A change is coming in cryptocrime, and North Korea’s state-backed hackers are at the forefront.
There is no longer a need for dozens of expensive programmers to scan blockchain code and smart contracts for vulnerabilities. It is now possible to entrust this task to AI, according to Kostas Kryptos Chalkias, co-founder and chief cryptographer of Mysten Labs.
Large language models pose a greater threat to the industry than quantum computing, which would potentially work so fast that the encryption algorithms used would become obsolete. Pyongyang’s cyber units, responsible for stealing about $2 billion in crypto this year, have begun integrating large language models into almost every stage of their attacks: reconnaissance, phishing, code analysis and profit laundering, he said.
“AI is the best tool I’ve ever had as a white hat hacker,” Chalkias said in an interview with CoinDesk. “And you can imagine what happens when it’s in the wrong hands.”
AI-driven flight on a record scale
The Lazarus Group, the country’s best-known hacking unit, has already set records in 2025. Investigators say the $1.5 billion Bybit breach in February, attributed by the FBI to North Korean agents, was the largest crypto hack in history.
What’s new this year, Chalkias said, is automation. Using AI models similar to ChatGPT and Claude, attackers can now analyze open source codebases across multiple blockchains, flag likely vulnerabilities, and mirror successful exploits from one ecosystem to another.
“AI can combine data from previous hacks and immediately spot the same weakness elsewhere,” he explained. “A human cannot manually analyze thousands of smart contracts, but an AI can do it in minutes.”
This capability transforms a small cell of state hackers into something resembling a digital industrial complex. “You can scale your attack surface with a single prompt,” Chalkias said. “That’s what makes him dangerous.”
Security researchers at Microsoft and Mandiant have been working together on this trend, documenting an increase in AI-assisted phishing, impersonations, and synthetic job applications used by North Korean agents posing as Western software developers.
The regime’s AI toolkit now covers the entire intrusion chain, from social engineering, code analysis and cross-chain exploitation to laundering, which uses pattern recognition algorithms to track liquidity paths through OTC mixers and brokers, thereby automating obfuscation.
Quantum: still distant, but imminent
For years, the industry’s doomsday scenario has focused on quantum computing: machines powerful enough to crack bitcoin’s SHA-56 encryption and unlock millions of dormant coins.
Chalkias, who holds a doctorate in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.
“There is no evidence today that a computer, even a classified one, can break modern cryptography,” he said. “We’re at least 10 years away.”
He credits organizations such as the U.S. National Security Agency and Enisa, the European Union’s cybersecurity agency, for pushing for the rapid adoption of quantum security standards, and sees these efforts as preventative rather than reactive.
Mysten Labs, developer of the Sui blockchain, is already building migration tools that will allow users to transfer funds to quantum-resistant accounts when the time comes. Chalkias fears that AI will bring that date closer by helping physicists design new materials or error-correction methods.
“It’s the combination of AI and quantum that freaks me out,” he said. “We may have created a new species, but we cannot predict its rate.”
The biggest and fastest threat
While quantum threats remain theoretical, AI is currently breaking things at a breakneck pace.
DeFi platforms are particularly exposed, Chalkias said, because open source code allows AI models, friendly or hostile, to traverse all lines of logic.
“AI makes it trivial to find mirroring bugs in all protocols,” he said. “If one oracle fails, dozens of them may share the same flaw.”
He predicts that regulators will soon require continuous, AI-aware auditing for exchanges and smart contract platforms, essentially a permanent red team that reruns vulnerability scans every time a major AI model is updated.
“Each new version of GPT or Claude discovers different weaknesses,” he said. “If you don’t test against them, you’re already late.”
However, AI is a double-edged sword and can be used in both defense and attack.
This means integrating AI-based security into wallets, custodians and exchanges, and continuously re-auditing smart contracts. It also means preparing now for the long-term quantum transition, before regulations mandate it.
“Unless we integrate anti-AI defenses into everything we do,” he warned, “we will always be behind.”
North Korea’s Next Step
Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most powerful weapon in the near term remains AI-enhanced social engineering.
When asked if North Korea could one day build the first quantum computer, he laughed.
“No,” he said. “The real race is between the United States and China. North Korea will abuse AI for phishing, deepfakes and deception. That’s where its strength lies.”
Even without quantum capabilities, AI allows hackers to simulate legitimate users, imitate transactions, and launder funds with unprecedented subtlety.
“They don’t need quantum to break crypto,” Chalkias said. “They just need the AI to make the attack invisible.”
