Binance founder Changpeng “CZ” Zhao may be facing an attack from government-backed hackers. He suggested that Lazarus, the notorious North Korean state-backed hacking group, could be responsible.
On October 10, the former Binance CEO posted a screenshot on X showing a Google alert warning him of a potential attempt by government-backed actors to access his account.
“I occasionally receive this warning from Google. Does anyone know what this is—North Korea’s Lazarus?” Zhao wrote, while downplaying the alert’s seriousness by noting that he doesn’t store anything important in the account and advising others to stay vigilant.
Lazarus group behind major crypto hacks
Lazarus is among the most infamous state-sponsored hacking groups, believed to operate under a mandate to fund North Korea’s heavily sanctioned weapons programs by targeting crypto firms and stealing digital assets worldwide.
In recent years, Lazarus has been linked to several high-profile crypto heists, including the Bybit hack—one of the largest in the industry—and multiple attacks on wallet infrastructures. Their operations often involve sophisticated social engineering, sometimes posing as IT personnel to infiltrate companies from within.
Earlier this year, Lazarus was connected to a multi-million-dollar attack on Lykke, a UK-registered exchange that ultimately shut down after losing Bitcoin, Ethereum, and other assets. They are also allegedly linked to an earlier attack on WazirX, one of India’s largest exchanges, which suffered a similar fate.
Recent estimates from security researchers at Elliptic suggest that funds stolen by hacking groups like Lazarus could represent as much as 13% of North Korea’s GDP.
These cybercriminals, however, don’t just target company accounts—they have also gone after high-profile individuals like Zhao on multiple occasions.
As an entrepreneur with an estimated net worth exceeding $60 billion and more than 10 million followers on X, Zhao remains one of the most influential figures in crypto. His involvement in major projects and businesses, combined with his ongoing mentorship of startups and leadership of a multibillion-dollar venture firm, makes him a prime target for hackers looking to gain insider access or steal sensitive information.
Google says such warnings are routine
According to a Google security blog, these alerts are issued as a precaution and don’t necessarily indicate that an account has been compromised.
“We send these out of an abundance of caution — the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user’s account or computer through phishing or malware, for example,” Google wrote in a 2017 post.
