What happened? CZ says Google alerted him that government-backed attackers tried to access his account, and he suspects North Korea’s Lazarus Group.
Binance founder Changpeng “CZ” Zhao shared a Google security warning that “government-backed attackers” attempted to steal his password. He posted a screenshot and suggested the attempt could be linked to North Korea’s Lazarus Group, noting he didn’t have anything important on that account. The alert fits a broader pattern of state-sponsored cyberattacks targeting crypto firms and high-profile figures, following major heists and malware campaigns this year.
Who does this affect? High-profile crypto leaders, exchanges, developers and everyday users are all in the crosshairs when state-backed hackers ramp up their efforts.
Executives and employees can be targeted with phishing, fake job applications, and impersonation to gain inside access, while exchanges and service providers face direct theft risks and reputational damage. Developers and projects are vulnerable to malware distributed through fake hiring sites and compromised developer tools, which can lead to exploits. Retail users can lose funds if wallets or platforms are breached, and trust across the ecosystem erodes as laundering networks and prior large-scale thefts show the attackers are well funded and persistent.
Why does this matter? State-backed hacks raise systemic market risk, increase costs for exchanges and projects, and can push investors to sell or pull back.
News of government-linked attacks creates immediate uncertainty that can trigger price volatility, lower trading volumes, and prompt short-term sell-offs in cryptocurrencies. Exchanges and firms will likely face higher security and compliance costs, insurance premiums, and potential regulatory scrutiny, which can compress margins and slow product launches. Over time, persistent threats from groups like Lazarus could deter institutional capital, shift liquidity to perceived safer venues, and weigh on valuations across the crypto market.