Overview

• Changpeng Zhao detailed how North Korean–linked operatives pose as job candidates or recruiters to penetrate exchanges, focusing on developer, security, and finance roles.
• Attackers deliver malware during hiring workflows through fake Zoom update prompts, booby-trapped “sample code,” and links sent via customer support tickets.
• Security Alliance (SEAL) released a repository of more than 60 known impostor IT profiles and called for broader intelligence sharing to force faster identity recycling.
• Zhao cited a recent breach at an Indian outsourcing provider that he said preceded losses exceeding $400 million at a major U.S. exchange, without naming the company.
• Industry responses highlighted in the coverage include employee training and stricter vetting, with Coinbase requiring in-person onboarding, U.S. citizenship for sensitive roles, and fingerprinting for elevated access.