Binance founder Changpeng Zhao (CZ) received a Google security alert warning that “government backed attackers” may have attempted to steal his password, reigniting concerns over state sponsored cyber threats in the crypto industry.
Quick Summary – TLDR:
- Google warned CZ of a possible state backed hacking attempt targeting his account
- CZ suspects the infamous North Korean Lazarus Group may be behind the incident
- The group is linked to $2 billion stolen in 2025 alone, including a record $1.4 billion Bybit hack
- The incident highlights ongoing threats to high profile crypto leaders and exchanges
What Happened?
On October 10, 2025, CZ shared a Google alert on his X account. The message warned that state backed attackers may be trying to steal his password. CZ posted:
“I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account. But stay SAFU.”
While he downplayed the contents of the targeted account, CZ used the moment to ask his followers if anyone else had received similar alerts. According to Google’s security notes, these warnings do not always mean a successful breach, but are early signals of targeted phishing or malware attempts.
I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus?
— CZ 🔶 BNB (@cz_binance) October 10, 2025
Not that I have anything important on my account. But stay SAFU. 🙏 pic.twitter.com/FCTIrcQG2C
Why Lazarus Is a Suspect?
The Lazarus Group, a notorious North Korean state backed hacker collective, has long been tied to some of the largest crypto thefts in history. In 2025, Lazarus is linked to over $2 billion in crypto thefts, including the record $1.4 billion hack on Bybit.
Since 2017, this group has stolen more than $6 billion in digital assets, evolving its tactics from basic phishing to highly sophisticated social engineering and infiltration strategies. CZ has previously warned about Lazarus agents posing as fake employees to infiltrate companies in roles like development, security, and finance.
In one recent example, Kraken exchange detected a North Korean spy posing as a developer job applicant. Cybersecurity experts also confirmed similar cases of fake interviews targeting other companies.
Anndy Lian, a blockchain advisor, mentioned this is part of a growing trend of personalized cyberattacks, with many executives and government officials getting similar Google alerts.
The Broader Crypto Threat Landscape
The attempted breach of CZ’s account is not a random event. It fits into a broader pattern of increased cyber targeting of crypto industry figures.
Evolving Attack Strategies:
- Phishing and malware tactics are being combined to increase success rates.
- Fake job applicants are used to gain access to internal systems.
- Direct targeting of executives is becoming more frequent than attacks on platforms.
Notable Incidents:
- In June 2025, four Lazarus operatives posing as developers stole $900,000 from crypto startups.
- Coinbase reported a data breach in May affecting 1 percent of users, costing an estimated $400 million.
- In 2024, Chainalysis recorded 47 Lazarus-linked hacks, netting $1.34 billion.
Security Recommendations:
Experts and community members have shared tips in response to CZ’s post:
- Change passwords regularly and use strong combinations.
- Enable two factor authentication through authenticator apps, not SMS.
- Check for unauthorized logins or device access.
- Use hardware wallets and multi-signature protections.
- Monitor suspicious behavior and login patterns.
One user, Crypto Jargo, pointed out that such warnings are rare, usually affecting journalists, researchers, and people involved with sensitive industries.
SQ Magazine Takeaway
As someone who follows this space closely, this situation with CZ is a major wake up call. If a crypto billionaire like CZ is being targeted by state actors, what does that mean for the rest of us? It confirms what we’ve long feared. The attacks are becoming more personal, more strategic, and more advanced.
It’s no longer just about breaching a platform. These attackers are going after people and trying to gain trust and access from the inside. The Lazarus Group is a clear and present danger, and their methods are only getting smarter.
This is the moment for everyone in the industry, including developers, investors, and founders, to step up their security game. Do not wait for the next alert to take action. Be proactive because the hackers already are.
