CZ Alerts on 60 Fake North Korean Developers Infiltrated into Crypto Platforms

Binance co-founder CZ issues an urgent alert. North Korean agents impersonate IT developers to infiltrate the crypto ecosystem. The SEAL team has already identified 60 fraudulent profiles.

CZ reveals a well-oiled infiltration operation

Changpeng Zhao (known as CZ) recently spoke on X to expose a threat directly targeting crypto companies. Specifically, he describes a campaign orchestrated by North Korean agents whose mission is to infiltrate the technical teams of platforms.

The profiles in question present themselves as developers, security engineers, and financial experts. They submit credible applications, sometimes supported by well-stocked GitHub portfolios. Once the recruitment process begins, these crypto impostors deploy social engineering techniques.

Among the schemes described by CZ:

• simulate connection issues during an interview to send a fake infected Zoom link; 
• offer a seemingly harmless source code, but designed to compromise the internal systems of crypto companies; 
• use false identities to deceive customer support or corrupt external contractors.

According to CZ, this strategy aims to obtain discreet access to internal data of crypto platforms without triggering an immediate technical alert.

A direct alert to the crypto ecosystem

The alert issued by CZ comes as the Security Alliance (SEAL), a team of ethical hackers, has identified 60 suspicious profiles linked to North Korea. Their identities, aliases, IP addresses, GitHub accounts, and past employers are listed in a public database.

CZ recommends crypto actors to toughen their recruitment processes. He indeed calls for increased vigilance towards technical candidates and external contractors, who are often more vulnerable to approach attempts.

His watchword: do not open unverified files and train employees to recognize these methods.

The scale of the operation reveals a well-organized structure capable of training hundreds of agents each quarter. CZ specifies that some profiles even pretend to be recruiters to trap current employees.

CZ’s alert highlights an evolution of risks in the crypto universe. Security is no longer limited to firewalls or smart contract audits. Human resources become the preferred entry point for attackers. Faced with this persistent threat, team training and rigorous filtering of technical profiles are urgent priorities.