Binance founder Changpeng “CZ” Zhao has revealed that he was the target of a hacking attempt linked to government-sponsored actors, reigniting concerns about North Korea’s Lazarus Group and its ongoing attacks on the crypto industry. Zhao said he received an alert from Google warning that “government-backed attackers” had tried to steal his password. Sharing a screenshot of the notice on X, he wrote, “I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account. But stay SAFU.” I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account. But stay SAFU. pic.twitter.com/FCTIrcQG2C — CZ BNB (@cz_binance) October 10, 2025 Google Alerts CZ to State-Sponsored Hack Attempt The incident reveals a growing pattern of state-backed cyber threats targeting high-profile cryptocurrency figures and infrastructure providers. Google’s security notifications are typically reserved for serious intrusion attempts believed to be connected to state actors. Zhao’s warning comes amid a surge in cyberattacks attributed to North Korea’s Lazarus Group, one of the most notorious hacking collectives operating today. The group is widely believed to be responsible for some of the industry’s largest heists, including the $1.4 billion Bybit hack earlier this year , the biggest crypto theft on record. U.S. intelligence reports have long linked Lazarus to Pyongyang’s efforts to fund its weapons programs through cybercrime. The attempted breach follows earlier warnings by Zhao about North Korean operatives posing as remote IT workers to infiltrate crypto companies. In September, he cautioned that hackers were applying for development, finance, and security positions in crypto startups to gain internal access to sensitive data. Zhao’s comments coincided with findings from the Security Alliance (SEAL), an ethical hacking group that uncovered at least 60 North Korean agents posing as legitimate IT professionals seeking employment at U.S.-based crypto firms. These operatives reportedly use fabricated identities, fake résumés, and LinkedIn profiles to secure remote jobs and exploit insider access. Investigations have also exposed a network of North Korean-linked entities , including shell companies like Blocknovas LLC and Softglide LLC, allegedly set up to mask state-backed cyber operations. North Korean cyber spies reportedly set up fake US firms to deploy malware targeting crypto developers, violating Treasury sanctions. #NorthKorea #CyberSecurity https://t.co/TvCmrspaep — Cryptonews.com (@cryptonews) April 25, 2025 Blockchain investigators, such as ZachXBT, have documented dozens of such cases, identifying multiple operatives who used U.S. identification numbers and professional accounts purchased on the dark web. Recent security research has also pointed out new malware tools such as “PylangGhost,” which are distributed through fake interview websites impersonating major crypto firms like Coinbase and Robinhood. The malicious software is designed to extract credentials from more than 80 browser extensions and crypto wallets. According to a cryptonews report , hackers tied to North Korea have stolen more than $1.3 billion across 47 incidents in 2024, with total losses surpassing $2.2 billion in the first half of 2025. Crypto hackers from North Korea stole $1.3 billion in funds in 2024, new data released this week from Chainalysis shows. #NorthKorea #CryptoHackers https://t.co/TQYgKiaQ22 — Cryptonews.com (@cryptonews) December 20, 2024 Zhao has urged industry professionals to stay vigilant against phishing attempts and impersonation scams, reiterating his long-standing warning for users to “stay SAFU”, a reference to Binance’s Secure Asset Fund for Users. North Korea Expands Crypto Crime Network After $21M SBI Hack North Korea’s cyber operations have continued to expand in scale and sophistication, with new evidence linking the regime to a $21 million hack targeting Japanese firm SBI Crypto in late September . Blockchain investigator ZachXBT traced the stolen funds, including Bitcoin, Ethereum, Litecoin, and Dogecoin, through multiple exchanges before being laundered via Tornado Cash. North Korean hackers have stolen $21M from Japanese firm SBI Crypto, laundering funds via Tornado Cash. #SBI #DPRK https://t.co/ApSHiBnjt2 — Cryptonews.com (@cryptonews) October 1, 2025 The tactics matched those of the Lazarus Group, a state-backed hacking unit long tied to the Democratic People’s Republic of Korea (DPRK). Their activities now extend beyond theft, encompassing fake developer identities, fraudulent employment schemes, and targeted malware campaigns. Earlier this year, ZachXBT uncovered a network of North Korean operatives posing as blockchain developers on platforms such as Upwork and LinkedIn. The fake profiles were tied to several exploits, including a $680,000 theft from the crypto project Favrr. U.S. authorities have intensified enforcement efforts. In June, the Department of Justice charged four North Koreans for using stolen identities to secure remote IT jobs and steal nearly $900,000 in cryptocurrency. The case is part of the DOJ’s “DPRK RevGen” initiative targeting illicit revenue streams linked to Pyongyang’s weapons program. Blockchain data shows North Korea’s crypto holdings now exceed those of El Salvador and Bhutan , largely derived from past heists, including the 2024 DMM Bitcoin and 2022 Ronin Network breaches. With the Lazarus Group operating as an arm of the regime’s Reconnaissance General Bureau, analysts warn the attacks will likely intensify as the country continues to rely on digital assets to bypass international sanctions. The post CZ Targeted by ‘Government-Backed’ Hackers – Is North Korea’s Lazarus Group Behind It? appeared first on Cryptonews .
