North Korea’s AI-Powered Hackers Are Redefining Crypto Crime

There’s a change coming to crypto crime, and North Korea’s state-backed hackers are in the vanguard.

There’s no longer any need for dozens of expensively educated programmers to analyze blockchain code and smart contracts for vulnerabilities, it’s now possible to set AI to the task, according to Kostas Kryptos Chalkias, co-founder and chief cryptographer of Mysten Labs.

Large language models represent a greater threat to the industry than quantum computing, which potentially would work so fast that the encryption algorithms used become obsolete. Pyongyang’s cyber units, responsible for stealing an estimated $2 billion in crypto already this year, have begun integrating large language models into nearly every stage of their attacks: reconnaissance, phishing, code analysis and laundering the proceeds, he said.

“AI is the best tool I’ve ever had as a white-hat hacker,” Chalkias said in an interview with CoinDesk. “And you can imagine what happens when it’s in the wrong hands.”

AI-driven theft at record scale

The Lazarus Group, the country’s most notorious hacking unit, has already set records in 2025. Investigators say the $1.5 billion Bybit breach in February, attributed by the FBI to North Korean operatives, was the largest crypto hack in history.

What’s new this year, Chalkias said, is automation. Using AI models similar to ChatGPT and Claude, attackers can now analyze open-source codebases across multiple blockchains, flag likely vulnerabilities and mirror successful exploits from one ecosystem to another.

“AI can combine data from previous hacks and immediately spot the same weakness elsewhere,” he explained. “A human can’t manually scan thousands of smart contracts, but an AI can do it in minutes.”

That ability turns a small cell of state hackers into something resembling a digital industrial complex. “You can scale your attack surface with a single prompt,” Chalkias said. “That’s what makes it dangerous.”

Security researchers at Microsoft and Mandiant have worked together on the trend, documenting a rise in AI-assisted phishing, deepfake impersonations and synthetic job applications used by North Korean operatives posing as Western software developers.

The regime’s AI toolkit now spans the entire intrusion chain from social engineering, code analysis and cross-chain exploitation to laundering, which uses pattern-recognition algorithms to track liquidity paths through mixers and OTC brokers, automating obfuscation.

Quantum: Still distant, but looming

For years, the industry’s doomsday scenario centered on quantum computing: Machines powerful enough to crack bitcoin’s SHA-56 encryption and unlock millions of dormant coins.

Chalkias, who holds a doctorate in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.

“There’s no evidence today that any computer, even a classified one, can break modern cryptography,” he said. “We’re at least 10 years away from that.”

He credits organizations like the U.S.’ National Security Agency and Enisa, the European Union’s agency for cybersecurity, for pushing early adoption of quantum-safe standards, and frames those efforts as preventive rather than reactive.

Mysten Labs, developer of the Sui blockchain, is already building migration tools that will let users shift funds into quantum-resistant accounts when the time comes. Chalkias worries that AI might bring that date closer by helping physicists design new materials or error-correction methods.

“The combination of AI and quantum is what freaks me out,” he said. “We might have created a new species, and we can’t predict its pace.”

The bigger and faster threat

While quantum threats remain theoretical, AI is currently breaking things at a rate of knots.

DeFi platforms are particularly exposed, Chalkias said, because open-source code allows AI models, friendly or hostile, to comb through every line of logic.

“AI makes it trivial to find mirrored bugs across protocols,” he said. “If one oracle fails, dozens may share the same flaw.”

He predicts that regulators will soon require continuous, AI-aware auditing for exchanges and smart-contract platforms, essentially a standing red-team that reruns vulnerability scans every time a major AI model is updated.

“Each new version of GPT or Claude finds different weaknesses,” he said. “If you’re not testing against them, you’re already behind.”

Still, AI is a double-edged sword and can be used defensively as well as in attack.

That means embedding AI-based security into wallets, custodians, and exchanges, and re-auditing smart contracts continuously. It also means preparing for the long-term quantum transition now, before regulation forces it.

“Unless we build anti-AI defenses into everything we do,” he warned, “we’ll always be one step behind.”

North Korea’s Next Move

Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most potent near-term weapon remains AI-enhanced social engineering.

When asked whether North Korea could ever build the first quantum computer, he laughed.

“No,” he said. “The real race is between the U.S. and China. North Korea will overuse AI for phishing, deepfakes and deception. That’s where their strength lies.”

Even without quantum capability, AI lets hackers simulate legitimate users, mimic transactions, and launder funds with unprecedented subtlety.

“They don’t need quantum to break crypto,” Chalkias said. “They just need AI to make the attack invisible.”