{"id":583799,"date":"2026-04-15T07:10:01","date_gmt":"2026-04-15T07:10:01","guid":{"rendered":"https:\/\/Blockchain.News\/news\/north-korean-hackers-zerion-ai-social-engineering-attack"},"modified":"2026-04-15T07:10:01","modified_gmt":"2026-04-15T07:10:01","slug":"north-korean-hackers-hit-zerion-with-ai-social-engineering-attack","status":"publish","type":"post","link":"https:\/\/e-bitco.in\/index.php\/2026\/04\/15\/north-korean-hackers-hit-zerion-with-ai-social-engineering-attack\/","title":{"rendered":"North Korean Hackers Hit Zerion With AI Social Engineering Attack"},"content":{"rendered":"<figure class=\"figure mt-2\">\n<p> <a href=\"https:\/\/blockchain.news\/Profile\/Iris-Coleman\">Iris Coleman<\/a> <span class=\"publication-date ml-2\"> Apr 15, 2026 07:10<\/span> <\/p>\n<p class=\"lead\">Zerion confirms $100K stolen in DPRK-linked hack using AI-powered social engineering, marking second major North Korean crypto attack this month after $285M Drift exploit.<\/p>\n<p> <a href=\"https:\/\/image.blockchain.news:443\/features\/8A6D364E10667B70266C559AAAD3793038EA7B225A572DDB5616E316563F53D8.jpg\" class=\"hero-image-link\"> <img fetchpriority=\"high\" decoding=\"async\" class=\"rounded hero-image\" src=\"https:\/\/image.blockchain.news:443\/features\/8A6D364E10667B70266C559AAAD3793038EA7B225A572DDB5616E316563F53D8.jpg\" alt=\"North Korean Hackers Hit Zerion With AI Social Engineering Attack\" loading=\"eager\" width=\"1200\" height=\"630\"> <\/a> <\/figure>\n<p><a rel=\"nofollow\" href=\"https:\/\/blockchain.news\/wiki\/integration-of-credit-card-with-digital-currencies-bringing-crypto-from-hype-to-mainstream\">Crypto<\/a> wallet provider Zerion disclosed Wednesday that North Korean-affiliated hackers stole approximately $100,000 from company hot wallets using <a rel=\"nofollow\" href=\"https:\/\/blockchain.news\/wiki\/babyagi-an-overview-of-the-task-driven-autonomous-agent\">AI<\/a>-enhanced social engineering tactics\u2014the second DPRK-linked attack on a crypto firm in two weeks.<\/p>\n<p>No user funds were compromised, Zerion confirmed in its post-mortem. The company proactively disabled its web app as a precaution after discovering attackers had gained access to team members&#8217; logged-in sessions, credentials, and private keys.<\/p>\n<h2>The Human Layer Is Now the Attack Surface<\/h2>\n<p>The breach follows a pattern that&#8217;s becoming disturbingly familiar. On April 1, the Drift Protocol lost $285 million in what investigators later traced to a six-month DPRK operation that began in fall 2025. Both attacks bypassed smart contract security entirely, targeting employees instead.<\/p>\n<p>&#8220;This incident showed that AI is changing the way cyber threats work,&#8221; Zerion stated.<\/p>\n<p>The Security Alliance (SEAL) confirmed the attack matches tactics they&#8217;ve been tracking. Between February and April, SEAL blocked 164 domains linked to UNC1069, a DPRK hacking group running what they describe as &#8220;multiweek, low-pressure social engineering campaigns&#8221; across Telegram, LinkedIn, and Slack.<\/p>\n<p>The group&#8217;s methodology relies on patience. Attackers impersonate known contacts or credible brands, sometimes leveraging access to previously compromised accounts to build trust over weeks before striking.<\/p>\n<h2>AI Tools Supercharging Traditional Tactics<\/h2>\n<p>Google&#8217;s Mandiant cybersecurity unit documented UNC1069&#8217;s use of fake Zoom meetings back in February, noting the group&#8217;s &#8220;known use of AI tools for editing images or videos during the social engineering stage.&#8221; The implication: deepfakes and AI-generated content are now standard tools in state-sponsored crypto heists.<\/p>\n<p>MetaMask security researcher Taylor Monahan warned earlier this month that North Korean IT workers have been embedding themselves in crypto companies and DeFi projects for at least seven years. They&#8217;re not just hacking from outside\u2014they&#8217;re getting hired.<\/p>\n<p>&#8220;The evolution of the DPRK&#8217;s social engineering techniques, combined with the increasing availability of AI to refine and perfect these methods, means the threat extends well beyond exchanges,&#8221; blockchain security firm Elliptic noted. &#8220;Individual developers, project contributors, and anyone with access to cryptoasset infrastructure is a potential target.&#8221;<\/p>\n<h2>A Billion-Dollar Operation<\/h2>\n<p>North Korea&#8217;s crypto theft operation has evolved into one of the regime&#8217;s primary revenue streams. The Lazarus Group\u2014DPRK&#8217;s main hacking unit\u2014has been linked to the $620 million Ronin Network hack in 2022, the $100 million Harmony bridge exploit, and the record-breaking $1.5 billion Bybit theft in February 2025.<\/p>\n<p>The Zerion breach, while relatively small at $100,000, demonstrates that no target is too minor. The real concern for the industry isn&#8217;t the dollar amount\u2014it&#8217;s the sophistication. When AI-powered social engineering can compromise internal credentials at well-funded crypto firms, the security model built around code audits and bug bounties starts looking incomplete.<\/p>\n<p>Crypto companies should expect these attacks to accelerate. SEAL&#8217;s 164 blocked domains in two months suggests an industrial-scale operation, and the AI tools making these campaigns more convincing are only getting better.<\/p>\n<p><span><i>Image source: Shutterstock<\/i><\/span> <!-- Divider --> <!-- Author info END --> <!-- Divider --> <a href=\"https:\/\/blockchain.news\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iris Coleman Apr 15, 2026 07:10 Zerion confirms $100K stolen in DPRK-linked hack using AI-powered social engineering, marking second major North Korean crypto attack this month after $285M Drift exploit. Crypto wallet provider Zerion disclosed Wednesday that North Korean-affiliated hackers stole approximately $100,000 from company hot wallets using AI-enhanced social engineering tactics\u2014the second DPRK-linked attack [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":583800,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[24673,12193,25,819,397,2205],"class_list":{"0":"post-583799","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-blockchain","8":"tag-ai-hacking","9":"tag-crypto-security","10":"tag-news","11":"tag-north-korea","12":"tag-social-engineering","13":"tag-zerion"},"_links":{"self":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/583799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/comments?post=583799"}],"version-history":[{"count":0,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/posts\/583799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media\/583800"}],"wp:attachment":[{"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/media?parent=583799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/categories?post=583799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/e-bitco.in\/index.php\/wp-json\/wp\/v2\/tags?post=583799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}