CZ Warns of Advanced North Korean Hackers Posing as Job Candidates
0CZ
North Korea
CZ warns of advanced North Korean hackers posing as job candidates to infiltrate crypto companies after stealing $1.3B in 2024 and $2.2B in first half of 2025.
Crypto Journalist
Anas Hassan
Crypto Journalist
Anas Hassan
About Author
Anas is a crypto native journalist and SEO writer with over five years of writing experience covering blockchain, crypto, DeFi, and emerging tech.
Author Profile
Share
Copied
Last updated:
7 hours ago
Binance founder Changpeng Zhao “CZ” issued urgent warnings about sophisticated North Korean hackers infiltrating crypto companies through elaborate job application schemes, fake interview processes, and bribery of employees.
The former CEO detailed four primary attack vectors, including posing as job candidates for developer and security positions, conducting fraudulent interviews with malware-laden links, and bribing outsourced vendors for data access.
Billions Stolen Through Fake Employees and Employers.
The warning follows extensive documentation of North Korean cyber operations targeting the crypto industry, with hackers stealing over $1.3 billion across 47 incidents in 2024, and over $2.2 billion in the first half of 2025 alone.
Recent investigations revealed operatives creating legitimate U.S. corporations, including Blocknovas LLC and Softglide LLC, using fake identities to establish corporate fronts for attacking crypto developers.
ZachXBT’s August investigation also exposed five North Korean IT workers operating under more than 30 fake identities, using government-issued ID cards and professional LinkedIn accounts to secure positions at crypto projects.
The breach of one operative’s device revealed systematic expense documentation for purchasing Social Security numbers, professional accounts, and VPN services to maintain fraudulent employment.
The schemes have also evolved to include Python-based malware called PylangGhost, deployed through fake interview websites impersonating major companies like Coinbase and Robinhood to steal credentials from over 80 browser extensions and crypto wallets.
Corporate Infiltration Through Fake Companies and Stolen Identities.
North Korean operatives established multiple legitimate business entities across US states to create credible corporate fronts for their infiltration campaigns.
Silent Push researchers discovered Blocknovas LLC registered to a vacant lot in South Carolina, while Softglide LLC traced back to a small Buffalo tax office, with Angeloper Agency operating as an unregistered third entity.
The FBI seized Blocknovas’ domain as part of law enforcement action against North Korean cyber actors utilizing fake job postings to distribute malware.
These companies served as launching pads for the “Contagious Interview” campaign, a Lazarus Group subgroup specializing in sophisticated malware deployment targeting crypto wallet developers.
The elaborate schemes include purchasing stolen American identities and using complex laundering tactics to mask fund origins before routing money back to North Korea’s weapons program.
In June, US authorities seized over $7.7 million in crypto allegedly earned through networks of covert IT workers posing as foreign freelancers.
In fact, according to CZ, a recent case includes a major Indian outsource service hack that leaked U.S. exchange user data, resulting in over $400 million in user asset losses.
The Justice...
https://cryptonews.com/news/cz-warns-of-advanced-north-korean-hackers-posing-as-job-candidates-to-infiltrate-crypto-companies/
#crypto #bitcoin #ethereum #cryptocurrency #news #blockchain #litecoin #cryptonews #cryptonewstoday #cryptoworld #cryptonewstoday
***NOT FINANCIAL, LEGAL, OR TAX ADVICE! JUST OPINION! I AM NOT AN EXPERT! I DO NOT GUARANTEE A PARTICULAR OUTCOME I HAVE NO INSIDE KNOWLEDGE! YOU NEED TO DO YOUR OWN RESEARCH AND MAKE YOUR OWN DECISIONS! THIS IS JUST ENTERTAINMENT!
This information is what was found publicly on the internet. This information could’ve been doctored or misrepresented by the internet. All information is meant for public awareness and is public domain. This information is not intended to slander harm or defame any of the actors involved but to show what was said through their social media accounts. Please take this information and do your own research.
bitcoin, blockchain, crypto, cryptocurrency, altcoin, investment, ethereum, bitcoin crash, xrp, cardano, ripple