North Korean State Actors Leverage AI for Social Engineering in Zerion Breach

Zerion has disclosed a security breach in which North Korean-affiliated hackers successfully stole approximately $100,000 from the company's hot wallets. The attack was characterized as a long-term social engineering operation enhanced by artificial intelligence, targeting team members' credentials and session access. This breach follows a more severe incident this month involving the Drift Protocol, which suffered a $280 million exploit. Security analysts note a strategic shift by DPRK threat actors, who are increasingly bypassing smart contract audits to target the 'human layer' of cryptocurrency firms through structured intelligence operations. The attackers gained access to private keys and session credentials by impersonating trusted contacts and brands across platforms including LinkedIn, Slack, and Telegram. Reports from Mandiant and the Security Alliance (SEAL) indicate the use of AI tools to create deceptive images and videos, including fake Zoom meetings, to deceive employees during multi-week, low-pressure campaigns. While Zerion confirmed that user funds and core infrastructure remained secure, the incident highlights a systemic risk. The ability of state-sponsored actors to embed operatives within DeFi projects for years, combined with AI-refined phishing, poses a persistent threat to the operational security of the broader digital asset ecosystem.