- Binance founder CZ received a Google security alert warning him about a possible state-backed cyberattack.
- He shared the notification publicly on his X account to raise awareness about threats facing crypto industry leaders.
Binance founder Changpeng Zhao, also known as CZ, was informed by Google that he might have been the target of a state-sponsored cyberattack. The former CEO posted the alert on his official X account, highlighting the ongoing cybersecurity threats to high-profile players in the cryptocurrency industry.
The threat arises from an increase in the number of advanced attacks targeting crypto leaders and their organizations. The fact that CZ posted the threat notification on the Internet highlights the danger of the threats faced by industry executives daily.
North Korean Tactics Pose Growing Threat
CZ has recently pointed out the sophisticated techniques used by North Korean hackers in their effort to breach cryptocurrency firms. These malicious individuals masquerade as recruiters and job seekers to secure employment in the target organizations.
The strategies aim at gaining positions under key departments such as development, security, and finance.
I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus?
Not that I have anything important on my account. But stay SAFU. 🙏 pic.twitter.com/FCTIrcQG2C
— CZ 🔶 BNB (@cz_binance) October 10, 2025
The plan enables attackers to get into sensitive systems within the company’s networks. This insider approach bypasses traditional perimeter security measures. The attackers pose a threat to organizations by maintaining legitimate employment relationships, as organizations often struggle to identify such threats.
According to security experts, state-sponsored gangs put a lot of resources into the creation of convincing fake identities. The agents create elaborate working backgrounds and social networking. They train a lot to have interviews and technical assessments. Others even go through probationary periods until they engage in malicious activities.
Cryptocurrency exchanges are the best targets because they have very large digital assets in their custody. One successful infiltration may cost millions or billions of dollars. The impossibility of reversing blockchain transactions makes crypto theft a particularly appealing target for attackers.
Google’s Role in Protecting High-Profile Users
Google has specialized systems in place to track and report state-sponsored cyber threats. The Threat Analysis Group of the company monitors hacking activities sponsored by governments in various countries worldwide. In any situation of suspicious activity, Google issues on-site notifications to the possibly impacted users.
Such notifications alert a person about efforts to attack their accounts/devices. The notifications appear when Google detects behavior consistent with state-sponsored attack patterns. These monitoring systems pay special attention to high-profile people working in sensitive industries.
The tech giant cautions users in particular about phishing schemes and fraudulent websites. The attackers create fake platforms that appear too similar to an authentic crypto exchange or service. By naive users feeding their credentials or private key information, hackers gain direct access to their assets.
