North Korean Hackers Target Zerion with AI-Driven Social Engineering Attack

Severity: High (Score: 60.0)

Sources: Techflowpost, Panewslab

Summary

On April 15, 2026, Zerion disclosed that its corporate hot wallets were attacked by North Korean hackers using AI for social engineering, resulting in a theft of approximately $100,000. The attack involved obtaining login sessions and credentials from team members, as well as the company's hot wallet private key. Despite the breach, Zerion confirmed that user funds, applications, and infrastructure remained unaffected, and the company proactively disabled its web application to mitigate further risks. This incident marks the second attack linked to North Korean hackers this month, following a $280 million breach at Drift Protocol. The Security Alliance (SEAL) has identified the hacker group UNC1069, which employs low-pressure, multi-week social engineering campaigns across platforms like Telegram and Slack, utilizing AI tools to enhance their attack strategies. Key Points: • Zerion lost approximately $100,000 due to an AI-driven social engineering attack. • The attack targeted employee credentials and the company's hot wallet private key. • This incident is part of a broader trend of AI-enhanced attacks by North Korean hackers.

Key Entities

• UNC1069 (apt_group)
• Phishing (attack_type)
• Drift Protocol (company)
• Zerion (company)
• T1566 - Phishing (mitre_attack)
• Slack (platform)
• Telegram (platform)