CZ Targeted by ‘Government-Backed’ Hackers – Is North Korea’s Lazarus Group Behind It?
Binance founder Changpeng “CZ” Zhao has revealed that he was the goal of a hacking try linked to government-sponsored actors, reigniting issues about North Korea’s Lazarus Group and its ongoing assaults on the crypto business.
Zhao mentioned he obtained an alert from Google warning that “government-backed attackers” had tried to steal his password.
Sharing a screenshot of the discover on X, he wrote, “I get this warning from Google every so often. Does anybody know what that is? North Korea Lazarus? Not that I’ve something necessary on my account. But keep SAFU.”
I get this warning from Google every so often. Does anybody know what that is? North Korea Lazarus?
Not that I’ve something necessary on my account. But keep SAFU.
pic.twitter.com/FCTIrcQG2C
— CZ
BNB (@cz_binance) October 10, 2025
Google Alerts CZ to State-Sponsored Hack Attempt
The incident reveals a rising sample of state-backed cyber threats focusing on high-profile cryptocurrency figures and infrastructure suppliers.
Google’s safety notifications are usually reserved for severe intrusion makes an attempt believed to be related to state actors.
Zhao’s warning comes amid a surge in cyberattacks attributed to North Korea’s Lazarus Group, probably the most infamous hacking collectives working in the present day.
The group is extensively believed to be accountable for among the business’s largest heists, including the $1.4 billion Bybit hack earlier this year, the most important crypto theft on report.
U.S. intelligence experiences have lengthy linked Lazarus to Pyongyang’s efforts to fund its weapons packages via cybercrime.
The tried breach follows earlier warnings by Zhao about North Korean operatives posing as distant IT staff to infiltrate crypto firms.
In September, he cautioned that hackers were applying for improvement, finance, and safety positions in crypto startups to realize inside entry to delicate information.
Zhao’s feedback coincided with findings from the Security Alliance (SEAL), an moral hacking group that uncovered at the very least 60 North Korean brokers posing as legit IT professionals in search of employment at U.S.-based crypto corporations.
These operatives reportedly use fabricated identities, pretend résumés, and LinkedIn profiles to safe distant jobs and exploit insider entry.
Investigations have additionally exposed a network of North Korean-linked entities, together with shell firms like Blocknovas LLC and Softglide LLC, allegedly set as much as masks state-backed cyber operations.
North Korean cyber spies reportedly arrange pretend US corporations to deploy malware focusing on crypto builders, violating Treasury sanctions.#NorthKorea #CyberSecurity https://t.co/TvCmrspaep
— Cryptonews.com (@cryptonews) April 25, 2025
Blockchain investigators, reminiscent of ZachXBT, have documented dozens of such instances, figuring out a number of operatives who used U.S. identification numbers {and professional} accounts bought on the darkish net.
Recent safety analysis has additionally pointed out new malware tools such as “PylangGhost,” that are distributed via pretend interview web sites impersonating main crypto corporations like Coinbase and Robinhood.
The malicious software program is designed to extract credentials from greater than 80 browser extensions and crypto wallets.
According to a cryptonews report, hackers tied to North Korea have stolen greater than $1.3 billion throughout 47 incidents in 2024, with whole losses surpassing $2.2 billion within the first half of 2025.
Crypto hackers from North Korea stole $1.3 billion in funds in 2024, new information launched this week from Chainalysis exhibits.#NorthKorea #CryptoHackershttps://t.co/TQYgKiaQ22
— Cryptonews.com (@cryptonews) December 20, 2024
Zhao has urged business professionals to remain vigilant towards phishing makes an attempt and impersonation scams, reiterating his long-standing warning for customers to “keep SAFU”, a reference to Binance’s Secure Asset Fund for Users.
North Korea Expands Crypto Crime Network After $21M SBI Hack
North Korea’s cyber operations have continued to increase in scale and class, with new proof linking the regime to a $21 million hack targeting Japanese firm SBI Crypto in late September.
Blockchain investigator ZachXBT traced the stolen funds, together with Bitcoin, Ethereum, Litecoin, and Dogecoin, via a number of exchanges earlier than being laundered by way of Tornado Cash.
— Cryptonews.com (@cryptonews) October 1, 2025
The techniques matched these of the Lazarus Group, a state-backed hacking unit lengthy tied to the Democratic People’s Republic of Korea (DPRK).
Their actions now prolong past theft, encompassing pretend developer identities, fraudulent employment schemes, and focused malware campaigns.
Earlier this 12 months, ZachXBT uncovered a network of North Korean operatives posing as blockchain builders on platforms reminiscent of Upwork and LinkedIn.
The pretend profiles have been tied to a number of exploits, including a $680,000 theft from the crypto project Favrr.
U.S. authorities have intensified enforcement efforts. In June, the Department of Justice charged 4 North Koreans for utilizing stolen identities to safe distant IT jobs and steal nearly $900,000 in cryptocurrency.
The case is a part of the DOJ’s “DPRK RevGen” initiative focusing on illicit income streams linked to Pyongyang’s weapons program.
Blockchain information exhibits North Korea’s crypto holdings now exceed those of El Salvador and Bhutan, largely derived from previous heists, together with the 2024 DMM Bitcoin and 2022 Ronin Network breaches.
With the Lazarus Group working as an arm of the regime’s Reconnaissance General Bureau, analysts warn the assaults will seemingly intensify because the nation continues to depend on digital belongings to bypass worldwide sanctions.
The submit CZ Targeted by ‘Government-Backed’ Hackers – Is North Korea’s Lazarus Group Behind It? appeared first on Cryptonews.
