The largest cryptocurrency exchange in the world, Binance, is in a state of permanent war with North Korean cybercriminals. As the platform's security chief, Jimmy Su, warns, they are the most dangerous adversary in the entire market, combining technological expertise with ruthless determination.

Fake candidates – a Trojan horse in the crypto industry

Every day, the HR department at Binance receives a flood of applications from 'developers' worldwide. On paper – professionals with experience and excellent references. In practice – agents operating on behalf of Pyongyang.

Their tools include:

  • deepfake – digitally generated faces that look real during a conversation,

  • voice filters – altering accent and tone,

  • fake identities created by AI – with fabricated career stories.

Some recruiters use simple but effective tricks to catch them. They ask candidates to cover their face with a hand, which can 'break' the deepfake, or... to comment on the character of Kim Jong Un. In North Korea, criticizing the leader is unthinkable.

Zoom as a tool for infection

When attempts to enter through recruitment fail, hackers try another way. They impersonate investors or representatives of DeFi projects, then during an online conversation, report a "software problem" and send a link for a "Zoom update." Clicking it means one thing – immediate system infection.

"Poisoned" code libraries

Another method is manipulating popular code libraries, such as Node Package Manager. Adding just one line of malicious code to a commonly used module opens the door to hundreds of applications that depend on it.

Record thefts by Lazarus

The most well-known North Korean group, Lazarus, has been under the FBI's radar for years. They were allegedly behind the largest theft in cryptocurrency history – $1.4 billion from the Bybit exchange in March this year.

"The ideal employee" can be a spy

Even if an agent from the DPRK infiltrates the company, they can appear to be an exemplary employee – available 24/7, rapidly completing tasks. However, behind that single account lies a team of hackers operating in different time zones.


Su has no illusions:


"Most major attacks in recent years have started from someone inside the company. Today, the biggest threat to cryptocurrencies comes from state-sponsored hackers from North Korea"