Hackers made an attempt to breach the account of Binance co-founder Changpeng “CZ” Zhao, indicating possible attacks from state-sponsored hacker groups, including North Korea’s Lazarus Group.
A Google alert shared by CZ indicated that “government-backed attackers” were trying to access Zhao’s Google password, leading him to believe it could be related to North Korea’s Lazarus Group.
“I occasionally receive this warning from Google. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account,” Zhao expressed in a Friday X post.
The notorious Lazarus Group is blamed for several high-profile cryptocurrency hacks, including the $1.4 billion Bybit breach, the largest in the industry, which happened on February 21.
U.S. intelligence reports indicate a “sophisticated network of agents posing as remote IT workers, which has redirected substantial funds back to Pyongyang,” said Anndy Lian, an author and intergovernmental blockchain advisor, adding:
“I know of a government official who received a similar message as CZ, indicating that his account was targeted by government-backed hackers attempting to steal his password.”
“They reached out to Google for further details but got no response due to security protocols,” he noted.
Related: Bybit hackers may be behind Solana memecoin scams — ZachXBT
Zhao raises alarm on the escalating threat of North Korean impersonators
This attempted breach follows a surge in threats from North Korean hackers. It comes three weeks after Zhao alerted the community about the increasing danger of North Korean hackers looking to infiltrate crypto companies through job offers and bribes.
“They pose as job applicants to gain entry into your company. This allows them a “foot in the door,” particularly for roles in development, security, and finance,” Zhao wrote in a September 18 X post.
Zhao’s warning coincided with the findings of a group of ethical hackers named Security Alliance (SEAL), who compiled profiles of at least 60 North Korean agents masquerading as IT workers with fake identities trying to penetrate U.S. crypto exchanges to extract sensitive user data.
Related: Coinbase tightens workforce security after North Korea remote-worker threats
In May, Coinbase experienced a data breach that exposed sensitive information from under 1% of its active monthly users.
This breach could cost the exchange up to $400 million in reimbursement costs, as reported by Cointelegraph on May 15.
In June, four North Korean operatives disguised as freelance developers broke into multiple crypto firms, stealing a total of $900,000 from these startups.
Throughout 2024, North Korean hackers were responsible for stealing over $1.34 billion in digital assets across 47 incidents, a 102% increase compared to the $660 million seized in 2023, according to data from Chainalysis.
Cryptocurrency firms must bolster their security protocols against these threats by adopting dual wallet management and real-time AI threat monitoring, as advised by cybersecurity experts.
Magazine: Thailand’s ‘Big Secret’ crypto hack, Chinese developer’s RWA tokens: Asia Express
