Suche
North Korean hackers strike: This is how they infiltrate crypto companies!
Changpeng Zhao warns about North Korean hackers infiltrating crypto firms and stealing $2.17 billion.
North Korean hackers strike: This is how they infiltrate crypto companies!
On October 11, 2025, Changpeng Zhao warned the crypto community about the threats posed by North Korean hackers. These cybercriminals act under the pretense of being employees or users of crypto companies in order to break into the companies and steal valuable data. Zhao highlights that the attacks come from state-sponsored hacker groups such as the Lazarus Group and Famous Chollima, which stand out for their advanced, creative and patient methods.
A common attack point is for the hackers to pose as job candidates in order to get hired at crypto companies, particularly in development, security and finance. If they are unsuccessful, they also pose as recruiters aiming to poach existing employees. During interviews, they often ask to update software like Zoom via a shared link, which poses significant security risks.
Hackers' manipulative tactics
Another commonly used technology is sending programming questions that trick users into running malicious code. This execution gives the hackers access to the victims' devices. According to Zhao, Famous Chollima's hackers even created fake job advertisements to lure potential candidates and install malware into their systems.
Additionally, some attackers impersonate users in need of customer service assistance and send fraudulent links infected with viruses. These methods illustrate the sophistication of attackers and the caution required in the crypto industry. Zhao describes a particularly troubling incident in which an Indian outsourcing service leaked information from a major US exchange, resulting in a loss of over $400 million in user assets.
The Coinbase hack and its consequences
The incident is suspected to relate to Coinbase, which was the victim of a hack in May 2025. The attackers obtained customer data by bribing employees in India. The stolen data included personal information, including names, dates of birth, addresses, nationalities, ID numbers, banking details and account information. Among the high-profile victims of the hack was Sequoia Capital managing partner Roelof Botha.
In addition, Zhao reported that several Coinbase users received security warnings because their information may have been accessed unlawfully. A frightening result of these attacks is that, according to Chainalysis, up to $2.17 billion worth of crypto assets were stolen, with the Bybit hack leading the way at $1.5 billion. The extensive security risks posed by the activities of North Korean hackers underscore the urgent need for crypto companies to strengthen their security protocols and better defend themselves against such threats.