North Korea Used AI to Hack Zerion in Second Crypto Attack | Crypto Security News
Crypto security news: North Korea Used AI to Hack Zerion in Second Crypto Attack. This update explains what happened, why it matters for wallets, exchanges, traders, and users, and what the market should watch next.
Crypto Security Update
Crypto wallet Zerion revealed that North Korean-affiliated hackers used AI in a long-term social engineering attack to steal about $100,000 from the company’s hot wallets last week. The Zerion team released a post-mortem on Wednesday, where it confirmed that no user funds, Zerion apps or infrastructure were affected and that it had proactively disabled the web app as a precaution. While the amount was relatively small in crypto hacking terms, it is another incident of a crypto worker being targeted for an “AI-enabled social engineering attack linked to a DPRK threat actor,” Zerion said.It is the second attack of this nature this month, following the $280 million exploit of the Drift Protocol, which was the victim of a “structured intelligence operation” by DPRK-affiliated hackers. The human layer, not smart contract bugs, has now become North Korea’s primary point of entry into crypto firms. AI is changing the way cyber threats workZerion said the attacker gained access to some team members’ logged-in sessions and credentials, as well as private keys to company hot wallets. “This incident showed that AI is changing the way cyber threats work,” the company said. It confirmed that the attack was similar to those that had been investigated by the Security Alliance (SEAL) last week.Related: Researchers discover malicious AI agent routers that can steal cryptoSEAL reported that it had tracked and blocked 164 domains linked to the DPRK group UNC1069 in a two-month window from February to April.It stated that the group operates “multiweek, low-pressure social engineering campaigns” across Telegram, LinkedIn and Slack. Malicious actors impersonate known contacts or credible brands or leverage access to previously compromised company and individual accounts.“UNC1069’s social engineering methodology is defined by patience, precision, and the deliberate weaponization of existing trust relationships.”Google’s cybersecurity unit Mandiant detailed in February the group’s use of fake Zoom meetings and a “known use of AI tools by the threat actor for editing images or videos during the social engineering stage.”DPRK’s social engineering is evolvingEarlier this month, MetaMask developer and security researcher Taylor Monahan said North Korean IT workers have been embedding themselves in crypto companies and decentralized finance projects for at least seven years.“The evolution of the DPRK’s social engineering techniques, combined with the increasing availability of AI to refine and perfect these methods, means the threat extends well beyond exchanges,” blockchain security firm Elliptic said in a blog post earlier this year. “Individual developers, project contributors, and anyone with access to cryptoasset infrastructure is a potential target.”There are two types of DPRK attack vectors, one more sophisticated than the other. Source: ZachXBTMagazine: How AI just dramatically sped up the quantum risk for BitcoinCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
Why This Security News Matters
First, this development may affect exchange safety, wallet security, user trust, and broader market sentiment. In addition, it may influence platform security practices, fund recovery efforts, and regulatory pressure. As a result, traders and crypto users should watch the next updates closely.
What To Watch Next
Watch for official statements, post-mortem reports, wallet warnings, exchange responses, and fund recovery updates. In particular, any new details about phishing, exploits, private key exposure, or security patches could directly affect the broader crypto market.
