It’s becoming harder and harder to tell who’s real online these days. Especially when it comes to crypto. North Korean hackers, it seems, are masters of disguise—and they’re pulling in staggering amounts of money. According to blockchain analysts at Chainalysis, they’ve stolen around $1.34 billion in cryptocurrency so far this year. That’s not just a number. U.S. and U.N. reports confirm that money is likely helping to fund North Korea’s weapons programs. It’s a sobering thought.
Fake Jobs and Malicious Code
Binance co-founder Changpeng Zhao, known widely as CZ, recently laid out some of their methods in a detailed social media thread. And it’s not all about complex code-breaking. A lot of it is about exploiting human nature. One of the most common tricks? Posing as job seekers. These hackers will apply for positions, particularly in development, security, or finance. Getting a foot in the door, even a small one, gives them a huge advantage for a long-term play.
But it goes both ways. Sometimes they pretend to be the employer. CZ described fake interview setups on Zoom where the “interviewer” stages a technical problem. They’ll ask the candidate to download a necessary “software update” to continue, which is, of course, malware. In other cases, a simple coding test for a job application comes with sample code that’s secretly malicious. It turns a normal part of hiring into a serious security risk.
Simple Tricks and One-Click Disasters
You wouldn’t think customer support chats would be a major vulnerability. But they are. Hackers pose as users needing help and send links that look perfectly legitimate. If an employee clicks, it can be game over. Suddenly, attackers have a way into the system.
It doesn’t always take a downloaded file, either. As crypto investor Anndy Lian pointed out, sometimes just sharing your screen can be enough for them to gain access. We’ve all heard about one-click hacks. Someone shared a story in response to CZ about losing their Instagram account instantly from a single click. Lian himself said he permanently lost his original account the same way. Once they’re in, it’s nearly impossible to get it back.
The Human Factor
Perhaps the simplest method is just old-fashioned bribery. Why break through a firewall when you can pay an insider to open the door? Or, they target third-party vendors—companies that provide services to exchanges. CZ mentioned a breach in India at an outsourced provider that led to a leak of critical data from a U.S. exchange. The result? Users lost over $400 million.
The group behind most of this is widely believed to be Lazarus, North Korea’s state-backed hacking unit. Their haul over the past few years is measured in the billions. And 2025 isn’t looking any better. CZ’s final warning was straightforward: these people are advanced, creative, and patient. They exploit trust. In an industry built on digital trust, that’s a problem without an easy solution.
