CZ Targeted by ‘Government-Backed’ Hackers – Is North Korea’s Lazarus Group Behind It?

Binance founder Changpeng “CZ” Zhao has revealed that he was the target of a hacking attempt linked to government-sponsored actors, reigniting concerns about North Korea’s Lazarus Group and its ongoing attacks on the crypto ￰3￱ said he received an alert from Google warning that “government-backed attackers” had tried to steal his ￰4￱ a screenshot of the notice on X, he wrote, “I get this warning from Google once in a ￰5￱ anyone know what this is? North Korea Lazarus? Not that I have anything important on my ￰6￱ stay SAFU.” I get this warning from Google once in a ￰7￱ anyone know what this is? North Korea Lazarus?

Not that I have anything important on my ￰8￱ stay ￰9￱ — CZ BNB (@cz_binance) October 10, 2025 Google Alerts CZ to State-Sponsored Hack Attempt The incident reveals a growing pattern of state-backed cyber threats targeting high-profile cryptocurrency figures and infrastructure providers. Google’s security notifications are typically reserved for serious intrusion attempts believed to be connected to state actors. Zhao’s warning comes amid a surge in cyberattacks attributed to North Korea’s Lazarus Group, one of the most notorious hacking collectives operating ￰10￱ group is widely believed to be responsible for some of the industry’s largest heists, including the $1.4 billion Bybit hack earlier this year , the biggest crypto theft on ￰11￱ reports have long linked Lazarus to Pyongyang’s efforts to fund its weapons programs through ￰12￱ attempted breach follows earlier warnings by Zhao about North Korean operatives posing as remote IT workers to infiltrate crypto ￰13￱ September, he cautioned that hackers were applying for development, finance, and security positions in crypto startups to gain internal access to sensitive data.

Zhao’s comments coincided with findings from the Security Alliance (SEAL), an ethical hacking group that uncovered at least 60 North Korean agents posing as legitimate IT professionals seeking employment at U. S.-based crypto ￰14￱ operatives reportedly use fabricated identities, fake résumés, and LinkedIn profiles to secure remote jobs and exploit insider ￰15￱ have also exposed a network of North Korean-linked entities , including shell companies like Blocknovas LLC and Softglide LLC, allegedly set up to mask state-backed cyber ￰16￱ Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions. #NorthKorea #CyberSecurity ￰0￱ — ￰17￱ (@cryptonews) April 25, 2025 Blockchain investigators, such as ZachXBT, have documented dozens of such cases, identifying multiple operatives who used ￰18￱ numbers and professional accounts purchased on the dark ￰19￱ security research has also pointed out new malware tools such as “PylangGhost,” which are distributed through fake interview websites impersonating major crypto firms like Coinbase and ￰20￱ malicious software is designed to extract credentials from more than 80 browser extensions and crypto ￰21￱ to a cryptonews report , hackers tied to North Korea have stolen more than $1.3 billion across 47 incidents in 2024, with total losses surpassing $2.2 billion in the first half of ￰22￱ hackers from North Korea stole $1.3 billion in funds in 2024, new data released this week from Chainalysis shows. #NorthKorea #CryptoHackers ￰1￱ — ￰23￱ (@cryptonews) December 20, 2024 Zhao has urged industry professionals to stay vigilant against phishing attempts and impersonation scams, reiterating his long-standing warning for users to “stay SAFU”, a reference to Binance’s Secure Asset Fund for ￰24￱ Korea Expands Crypto Crime Network After $21M SBI Hack North Korea’s cyber operations have continued to expand in scale and sophistication, with new evidence linking the regime to a $21 million hack targeting Japanese firm SBI Crypto in late ￰25￱ investigator ZachXBT traced the stolen funds, including Bitcoin, Ethereum, Litecoin, and Dogecoin, through multiple exchanges before being laundered via Tornado ￰26￱ Korean hackers have stolen $21M from Japanese firm SBI Crypto, laundering funds via Tornado Cash. #SBI #DPRK ￰2￱ — ￰27￱ (@cryptonews) October 1, 2025 The tactics matched those of the Lazarus Group, a state-backed hacking unit long tied to the Democratic People’s Republic of Korea (DPRK).

Their activities now extend beyond theft, encompassing fake developer identities, fraudulent employment schemes, and targeted malware ￰28￱ this year, ZachXBT uncovered a network of North Korean operatives posing as blockchain developers on platforms such as Upwork and ￰29￱ fake profiles were tied to several exploits, including a $680,000 theft from the crypto project ￰30￱ have intensified enforcement ￰31￱ June, the Department of Justice charged four North Koreans for using stolen identities to secure remote IT jobs and steal nearly $900,000 in ￰32￱ case is part of the DOJ’s “DPRK RevGen” initiative targeting illicit revenue streams linked to Pyongyang’s weapons ￰33￱ data shows North Korea’s crypto holdings now exceed those of El Salvador and Bhutan , largely derived from past heists, including the 2024 DMM Bitcoin and 2022 Ronin Network ￰34￱ the Lazarus Group operating as an arm of the regime’s Reconnaissance General Bureau, analysts warn the attacks will likely intensify as the country continues to rely on digital assets to bypass international sanctions.