North Korean hackers are intensifying their attacks on the cryptocurrency industry by disguising themselves as IT professionals, raising fresh concerns about security. Binance co-founder Changpeng “CZ” Zhao issued a stark warning on Thursday, revealing that these operatives are actively applying for jobs inside crypto companies, offering bribes to staff, and using sophisticated tactics to steal sensitive data.

According to Zhao, hackers pose as developers, finance specialists, or security experts to gain insider access. Some trick employees during fake interviews by sending malicious software disguised as “updates.” Others submit infected code samples, target customer support with phishing links, or directly bribe outsourced workers to compromise internal systems.

Coinbase has also reported a wave of similar threats. In response, CEO Brian Armstrong has rolled out stricter internal policies, including mandatory in-person training in the US and additional background checks for employees with system-level access.

The warning coincides with new findings from Security Alliance (SEAL), an ethical hacker group that exposed at least 60 North Korean agents posing as IT workers. SEAL compiled detailed profiles of these operatives, including their aliases, email accounts, GitHub profiles, and even fake passports and addresses. The group launched an open repository to help crypto firms screen candidates and avoid infiltration.

This comes after four North Korean operatives infiltrated multiple startups in June, stealing nearly $900,000 through freelance developer roles. The broader threat is alarming: Chainalysis reports that North Korean hackers stole over $1.34 billion worth of digital assets across 47 incidents in 2024 alone—double the amount stolen in 2023.

The infamous Lazarus Group remains linked to some of the largest heists, including the $1.4 billion Bybit hack, underscoring how state-backed cybercrime continues to plague the digital asset industry.