CZ Shares Google Alert of State-Sponsored Attempt to Breach His Email

Hackers have tried to breach the Google account of Binance co-founder Changpeng “CZ” Zhao, triggering warnings of renewed state-backed cyberattacks linked to North Korea’s Lazarus Group.

Zhao shared a Google security alert on Friday showing that “government-backed attackers” had attempted to steal his password. In a post on X, he wrote: “I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything significant on my account.”

The Lazarus Group has long been blamed for some of the largest crypto heists on record, including the $1.4 billion theft from Bybit in February—the industry’s largegest hack to date. U.S. intelligence agencies say the group operates under Pyongyang’s direction, funneling into the country’s weapons programs.

Anndy Lian, an intergovernmental blockchain adviser, said that the attack on Zhao fits a wider pattern of . “U.S. intelligence reports highlight a sophisticated network of agents posing as remote IT workers, which has funneled significant funds back to Pyongyang,” he said. “I personally know a government official who got a similar prompt as CZ, saying that his account is detected with government-backed hackers trying to steal his password.”

Attempts to obtain more details from Google were unsuccessful, Lian added, as the company declined to release specifics for security reasons.

The breach attempt follows a string of warnings from Zhao about the Lazarus Group’s expanding tactics. In a Sept. 18 post, he said had been posing as job viewkers to infiltrate crypto firms. “They pose as job candidates to try to get jobs in your company,” Zhao wrote. “This gives them a foot in the door, specifically for roles in development, security, and finance.”

Cybersecurity group Security Alliance (SEAL) has since compiled profiles of more than 60 suspected North Korean agents operating under false identities to penetrate crypto firms, according to its online repository.

Major platforms have already taken hits. Coinbase confirmed a data breach in May that exposed sensitive information from fewer than 1% of its monthly transacting users. The incident could cost the company as much as $400 million in reimbursements. In June, four North Korean operatives posing as freelance developers allegedly stole $900,000 from multiple beginups.

North Korean groups stole an estimated $1.34 billion in digital assets across 47 incidents in 2024—a 102% jump from 2023—according to . Experts say the attacks target platforms, bridges, and DeFi platforms that lack strong compliance controls.

Cybersecurity researchers warn that the Lazarus Group continues to evolve its methods, often combining phishing campaigns with social engineering and malware designed to drain wallets. Analysts recommend systems, strict access segregation, and real-time AI-driven monitoring to counter such threats.