Binance founder Changpeng Zhao (CZ) has raised the alarm after receiving a Google notification warning of state-sponsored hackers attempting to steal his account password. The incident, which CZ shared on X (formerly Twitter), has sparked concern across the crypto community and renewed fears of North Korean cyber espionage targeting key figures in the digital asset industry.

Changpeng Zhao posted a screenshot of the Google alert, which read:

“Google may have detected state-sponsored attackers trying to steal your password.”

Accompanying the screenshot, Changpeng Zhao wrote:

“I get this warning from Google once in a while. Does anyone know what this is? North Korea Lazarus? Not that I have anything important on my account. But stay SAFU.”

While he reassured followers that the targeted account held nothing sensitive, the revelation has triggered widespread discussion about ongoing cyber threats facing prominent figures in crypto.

Lazarus Group: North Korea’s Notorious Crypto Hackers

Changpeng Zhao’s suspicion immediately turned toward the Lazarus Group, a North Korean state-backed hacking organisation responsible for some of the largest cyber heists in history. The group has been active since at least 2009 and has been linked to numerous crypto breaches, phishing attacks and ransomware campaigns.

Since 2017, Lazarus has allegedly stolen over $6 billion in cryptocurrencies from exchanges, investors and DeFi platforms. The group’s operations are believed to be sponsored by the North Korean regime, providing a crucial source of foreign currency for the heavily sanctioned country.

According to blockchain analytics firms, 2025 has already become the worst year on record for crypto theft, with over $2 billion stolen so far, nearly triple the previous high of $1.35 billion set in 2022. Much of this has been attributed to the Lazarus Group’s increasingly sophisticated social engineering tactics and the massive $1.5 billion Bybit hack in February, marking the largest crypto heist to date.

Community Response: Safety First, Even for the Founder of Binance

Following Changpeng Zhao’s post, members of the crypto community quickly responded with advice and insights. One user, Crypto Jargo, noted that Google’s state-sponsored attack warnings are rare and typically directed at journalists, researchers, or individuals linked to high-value data.

While such alerts don’t always indicate an active or successful breach, the user emphasised that it’s better to stay cautious than complacent. Recommended steps included:

• Changing to a new, unique password
  
• Enabling two-factor authentication (2FA) using an authenticator app instead of SMS
  
• Checking for any unusual devices or sessions logged in
  

Changpeng Zhao, who often promotes online safety through his “SAFU” (Secure Asset Fund for Users) mantra, echoed this sentiment, encouraging users to remain vigilant. His post underscores that no one in the crypto world is completely immune to cyber threats, not even the founder of one of the world’s largest exchanges.

Evolving Threat Landscape: From Exchanges to Individuals

While Lazarus was once focused on large-scale exchange hacks, recent evidence suggests the group has shifted strategies. Instead of targeting infrastructure alone, they now increasingly go after individuals, particularly high-net-worth investors, developers and executives.

These attacks often exploit phishing emails, fake job offers, or AI-generated deepfakes to trick victims into revealing credentials or downloading malicious software. Changpeng Zhao himself has previously warned about these tactics, urging the crypto community to beware of fraudulent job applications and fake Binance impersonations circulating online.

Cybersecurity experts note that AI has supercharged the sophistication of such attacks. Deepfake videos, cloned voices and realistic emails have made it harder than ever to distinguish legitimate communication from malicious intent.

A Wake-Up Call for the Crypto Industry

The attempted targeting of CZ highlights the continuing vulnerability of the crypto industry to nation-state-level cyber threats. With billions at stake and digital assets easily transferable across borders, crypto remains an attractive target for groups like Lazarus.

While Changpeng Zhao has confirmed that no critical data was compromised, the incident serves as a reminder that security hygiene must be constant and proactive, regardless of reputation or technical expertise.

As regulators and exchanges tighten compliance, North Korea’s Lazarus Group continues to adapt, proving that global coordination and real-time intelligence sharing are essential to defending the crypto ecosystem.

CZ’s public transparency in raising the issue has once again reinforced his image as a leader who prioritises community awareness and open dialogue over secrecy. His message, simple yet powerful, resonates across the crypto world:

“Stay vigilant. Stay SAFU.”