Chinese-Canadian businessman Chanpeng Zhao or CZ (48), the co-founder and former CEO of Binance, took to X/Twitter and shared some insights into North Korean hackers. Zhao, who resigned as Binance’s CEO and spent four months in jail in 2024 for money laundering, seems to know a thing or two about these cyber crooks. While most of what he tweeted is what he has “seen/heard.” Zhao states (almost in admiration),
These North Korean hackers are advanced, creative and patient “
He went on to describe the modus operandi of the North Korean hackers in four ways, using three disguises, posing as 1) job candidates; or 2) employers; or 3) lay users.
CZ states
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
He further adds their second trick
2. They pose as employers and try to interview/offer your employees. During the interview, they will be a problem with Zoom and they will send your employee a link to an “update”, which contains virus that will takeover your employee’s device. Or they will give your employee a coding question and later send some “sample code”.
CZ states that these North Korean hackers may also pose as users
3. They pose as users and send you links in a Customer Support request. The linked page will have a virus to download of some kind.
And finally, they may resort to bribing. Zhao gives a recent example of the Coinbase data hack and asset loss. He writes,
4. They pay/bribe your employees, outsourced vendors for data access. Just a few months ago, a major India outsource service was hacked and leaked a major US exchange user data, resulting in user asset loss of more than $400m.
Zhao further quips that “the list goes on.” He advises all crypto platforms to exercise caution. The techpreneur suggests
train your employees to not download files, and screen your candidates carefully.”
See Also: Remote-Working North Korean Cyber Criminal Takes Revenge By Hacking The Company For Firing Him
Responding to one of the user comments, CZ recalled the alleged one-click hack of Amazon founder Jeff Bezos’s phone. Zhao stated
One of the more famous RUMORED hacks is the one-click hack of Jeff Bezos’s phone. The hacker reportedly sent a link that contained a zero-day (not used before) virus that exploited an unpublicized vulnerability in the mobile browser.
However, he added a disclaimer stating, “Not sure if it is true, but that’s the version I read in a book somewhere (that I bought from Amazon).“
These North Korean hackers are advanced, creative and patient. I have seen/heard:
1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.
2. They pose as employers and try to… https://t.co/axo5FF9YMV
— CZ 🔶 BNB (@cz_binance) September 18, 2025
North Korean developers are eager to work for your company, but it’s important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company. pic.twitter.com/3Td2vX4C2v
— Security Alliance (@_SEAL_Org) September 17, 2025
Just one click on a link, no other actions.…
— CZ 🔶 BNB (@cz_binance) September 18, 2025
See Also: North Korea’s Alternate Reality Shocks British YouTuber; Shares Rare Insight Through Marathon
