North Korean cybercriminals have been linked to the theft of around $100,000 from a cryptocurrency wallet platform after carrying out an artificial intelligence (AI)-enhanced social engineering attack, the hacked firm revealed Wednesday.
The U.S.-based web3 service Zerion said on social media that the unspecified North Korean actor compromised an employee’s device last week and exploited their privileged access to drain funds from internal company wallets.
The attackers reportedly accessed the Zerion employee’s logged-in sessions and credentials, as well as private keys required to access the company’s internet-connected hot wallets used for testing and “internal purposes.”
The firm said the total financial damage was limited to company funds worth approximately $100,000. Customers’ funds were reportedly unaffected as Zerion team members don’t have access to users’ private keys or seed phrases used to recover cryptocurrency wallets.
Zerion added that its mobile and browser apps, backend infrastructure and social media accounts were not impacted as they are isolated from the compromised device.
Despite user funds remaining unaffected, Zerion noted the threat posed by North Korean cybercriminals who “planned the attack thoroughly.”
“This was not an opportunistic attack,” the firm said. “The actor is clearly sophisticated and well-resourced.”
Zerion’s statement highlighted the North Korean actor’s tactic of launching an “AI-enabled social engineering attack,” but did not elaborate on the methods used beyond mentioning the general threat of AI-generated videos.
North Korean cybercriminals and IT workers have increasingly turned to deepfaked photos and videos, and other AI-generated content over the past two years to augment their social engineering campaigns, in which they masquerade as recruiters or other developers to infiltrate target organization networks.
For example, Google reported in February that a DPRK-linked cybercrime group impersonated a cryptocurrency firm’s CEO to deceive a targeted individual, who also worked in the blockchain industry.
After discovering last week’s incident, Zerion said Wednesday that it secured its digital infrastructure to prevent the attacker from “deploying malicious versions” of its virtual wallet offerings and temporarily took down the Zerion web app.
The firm also updated all private keys and potentially exposed credentials, reviewed employees’ device access and worked with external security partners to identify and report attacker-controlled wallets and accounts to law enforcement authorities.
The Zerion theft follows North Korean cybercriminals’ theft of over $285 million — the largest virtual currency heist so far this year — from the decentralized exchange Drift Protocol on April 1.
The Drift Protocol heist showcased North Korean actors’ willingness to commit time and resources to social engineering campaigns aimed at infiltrating cryptocurrency firms and stealing funds for the DPRK regime.
Going forward, Zerion said it will implement more rigorous authentication processes and invest in employee security training to deter “AI-enabled social engineering,” and warned other potential targets to watch out for North Korean attacks.
“We encourage everyone in the crypto industry to verify all links carefully, treat unexpected permission prompts with suspicion, and be wary of AI-generated video in meeting scenarios,” the firm said.
Originally written by: Shreyas Reddy
Source: NK News
Published on: 17 April 2026
Link to original article: North Korean hackers use AI-powered social engineering to steal $100K in crypto
