CZ warns of North Korean hacker infiltration, revealing a list of 60 fake IT engineers and their attack methods at once.

Binance co-founder Zhao Changpeng (CZ) warned on Twitter (X) on 9/18 that North Korean hackers may disguise themselves as IT engineers or users, or even bribe employees to obtain internal information, thereby accelerating their infiltration into the encryption industry. The white hat hacker team (Security Alliance, SEAL) also revealed the complete information of nearly 60 North Korean fake IT engineers on the same day.

Frequent hacker attacks from North Korea affect everyone, from retail investors to exchanges.

According to Chainalysis data, in 2024, North Korean hackers targeted encryption assets with as many as 47 attacks, stealing over $1.34 billion, a staggering 102% increase compared to $660 million in 2023.

One of the most serious cases is the notorious North Korean hacker group Lazarus Group's involvement in the Bybit $1.5 billion heist, which spared no one from retail investors to exchanges.

( Public Bybit Hacking Secrets! CEO Ben Zhou Remembers the Crisis Management Process: We Were Able to Get Through It )

A list of 60 North Korean fake IT engineers has been exposed.

The white hat hacker team Security Alliance (SEAL) announced on Twitter (X) on 9/18 the fake identities of at least 60 North Korean hackers who posed as IT engineers attempting to penetrate US exchanges. The data disclosed by SEAL includes:

Alias, Nickname and Email

Real domain used, fake domain

Forgery of nationality, address, and geographic location

Related company hiring record C

Salary details, GitHub link, and other public community accounts

( Note: The white hat hacker team Security Alliance was founded by Samczsun, who was previously a researcher at the encryption venture capital Paradigm. In just one year since its establishment, it has already completed over 900 investigations related to hacking attacks. )

CZ also issued a warning, adding details on the hacking attack methods.

CZ also forwarded the warning from SEAL on Twitter (X) on the same day, and added that hackers are actually recruiting to infiltrate attacks. They disguise themselves as applicants for development, security, or financial positions.

and disguised as an employer interviewing employees, then intentionally claimed that the video software Zoom had issues, and sent a "update link" containing malicious programs to control the employees' computers. Then required employees to answer coding questions and send "sample programs" with viruses.

Or impersonating customer service users to send malicious links, or bribing employees or contractors to obtain internal information. CZ ultimately urged all peers to ensure that employees do not download unknown files and to carefully screen job applicants.

(Is it more dangerous to have insiders than hackers? North Korean hackers strike again, targeting the Web3 "slack culture" )

Coinbase jokingly claimed that North Korea has a hacker school and has strengthened internal controls.

Before CZ, Coinbase CEO Brian Armstrong, in an interview in August, likened the hacking activities of North Korean hackers to a school that can produce 500 hackers each season, with batches coming out one after another. In response, Coinbase has implemented stricter regulations internally.

All employees need to enter the United States and undergo face-to-face cybersecurity training.

Individuals with access to the core system must be legal citizens of the United States and must submit fingerprints.

FBI provides attack response measures, asset protection involves you and me.

In recent years, North Korean hacker attacks have been rampant, with social engineering attacks being the most common, which is an attempt to spread malware and steal encryption coin assets. The author also provides the measures taken by the FBI in the United States to respond to such attacks:

If the device is affected, maintain power on and immediately disconnect the network connection to avoid losing recoverable malware files.

Submit detailed complaints through the FBI Internet Crime Complaint Center (IC3), the website is www.ic3.gov.

Provide law enforcement with detailed information about the incident, including screenshots of conversations with the attacker and related information.

Discuss with law enforcement agencies how to collect evidence and response measures, and consider the assistance of cybersecurity companies if necessary.

Share experiences with colleagues and friends in a timely manner, raise awareness, and increase information about North Korean cyber attacks.

( FBI reveals: North Korea actively aggresses the encryption currency industry, social engineering targets coin circle company employees )

This article alerts about North Korean hackers infiltrating, with a list of 60 fake IT engineers and attack methods all at once, first appearing in Chain News ABMedia.