- Google warned CZ of a government-backed hack attempt, likely linked to North Korea’s Lazarus Group.
- The incident highlights a surge in state-sponsored attacks targeting crypto executives and exchanges.
- Experts urge firms to strengthen security protocols amid rising insider infiltration threats.
Binance co-founder Changpeng “CZ” Zhao revealed on X that Google had issued him a security alert warning of a “government-backed attacker” attempting to steal his account credentials. CZ shared a screenshot of the notification, speculating that the North Korean Lazarus Group—one of the most active state-sponsored hacking collectives—could be behind the attempt.
“I get this warning from Google once in a while,” CZ posted. “Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account.” His message immediately caught the crypto community’s attention, given Lazarus’ long record of targeting digital asset platforms and executives.
The attempted breach arrives just months after Lazarus allegedly orchestrated the $1.4 billion Bybit hack, the largest crypto exploit to date. U.S. intelligence agencies have repeatedly warned that North Korea uses stolen cryptocurrency to fund weapons development and evade sanctions.
Rising Wave of State-Backed Cyberattacks
According to cybersecurity experts, the attack on CZ underscores a broader resurgence of coordinated efforts by government-linked hacker groups. Anndy Lian, intergovernmental blockchain adviser, noted that even high-level officials have received similar Google warnings. “They tried to contact Google for more details, but nothing was shared due to security policies,” Lian said.
Recent intelligence reports describe a sophisticated web of North Korean agents posing as remote IT workers, funneling profits back to Pyongyang. Many of these operatives reportedly target crypto exchanges, infrastructure startups, and security auditors through social engineering and insider recruitment tactics.
CZ’s Warning on North Korean Impersonators
Just weeks before the Google incident, CZ had already issued a public warning about the growing threat of North Korean infiltrators in the crypto industry. In a September post, he revealed that fake job candidates have been applying for blockchain and DeFi-related roles to gain insider access to sensitive systems.
An ethical hacker collective known as Security Alliance (SEAL) recently exposed 60 North Korean agents posing as IT developers under false identities. These actors reportedly used freelance platforms and recruitment agencies to infiltrate exchanges and blockchain startups—a strategy that mirrors the tactics used in several confirmed 2024 breaches.
Crypto Industry on High Alert
The threat landscape has intensified following a string of major hacks. Coinbase, for example, disclosed a May data breach that affected less than 1% of its active users, resulting in up to $400 million in potential reimbursement costs. Meanwhile, in June, four North Korean operatives infiltrated multiple startups as freelance developers, collectively stealing over $900,000.
According to Chainalysis, North Korean hackers stole $1.34 billion in crypto across 47 incidents in 2024, a 102% increase from the prior year. Experts now urge exchanges and DeFi protocols to implement real-time AI threat detection, dual-wallet management, and stricter identity verification for employees and contractors.
As CZ’s experience shows, even top industry figures are not immune. With Lazarus and other state-backed actors continuing to adapt, the crypto sector faces a defining challenge — protecting digital assets in an era where cybersecurity and geopolitics are increasingly intertwined.
