North Korean hackers are weaving artificial intelligence into every stage of cyberattacks — from phishing to laundering. AI has become a more serious threat to cryptocurrencies than quantum computing, Mysten Labs cryptographer Kostas Chalkias told CoinDesk.
“Neural networks are the best tool I have ever had as a white-hat hacker. And you can imagine what happens when it falls into the wrong hands,” he said.
According to him, groups such as Lazarus use LLM to automatically scan thousands of smart contracts.
AI can combine data on past breaches and find the same vulnerability elsewhere in minutes. That turns a small cadre of state hackers into something akin to a digital military‑industrial complex, able to scale attacks with a single prompt, Chalkias noted.
More serious than quantum computing
The cryptographer argues that the real danger comes from AI, not from quantum computing:
“There is no evidence that any computer today can break modern cryptography. That is at least 10 years away.”
A combination of the two technologies could accelerate the emergence of threats to the digital‑asset industry. DeFi platforms are especially exposed: open‑source code lets LLMs analyse the logic of every line.
Chalkias expects regulators will soon require exchanges and smart contracts to undergo continuous, AI‑aware audits.
“Each new release of GPT or Claude finds different weak spots. If you are not testing your system against them, you are already behind,” he stressed.
He added that North Korea has also begun experimenting with AI‑generated propaganda and fakes. But the most effective weapon remains social engineering, amplified by AI.
Asked about the chances of North Korea building a quantum computer, Chalkias was dismissive:
“The real race is between the US and China. The DPRK will abuse AI for phishing, deepfakes and deception. That is their strength. They do not need quantum computers to hack crypto — they need artificial intelligence to make the attacks invisible,” the cryptographer concluded.
UN concern
Since January 2024, North Korean cybercriminals have stolen $2.84 billion in cryptocurrency, according to a report by the Multilateral Sanctions Monitoring Team (MSMT), associated with the UN.
A significant share of the haul stemmed from the attack on Bybit in February.
Beyond heists, hackers are increasingly using remote‑job schemes in the IT and crypto industry. In May, a team at the Kraken exchange identified a DPRK spy among candidates for an engineering role.
This directly violates UN Security Council Resolutions 2375 and 2397, which prohibit hiring North Korean applicants.
Nevertheless, Pyongyang continues to place its specialists in at least eight countries: China, Russia, Laos, Cambodia, Equatorial Guinea, Guinea, Nigeria and Tanzania.
According to the document, between 1,000 and 1,500 such workers were based in China. As of early 2025, 150 to 300 were working in Russia. As part of a broader plan, Pyongyang intended to send more than 40,000 workers to Russia, including several IT delegations.
To legalise the activity, the parties planned to use student visas.
“For example, as reported by one of the MSMT member states, the Russian educational company ANO ‘HDK Cooperation’ in 2024 arranged student visas for hundreds of DPRK citizens. This allowed them to enter Russia and work in various sectors, including IT,” the report says.
According to specialists, the stolen funds mainly finance military programmes. Pyongyang buys a full spectrum of weaponry with the proceeds — from armoured vehicles to missile systems.
Cyber‑espionage is aimed chiefly at critical industries, including semiconductor manufacturing, uranium processing and more.
However, the report’s authors pointed to growing effectiveness by Western countries in countering DPRK hackers.
Andrew Fierman, head of national security intelligence at Chainalysis, noted to Decrypt that “the capabilities of law enforcement, intelligence and the private sector to identify and neutralize risks have expanded significantly.”
In August, an unknown user hacked the account of a North Korean IT specialist who belonged to a small hacking group linked to a $680,000 theft.