CZ Warns of ‘Imposter Employees’ Threat from North Korea

Researchers compiled over 60 profiles of agents from North Korea.

North Korean hackers are “advanced, creative, and patient,” stated former Binance CEO Changpeng Zhao (CZ). He highlighted the current threat of their infiltration into companies.

These North Korean hackers are advanced, creative and patient. I have seen/heard:

1. They pose as job candidates to try to get jobs in your company. This gives them a “foot in the door”. They especially like dev, security, finance positions.

2. They pose as employers and try to… https://t.co/axo5FF9YMV

— CZ 🔶 BNB (@cz_binance) September 18, 2025

The former head of the exchange noted that he personally encountered or heard of such situations. North Korean hackers pose as job candidates to secure positions in companies, which “opens doors for them.”

“They particularly like positions in development, security, and finance,” CZ added.

Additionally, North Korean hackers disguise themselves as employers, attempting to conduct interviews or offer jobs to employees of other firms, the businessman continued. During interactions, they “experience Zoom issues” and send a phishing link for an “updated meeting.”

Other covert agents ask employees coding questions, later sending them a malicious “code sample.”

CZ mentioned instances where hackers contacted support services pretending to be users, trying to lure them to a compromised site.

“They bribe your employees and outsourcing providers for data access. Just a few months ago, hackers breached a major Indian outsourcing service, resulting in a data leak from a major American exchange, leading to asset losses exceeding $400 million. The list goes on,” Zhao wrote.

He advised all crypto platforms to “train employees not to download files and to scrutinize candidates more thoroughly.”

‘Security Alliance’

In his post, CZ referred to a publication by the company Security Alliance, which compiled a portfolio of “imposter employees” from North Korea.

North Korean developers are eager to work for your company, but it’s important to not get scammed by imposters when hiring. We built this portfolio to help you pick out the right North Korean IT worker for your company. pic.twitter.com/3Td2vX4C2v

— Security Alliance (@_SEAL_Org) September 17, 2025

“Developers from North Korea are eager to work in your company, but it’s important not to fall for scammers’ tricks when hiring. We created this portfolio to help you choose the right North Korean IT specialist,” cybersecurity experts quip.

Their website contains descriptions of 62 alleged agents from North Korea. Some have detailed personal information, career achievements, resumes, and interview recordings published.

For instance, an individual named Alex Hong applied to nine crypto companies.

Previously, ForkLog reported that a North Korean hacker attempted to infiltrate the ranks of Kraken’s developers under the guise of an engineering candidate.

In June, the US Department of Justice charged four North Korean citizens with stealing $900,000 from an Atlanta blockchain startup, where they were employed as IT specialists.