Binance founder Changpeng “CZ” Zhao announced that he was the target of a hack that seemed to be supported by a government. This has raised worries about North Korea’s Lazarus Group and their continued attacks on the cryptocurrency industry.
Zhao said he got a message from Google saying that “government-supported hackers” tried to steal his password.
He shared a screenshot of the notice on X and said, “I get this warning from Google now and then. ” Does anyone know what this is. North Korea Lazarus. I don’t have anything important on my account anyway. “But stay safe. ”
Google Alerts for State-Sponsored Hacking Attempt in Czech Republic
The event shows an increasing trend of government-supported cyber attacks aimed at important people in the cryptocurrency world and companies that provide related services.
Google usually sends security alerts only for serious hacking attempts that are thought to be linked to government groups.
Zhao’s warning comes as there is an increase in cyberattacks linked to North Korea’s Lazarus Group, which is one of the most well-known hacking groups today.
The group is thought to be behind some of the biggest thefts in the industry, including the $1. 4 billion Bybit hack earlier this year, which is the largest theft in cryptocurrency history.
United States Intelligence reports have often connected Lazarus to North Korea’s attempts to support its weapons programs by committing cyber crimes.
The attempt to break in comes after Zhao warned that North Korean spies might pretend to be remote IT workers to get into cryptocurrency companies.
In September, he warned that hackers were trying to get jobs in development, finance, and security at crypto startups to steal important information.
Zhao’s remarks matched the results from SEAL, a group of ethical hackers. They found at least 60 North Korean agents pretending to be real IT workers trying to get jobs at crypto companies in the U. S
These workers are said to use fake names, false job histories, and pretend profiles on LinkedIn to get remote jobs and take advantage of inside knowledge.
Investigations have revealed a group of companies connected to North Korea, including fake companies like Blocknovas LLC and Softglide LLC, that are said to be created to hide government-supported cyber activities.
Blockchain researchers like ZachXBT have recorded many cases where people have used U. S money in illegal activities. Identification numbers and work accounts bought on the dark web.
Recent security studies have found new malware tools like “PylangGhost. ” These tools are spread through fake job interview websites that pretend to be well-known crypto companies, such as Coinbase and Robinhood.
The harmful software is made to steal account information from over 80 browser add-ons and cryptocurrency wallets.
A news report says that hackers from North Korea stole over $1. 3 billion in 47 cases in 2024, and by the first half of 2025, the total losses have gone over $2.2 million.
Zhao has asked people in the industry to be careful about phishing scams and fake identities. He reminded users to “stay SAFU,” which stands for Binance’s Secure Asset Fund for Users.
North Korea Grows Its Crypto Crime Operations After $21 Million SBI Hack
North Korea’s hacking activities have been growing in size and skill. Recently, there’s proof that they were involved in a $21 million hack of a Japanese company called SBI Crypto in late September.
ZachXBT, a blockchain investigator, tracked the stolen money, which included Bitcoin, Ethereum, Litecoin, and Dogecoin, across different exchanges before it was cleaned through Tornado Cash.
The methods used were similar to those of the Lazarus Group, a hacking team supported by the North Korean government.
They are doing more than just stealing now. They are using fake identities to pretend to be developers, running scams to trick people into jobs, and launching attacks with harmful software.
Earlier this year, ZachXBT found a group of North Korean workers pretending to be blockchain developers on websites like Upwork and LinkedIn.
The fake profiles were connected to a number of scams, including a theft of $680,000 from the cryptocurrency project Favrr.
United States Officials have increased their efforts to enforce rules. In June, the Department of Justice accused four North Koreans of using fake identities to get online IT jobs and steal almost $900,000 in cryptocurrency.
The case is part of the Department of Justice’s “DPRK RevGen” project, which aims to stop illegal money sources connected to North Korea’s weapons program.
Data from blockchain indicates that North Korea now has more cryptocurrency than El Salvador and Bhutan. Most of this money comes from past thefts, like the 2024 DMM Bitcoin hack and the 2022 Ronin Network hack.
The Lazarus Group is connected to the North Korean government, and experts say that attacks will probably increase as the country uses digital tools to get around international restrictions.
