North Korean Hackers Alerted by Binance Founder CZ as Fictitious IT Workers' Profiles Revealed by Security Team
In the rapidly evolving world of cryptocurrency concepts, a significant threat has emerged: North Korean hackers. These cybercriminals have been responsible for a staggering amount of crypto news theft in recent years, with the global total reaching $2.2 billion in 2024, a 21% increase from the previous year.
The modus operandi of these hackers is diverse, as outlined by CZ, the CEO of Binance, one of the world's largest cryptocurrency exchanges. They employ four main strategies: fake job applications, interview tricks, malicious code in coding challenges, and bribery.
In 2023, North Korean hackers managed to steal $660 million across 20 incidents. However, in 2024, their success was unprecedented. They stole $1.34 billion worth of cryptocurrency across 47 different attacks, representing 61% of all crypto stolen worldwide that year. Some of the biggest attacks included DMM Bitcoin losing $305 million worth of Bitcoin in May, WazirX, an Indian exchange, losing $230 million in July, and multiple smaller attacks targeting various crypto startups.
However, there was a noticeable decline in crypto theft by North Korean hackers in 2025. This drop was due, in part, to Russia starting to give North Korea money and weapons for other activities, which reduced the need for these cybercriminals to fund their regime through theft.
The decline in crypto theft was also aided by the crypto industry's increased vigilance. Companies are now implementing better security measures, employee training, and cooperation with law enforcement. For instance, Coinbase, a leading cryptocurrency exchange, requires all new employees to be U.S. citizens, provide fingerprints, and complete training in person in the United States.
Moreover, the industry is fighting back by exposing the tactics of North Korean hackers. The Security Alliance (SEAL), a team of ethical hackers, has created a public database at lazarus.group/team that shows 60 different fake profiles used by North Korean operatives. Similarly, in 2025, the cybersecurity firm Group-IB published a database containing 60 fake employee profiles used by North Koreans.
The SEAL team's work in exposing these fake profiles gives companies a valuable tool to check potential employees. For instance, North Korean hackers have been connected to 60 fake worker profiles. Furthermore, the developer community has been targeted by North Korean hackers posing as recruiters on LinkedIn and sending coding assignments that contain hidden malware.
In an effort to prevent such attacks, CZ warned all crypto platforms to train their employees not to download unknown files and to carefully check all job candidates. He also emphasised the importance of staying vigilant in the face of these sophisticated threats.
On September 17-18, 2025, CZ posted about the growing problem of North Korean hackers targeting crypto companies on social media platform X. His post served as a reminder that the crypto industry must remain vigilant and continue to adapt to these evolving threats.
North Korean hackers are getting better at using new technology, such as artificial intelligence to create fake profile photos and deepfake technology during video interviews. However, with increased awareness, cooperation, and the implementation of robust security measures, the crypto industry is fighting back effectively against these cyber threats.
