North Korean hackers used AI to steal $100,000 from Zerion
North Korean-linked hackers used AI-powered social engineering to access Zerion team sessions and private keys, stealing about $100,000 from company hot wallets; no user funds affected.
Zerion, a crypto wallet provider, reported that North Korean-linked hackers used AI-enabled social engineering last week to steal roughly $100,000 from the company’s hot wallets. The firm said no user funds, Zerion apps or core infrastructure were affected.
Zerion’s post-mortem outlined how attackers gained access to some team members’ active sessions, credentials and private keys that controlled company hot wallets. The company disabled its web app while it investigated and moved compromised assets offline.
Zerion described the incident as an AI-assisted social engineering operation tied to a DPRK-affiliated threat actor and noted similarities with other recent cases. Earlier this month, the Drift Protocol lost about $280 million in an exploit investigators linked to a structured intelligence operation connected to North Korean actors.
Security researchers have associated a DPRK-aligned group tracked as UNC1069 with patient, low-pressure campaigns that run for weeks and target employees on Telegram, LinkedIn and Slack. Security Alliance (SEAL) reported it identified and blocked 164 domains tied to the group between February and April.
SEAL and other analysts say the group commonly impersonates known contacts or credible brands, leverages access to previously compromised accounts and exploits existing trust relationships to persuade targets to cooperate.
Analysts have also observed staged video calls and the use of AI tools to edit images and video during recruitment and social engineering phases. Zerion wrote, “This incident showed that AI is changing the way cyber threats work.”
Taylor Monahan, a MetaMask developer and researcher, noted that North Korean IT personnel have embedded themselves in crypto projects for years. Blockchain security firm Elliptic warned that the combination of evolving DPRK social engineering techniques and broader access to AI expands the pool of potential targets to include developers, project contributors and anyone with access to crypto infrastructure.
Zerion said it is continuing an internal review, coordinating with security partners and taking steps to strengthen account and key management following the compromise.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
