3 hours ago
426
On October 10, 2025, Changpeng Zhao (CZ), the founder and former CEO of Binance, shared a screen grab of an alert he received from Google on his X page, informing him that he was the target of an attempt to steal his credentials.
He joked that there was nothing of importance on his Google account, but that would not have diluted the seriousness of his warning. This comes weeks after he called attention to how North Korean hackers have been infiltrating cryptocurrency companies posing as IT workers.
Cybersecurity experts have advised high-net-worth individuals linked to cryptocurrency companies to enhance their security measures to stay ahead of such sophisticated attacks.
I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus?
Not that I have anything important on my account. But stay SAFU. 🙏 pic.twitter.com/FCTIrcQG2C
— CZ 🔶 BNB (@cz_binance) October 10, 2025
CZ warns about targeted attack
According to CZ’s X post, the alert informed him that “a government-backed attacker may be trying to steal your password,” which is suspected to have been a potential attempt to compromise his Google account via methods like phishing or malware.
In his tweet, CZ confirmed that this is not the first time he has received such a warning, even adding that he occasionally receives such notifications while implying it is a waste of time as he doesn’t store sensitive information on that particular account.
He threw in a lighthearted “stay SAFU” remark while speculating that North Korea’s notorious Lazarus Group could be behind the attempt, and they would have many reasons to. Not only is he linked to Binance, CZ also recently put them on blast when he spotlighted their strategy of infiltrating crypto companies as IT workers.
The infamous North Korean Lazarus Group is suspected to be behind some of the most devastating cryptocurrency exploits, including the $1.4 billion Bybit hack, which occurred on February 21.
According to US intelligence, they are a “sophisticated network of agents posing as remote IT workers, which has funneled significant funds back to Pyongyang.”
“I personally know that a government official who got a similar prompt as CZ, saying that his account is detected with government-backed hackers trying to steal his password,” Anndy Lian, author and intergovernmental blockchain adviser, said. “They tried to contact Google for more information, but nothing was given due to security reasons.”
North Korean hackers are on CZ’s radar
It has not gone unnoticed by netizens that CZ is getting attacked three weeks after he sounded the alarm on the growing threat of North Korean hackers seeking to infiltrate crypto companies via employment opportunities and bribes.
“They pose as job candidates to try to get jobs in your company. This gives them a ‘foot in the door,’ specifically for employment opportunities related to dev, security and finance,” CZ wrote in a September 18 post he shared on X.
The warning came just as a group of ethical hackers called Security Alliance (SEAL) put together the profiles of at least 60 North Korean agents posing as IT workers under fake names with the goal of infiltrating US crypto exchanges and stealing sensitive user data.
Don’t just read crypto news. Understand it. Subscribe to our newsletter. It's free.
English (US)