{"id":424446,"date":"2026-04-15T13:53:41","date_gmt":"2026-04-15T08:23:41","guid":{"rendered":"https:\/\/dripp.zone\/news\/north-korea-used-ai-to-hack-zerion-in-second-crypto-attack-crypto-news\/"},"modified":"2026-04-15T15:18:40","modified_gmt":"2026-04-15T09:48:40","slug":"north-korea-used-ai-to-hack-zerion-in-second-crypto-attack-crypto-news","status":"publish","type":"post","link":"https:\/\/dripp.zone\/news\/north-korea-used-ai-to-hack-zerion-in-second-crypto-attack-crypto-news\/","title":{"rendered":"North Korea Used AI to Hack Zerion in Second Crypto Attack – Crypto News"},"content":{"rendered":"

<\/p>\n

\n

Crypto wallet Zerion revealed that North Korean-affiliated hackers used AI in a long-term social engineering attack to steal about $100,000 from the company\u2019s hot wallets last week.\u00a0<\/p>\n

The Zerion team released<\/a> a post-mortem on Wednesday, where it confirmed that no user funds, Zerion apps or infrastructure were affected and that it had proactively disabled the web app as a precaution.\u00a0<\/p>\n

While the amount was relatively small in crypto hacking terms, it is another incident of a crypto worker being targeted for an \u201cAI-enabled social engineering attack linked to a DPRK threat actor,\u201d Zerion said.<\/p>\n

It is the second attack of this nature this month, following the $280 million exploit<\/a> of the Drift Protocol, which was the victim of a \u201cstructured intelligence operation\u201d by DPRK-affiliated hackers. The human layer, not smart contract bugs, has now become North Korea\u2019s primary point of entry into crypto firms.\u00a0\u00a0<\/p>\n

AI is changing the way cyber threats work<\/h2>\n

Zerion said the attacker gained access to some team members\u2019 logged-in sessions and credentials<\/a>, as well as private keys<\/a> to company hot wallets.\u00a0<\/p>\n

\u201cThis incident showed that AI is changing the way cyber threats work,\u201d the company said.\u00a0<\/p>\n

It confirmed that the attack was similar to those that had been investigated by the Security Alliance (SEAL) last week.<\/p>\n

Related: <\/strong><\/em>Researchers discover malicious AI agent routers that can steal crypto<\/strong><\/em><\/a><\/p>\n

SEAL reported<\/a> that it had tracked and blocked 164 domains linked to the DPRK group UNC1069 in a two-month window from February to April.<\/p>\n

It stated that the group operates \u201cmultiweek, low-pressure social engineering campaigns\u201d across Telegram, LinkedIn and Slack. Malicious actors impersonate known contacts or credible brands or leverage access to previously compromised company and individual accounts.<\/p>\n

\u201cUNC1069\u2019s social engineering methodology is defined by patience, precision, and the deliberate weaponization of existing trust relationships.\u201d<\/p><\/blockquote>\n

Google\u2019s cybersecurity unit Mandiant detailed<\/a> in February the group\u2019s use of fake Zoom meetings and a \u201cknown use of AI tools by the threat actor for editing images or videos during the social engineering stage.\u201d<\/p>\n

DPRK\u2019s social engineering is evolving<\/h2>\n

Earlier this month, MetaMask developer and security researcher Taylor Monahan said North Korean IT workers have been embedding themselves<\/a> in crypto companies and decentralized finance projects for at least seven years.<\/p>\n

\u201cThe evolution of the DPRK\u2019s social engineering techniques, combined with the increasing availability of AI to refine and perfect these methods, means the threat extends well beyond exchanges,\u201d blockchain security firm Elliptic said in a blog post<\/a> earlier this year.\u00a0<\/p>\n

\u201cIndividual developers, project contributors, and anyone with access to cryptoasset infrastructure is a potential target.\u201d<\/p><\/blockquote>\n

There are two types of DPRK attack vectors, one more sophisticated than the other. Source: <\/em>ZachXBT<\/em><\/a><\/figcaption><\/figure>\n

Magazine: <\/strong><\/em>How AI just dramatically sped up the quantum risk for Bitcoin<\/strong><\/em><\/a><\/p>\n