrate cryptocurrency companies. In a recent X post, CZ explained:
“They exploit trust, creativity, and patience to breach platforms and steal user funds.”
According to Chainalysis, North Korean hackers stole around $1.34 billion in crypto in 2024, with both the U.S. and U.N. confirming that the stolen money is being used to help finance North Korea’s weapons program.
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ
BNB (@cz_binance) September 18, 2025
- Job Applications as a Trojan Horse in Crypto Security Breaches
- Fake Employers and Malware Hidden in Coding Tests
- Customer Support Exploits in Crypto Exchanges
- Insider Bribery and Outsourced Service Vulnerabilities
- Social Engineering Attacks: From Screen Sharing to One-Click Hacks
- North Korea’s Lazarus Group and Global Crypto Theft
- FAQs
Job Applications as a Trojan Horse in Crypto Security Breaches
One of the most common tactics involves posing as job candidates. CZ wrote:
“Hackers often apply for developer, finance, or security positions. Once hired, they have insider access — a long-term foot in the door for future attacks.”
This strategy allows them to embed themselves in organizations and quietly prepare for larger hacks.
Fake Employers and Malware Hidden in Coding Tests
Another tactic is impersonating employers. During fake interviews on Zoom, attackers create staged technical issues and trick employees into downloading malicious “updates.”
CZ explained:
“In some cases, they send ‘sample code’ for a coding test. That code is secretly malware.”
This turns routine recruitment tasks into high-risk entry points.
Customer Support Exploits in Crypto Exchanges
Hackers also pretend to be regular users seeking help. They send links that look legitimate but redirect to infected pages.
“Once an employee clicks, attackers can steal data or even gain direct access to exchange systems,” CZ warned.
Insider Bribery and Outsourced Service Vulnerabilities
Some hackers bypass technical firewalls altogether by bribing employees or targeting third-party vendors.
CZ pointed to a recent case:
“In India, hackers breached a major outsourced service provider. Critical data from a U.S. exchange leaked — users lost over $400 million.”
.article-inside-link {
margin-left: 0 !important;
border: 1px solid #0052CC4D;
border-left: 0;
border-right: 0;
padding: 10px 0;
text-align: left;
}
.entry ul.article-inside-link li {
font-size: 14px;
line-height: 21px;
font-weight: 600;
list-style-type: none;
margin-bottom: 0;
display: inline-block;
}
.entry ul.article-inside-link li:last-child {
display: none;
}
- Also Read :
- Crypto Hacks in August: $163 Million Stolen Across 16 Attacks
- ,
Social Engineering Attacks: From Screen Sharing to One-Click Hacks
Crypto investor Anndy Lian added his warning on X:
“Hackers don’t always need files for you to click. Just sharing your screen can give them the access they need.”
CZ agreed, adding that even one-click hacks — like the rumored Jeff Bezos phone breach — prove how dangerous a single link can be.
Community members echoed these concerns. One investor wrote:
“I lost my Instagram account after clicking a link. The hackers took over instantly.”
Lian himself revealed he permanently lost his original Instagram account this way, underscoring how hard recovery is once control is lost.
North Korea’s Lazarus Group and Global Crypto Theft
The Lazarus Group, North Korea’s state-backed hackers, has been behind billions in stolen crypto over the past decade. According to Chainalysis, they stole nearly $1.7 billion in 2022, with hundreds of millions more in 2023 and 2024.
Reports suggest 2025 is already on track to see massive thefts linked to these groups.
CZ ended his post with a clear reminder:
“Stay SAFU. Awareness and discipline are still the best defenses against these persistent threats.”
.article_register_shortcode {
padding: 18px 24px;
border-radius: 8px;
display: flex;
align-items: center;
margin: 6px 0 22px;
border: 1px solid #0052CC4D;
background: linear-gradient(90deg, rgba(255, 255, 255, 0.1) 0%, rgba(0, 82, 204, 0.1) 100%);
}
.article_register_shortcode .media-body h5 {
color: #000000;
font-weight: 600;
font-size: 20px;
line-height: 22px;
text-align:left;
}
.article_register_shortcode .media-body h5 span {
color: #0052CC;
}
.article_register_shortcode .media-body p {
font-weight: 400;
font-size: 14px;
line-height: 22px;
color: #171717B2;
margin-top: 4px;
text-align:left;
}
.article_register_shortcode .media-body{
padding-right: 14px;
}
.article_register_shortcode .media-button a {
float: right;
}
.article_register_shortcode .primary-button img{
vertical-align: middle;
width: 20px;
margin: 0;
display: inline-block;
}
@media (min-width: 581px) and (max-width: 991px) {
.article_register_shortcode .media-body p {
margin-bottom: 0;
}
}
@media (max-width: 580px) {
.article_register_shortcode {
display: block;
padding: 20px;
}
.article_register_shortcode img {
max-width: 50px;
}
.article_register_shortcode .media-body h5 {
font-size: 16px;
}
.article_register_shortcode .media-body {
margin-left: 0px;
}
.article_register_shortcode .media-body p {
font-size: 13px;
line-height: 20px;
margin-top: 6px;
margin-bottom: 14px;
}
.article_register_shortcode .media-button a {
float: unset;
}
.article_register_shortcode .secondary-button {
margin-bottom: 0;
}
}
Never Miss a Beat in the Crypto World!
Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.
.subscription-options li {
display: none;
}
.research-report-subscribe{
background-color: #0052CC;
padding: 12px 20px;
border-radius: 8px;
color: #fff;
font-weight: 500;
font-size: 14px;
width: 96%;
}
.research-report-subscribe img{
vertical-align: sub;
margin-right: 2px;
}
var templateIds = “6”;
var listOfSubscribed = [];
function subscribed_popupmodal(template_id) {
var templateId = ‘6’;
getAllSubscriberCategoryList([templateId]);
var subcribemodal = window.parent.document.getElementById(‘subscribe-modal-design’);
if (subcribemodal) {
var modalContent = `
Never Miss a Beat in the Crypto World!
Stay informed and gain the edge you need to navigate the crypto world. Select your subscription now
`;
subcribemodal.innerHTML = modalContent;
}
subscribe_unsubscribe_status(template_id);
//getAllSubscriberCategoryList(template_id);
}
function toggleSubscription(subscription, template_id) {
var subscriptionCheckbox = document.getElementById(subscription + ‘_’ + template_id);
var li = document.getElementById(subscription + ‘Selected_’ + template_id);
if (subscriptionCheckbox.checked) {
li.classList.add(‘active’);
} else {
li.classList.remove(‘active’);
}
}
function getAllSubscriberCategoryList(getcategoryId) {
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘GET’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list’,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
var idstosubscribed = []
// Populate listOfSubscribed with subscribed category IDs
result.message.forEach(listofcategory => {
if (listofcategory.subscribe_status === 1) {
if (!listOfSubscribed.includes(listofcategory._id)) {
listOfSubscribed.push(listofcategory._id);
}
if (!idstosubscribed.includes(listofcategory.news_cp_category_row_id)) {
idstosubscribed.push(listofcategory.news_cp_category_row_id);
}
}
});
idstosubscribed.forEach(id => {
var subscribeButton = document.getElementById(‘subscribe_’ + id);
var unsubscribeButton = document.getElementById(‘unsubscribe_’ + id);
if (subscribeButton && unsubscribeButton) {
subscribeButton.style.display = ‘none’;
unsubscribeButton.style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
});
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function subscribe_unsubscribe_status(getcategoryId) {
var elementTounsubscribe = parent.document.getElementById(‘unsubscribe_’ + getcategoryId);
var elementTosubscribe = parent.document.getElementById(‘subscribe_’ + getcategoryId);
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: {
action: ‘subscribe_api_ajax_request’,
apiurl: ‘/app/email_newsletter/list?category_row_id=’ + getcategoryId,
},
success: function(response) {
var result = JSON.parse(response.message);
if (result.status === true) {
parent.jQuery(‘.skeliton-loader-block’).hide();
var hasSubscribeStatusOne = false;
result.message.forEach(subscribeStatus => {
if (listOfSubscribed.includes(subscribeStatus._id) && subscribeStatus.subscribe_status === 1) {
hasSubscribeStatusOne = true;
}
if (subscribeStatus.notification_type === 3) {
parent.document.getElementById(‘monthlySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘monthly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘monthly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 2) {
parent.document.getElementById(‘weeklySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘weekly_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘weekly_’ + getcategoryId).checked = true;
}
} else if (subscribeStatus.notification_type === 1) {
parent.document.getElementById(‘dailySelected_’ + getcategoryId).style.display = ‘block’;
parent.document.getElementById(‘daily_’ + getcategoryId).setAttribute(‘data-id’, subscribeStatus._id);
if (subscribeStatus.subscribe_status === 1) {
parent.document.getElementById(‘daily_’ + getcategoryId).checked = true;
}
}
if (subscribeStatus.subscribe_status === 1) {
listOfSubscribed.push(subscribeStatus._id);
}
});
if (hasSubscribeStatusOne) {
elementTosubscribe.style.display = ‘none’;
elementTounsubscribe.style.display = ‘block’;
} else {
elementTosubscribe.style.display = ‘block’;
elementTounsubscribe.style.display = ‘none’;
}
}
},
error: function(xhr, status, error) {
console.error(‘Error:’, error);
}
});
}
function logSelectedSubscriptions(categoryid) {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
unsubscribemodal.innerHTML=”;
subscribedmodal.innerHTML=”;
var selectedSubscriptions = [];
var storeCheckedId = [];
var checkboxes = document.querySelectorAll(‘#subscription-options-‘ + categoryid + ‘ input[type=”checkbox”]’);
var errorMessage = document.getElementById(‘error-message-select’);
// Use a Set to handle unique data-ids
var uniqueSubscribedIds = new Set(listOfSubscribed);
checkboxes.forEach(function(checkbox) {
var dataId = parseInt(checkbox.getAttribute(‘data-id’));
if (checkbox.checked) {
selectedSubscriptions.push(checkbox.id);
storeCheckedId.push(dataId);
} else {
uniqueSubscribedIds.delete(dataId); // Remove unchecked data-id
}
});
// Update listOfSubscribed with unique values
listOfSubscribed = Array.from(uniqueSubscribedIds);
var selectedSubscriptionsString = selectedSubscriptions.join(‘, ‘);
var concatinateSubscribeId = […new Set(storeCheckedId.concat(listOfSubscribed))];
var categoryData = {
‘subscribed_categories’: concatinateSubscribeId
};
var requestSubscriberData = {
action: ‘handle_dynamic_api_request_with_headers’,
security: ‘9bd1156067’,
endpoint: ‘/app/email_newsletter/update_categories’,
token: ”,
data: categoryData
};
jQuery.ajax({
url: ‘https://coinpedia.org/wp-admin/admin-ajax.php’,
type: ‘POST’,
data: requestSubscriberData,
beforeSend: function(xhr) {
xhr.setRequestHeader(‘X-Requested-With’, ‘XMLHttpRequest’);
},
success: function(response) {
try {
response = response.data;
if (storeCheckedId.length === 0) {
var unsubcribedPopUpmodal =
`
You’ve Unsubscribed Successfully
We’re sorry to see you go! Your subscription has been canceled. If you change your mind, you can re-subscribe anytime. Thank you for being part of our community!
`;
unsubscribemodal.innerHTML = unsubcribedPopUpmodal;
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
unsubscribemodal.style.display = ‘block’;
unsubscribemodal.classList.remove(‘hide’);
unsubscribemodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘block’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘none’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘none’;
}
} else {
var subscribedPopupModal =
`
Thank you for subscribing!
Thank you for subscribing to our crypto and blockchain newsletter! You’ll now receive the latest news, insights, and updates straight to your inbox. Welcome to our community!
`;
let selectedSubscriptionsArray = selectedSubscriptionsString.split(‘,’);
let subscribedCategories = selectedSubscriptionsArray.map(subscription => subscription.split(‘_’)[0]);
let subscribedCategoriesString = subscribedCategories.join(‘, ‘);
subscribedmodal.innerHTML = subscribedPopupModal;
if (document.getElementById(‘selectidname’)) {
document.getElementById(‘selectidname’).textContent = subscribedCategoriesString;
}
document.querySelector(‘#subscribe-modal-design .modal’).style.display = ‘none’;
subscribedmodal.style.display = ‘block’;
subscribedmodal.classList.remove(‘hide’);
subscribedmodal.classList.add(‘show’);
document.getElementById(‘subscribe_’ + categoryid).style.display = ‘none’;
document.getElementById(‘unsubscribe_’ + categoryid).style.display = ‘block’;
var showDownloadReport = document.getElementById(‘download_report’);
if (showDownloadReport) {
showDownloadReport.style.display = ‘block’;
}
}
} catch (e) {
console.error(‘Error parsing response:’, e);
}
},
});
}
function closeModal(template_id) {
var modalId = template_id;
var modal = document.querySelector(‘#’ + modalId); // Using querySelector to find the modal
if (modal) {
modal.classList.add(‘hide’);
modal.classList.remove(‘show’);
setTimeout(function() {
modal.style.display = ‘none’;
}, 500);
} else {
console.warn(‘Modal not found:’, modalId);
}
}
function closeunsubscribemodal() {
var unsubscribemodal = document.querySelector(‘.unsubscribed-popup-modal .modal’);
if (unsubscribemodal) {
unsubscribemodal.classList.add(‘hide’);
unsubscribemodal.classList.remove(‘show’);
}
setTimeout(function() {
unsubscribemodal.style.display = ‘none’;
}, 500);
}
function closesubscribemodal() {
var subscribedmodal = document.querySelector(‘.subscribed-popup-modal .modal’);
setTimeout(function() {
subscribedmodal.style.display = ‘none’;
}, 500);
if (subscribedmodal) {
subscribedmodal.classList.add(‘hide’);
subscribedmodal.classList.remove(‘show’);
}
}
function withoutLoginClicked(withoutlogin_id) {
localStorage.setItem(‘subscribe_without_Login’, ‘true’);
localStorage.setItem(‘subscribe_clicked_id’, withoutlogin_id);
}
document.addEventListener(‘DOMContentLoaded’, function() {
const subscribewithoutData = localStorage.getItem(‘subscribe_without_Login’);
const subscribe_clicked_cat_id = localStorage.getItem(‘subscribe_clicked_id’);
// Function to get cookies
function getCookie(name) {
let value = “; ” + document.cookie;
let parts = value.split(“; ” + name + “=”);
if (parts.length == 2) return parts.pop().split(“;”).shift();
}
// Get user token from cookies
const userToken = getCookie(‘user_token’);
if (subscribewithoutData === ‘true’ && userToken) {
// Call the modal function with the category ID
subscribed_popupmodal(subscribe_clicked_cat_id);
// Remove the flag and category ID from localStorage
localStorage.removeItem(‘subscribe_without_Login’);
localStorage.removeItem(‘subscribe_clicked_id’);
}
});
/************************** update susbcriber content **************************** */
function initializeSubscriptionButton() {
var initialListItems = document.querySelectorAll(‘.subscription-options input[type=”checkbox”]’);
initialListItems.forEach(function(item) {
console.log(item.checked, ‘Initial Checkbox checked status’);
});
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
}
function updateButtonText(anyActive) {
var subscribeButtonSpan = document.querySelector(‘.subscribe-submit .changeBtnText’);
if (subscribeButtonSpan) {
if (anyActive) {
subscribeButtonSpan.textContent=”Subscribe Now”;
} else {
subscribeButtonSpan.textContent=”Unsubscribe”;
}
}
}
function updateSubscriptionButton() {
var listItems = document.querySelectorAll(‘.subscription-options li’);
if (listItems.length === 0) return;
var anyActive = false;
listItems.forEach(function(item) {
var checkbox = item.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
if (checkbox.checked) {
item.classList.add(‘active’);
anyActive = true; // Set anyActive to true
} else {
item.classList.remove(‘active’); // Remove ‘active’ class if checkbox is unchecked
}
}
});
// Update the button text based on whether any list item has the ‘active’ class
updateButtonText(anyActive);
}
document.addEventListener(‘click’, function(event) {
var clickedItem = event.target.closest(‘.subscription-options li’);
if (clickedItem) {
var checkbox = clickedItem.querySelector(‘input[type=”checkbox”]’);
if (checkbox) {
checkbox.checked = !checkbox.checked;
updateSubscriptionButton();
}
}
});
FAQs
They pose as job seekers, fake employers, or users, using malware, phishing links, and insider bribery to breach crypto platforms.
Stay cautious, avoid clicking unknown links, verify employers, and never share screens to keep your crypto safe.
The Bybit hack in February, where North Korean hackers stole $1.5 billion in Ethereum from a cold wallet, marking the largest in history.
Kaynak : CoinPedia