North Korean Hackers Steal $100K from Zerion Using AI Social Engineering

Severity: High (Score: 70.2)

Sources: Panewslab, Mexc, Bitget, Techflowpost

Summary

Zerion, a DeFi crypto wallet provider, reported a theft of approximately $100,000 from its hot wallets due to an AI-enhanced social engineering attack linked to North Korean hackers. The attack, which targeted employee credentials and logged-in sessions, is the second incident involving DPRK-affiliated hackers this month, following a $285 million breach at Drift Protocol. Zerion confirmed that user funds and infrastructure were not compromised and has since disabled its web application as a precaution. The Security Alliance (SEAL) has been tracking the hacker group UNC1069, which employs multi-week social engineering tactics across platforms like Telegram and Slack. This incident reflects a concerning trend in the sophistication of cyber threats, particularly as AI tools become more prevalent in attack methodologies. Zerion has reported the incident to law enforcement and is reviewing employee devices for vulnerabilities. The attack highlights the evolving nature of cyber threats in the crypto sector, where even smaller firms are not immune to sophisticated tactics. Key Points: • Zerion lost $100,000 due to an AI-driven social engineering attack by North Korean hackers. • No user funds were compromised, but internal company hot wallets were affected. • The attack is part of a broader trend of increasing sophistication in cyber threats targeting crypto firms.

Key Entities

• Lazarus Group (apt_group)
• UNC1069 (apt_group)
• Data Breach (attack_type)
• Phishing (attack_type)
• Drift Protocol (company)
• Zerion (company)
• North Korea (country)
• Pakistan (country)
• T1003 - OS Credential Dumping (mitre_attack)
• T1078 - Valid Accounts (mitre_attack)
• T1566 - Phishing (mitre_attack)
• Slack (platform)
• Telegram (platform)
• Zoom (platform)
• Microsoft Teams (tool)