There’s a change coming to cryptocrime, and North Korea’s state-sponsored hackers are at the forefront.
No longer needing dozens of expensively trained programmers to analyze blockchain code and smart contracts for vulnerabilities, it is now possible to put AI to the task, according to Kostas Kryptos Chalkias, co-founder and chief cryptographer of Mysten Labs.
Large language models represent a greater threat to the industry than quantum computers, which would potentially work so fast that the encryption algorithms used become obsolete. Pyongyang’s cyber units, responsible for stealing an estimated $2 billion in crypto already this year, have begun integrating large language models into nearly every stage of their attacks: reconnaissance, phishing, code analysis and laundering the proceeds, he said.
“AI is the best tool I’ve ever had as a white-hat hacker,” Chalkias said in an interview with CoinDesk. “And you can imagine what happens when it’s in the wrong hands.”
AI-driven theft on a record scale
The Lazarus Group, the country’s most notorious hacking outfit, has already set records in 2025. Investigators say the $1.5 billion Bybit breach in February, which the FBI attributes to North Korean agents, was the largest crypto hack in history.
What’s new this year, Chalkias said, is automation. Using AI models similar to ChatGPT and Claude, attackers can now analyze open source codebases across multiple blockchains, flag likely vulnerabilities and mirror successful exploits from one ecosystem to another.
“AI can combine data from previous hacks and immediately detect the same weakness elsewhere,” he explained. “A human cannot manually scan thousands of smart contracts, but an AI can do it in minutes.”
That ability turns a small cell of government hackers into something akin to a digital industrial complex. “You can scale your attack surface with a single prompt,” Chalkias said. “That’s what makes it dangerous.”
Security researchers at Microsoft and Mandiant have been working on the trend, documenting an increase in AI-assisted phishing, deepfake impersonations and synthetic job applications used by North Korean operators posing as Western software developers.
The regime’s AI toolkit now spans the entire penetration chain from social engineering, code analysis and cross-chain exploitation to money laundering, which uses pattern recognition algorithms to trace liquidity paths through mixers and OTC brokers that automate obfuscation.
Quantum: Still distant, but looming
For years, the industry’s doomsday scenario centered on quantum computing: machines powerful enough to crack bitcoin’s SHA-56 encryption and unlock millions of dormant coins.
Chalkias, who has a PhD in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.
“There is no evidence today that any computer, even a classified one, can break modern cryptography,” he said. “We’re at least 10 years away from that.”
He credits organizations like the U.S. National Security Agency and Enisa, the European Union’s cybersecurity agency, for pushing early adoption of quantum-secure standards, framing those efforts as preventive rather than reactive.
Mysten Labs, developer of the Sui blockchain, is already building migration tools that will let users move money to quantum-resistant accounts when the time comes. Chalkias worries that artificial intelligence could bring that date closer by helping physicists design new materials or error-correction methods.
“The combination of AI and quantum is what scares me,” he said. “We may have created a new species, and we can’t predict its pace.”
The bigger and faster threat
While quantum threats remain theoretical, AI is currently breaking things at breakneck speed.
DeFi platforms are particularly vulnerable, Chalkias said, because open source code allows AI models, friendly or hostile, to work around any logic.
“AI makes it trivial to find mirrored errors across protocols,” he said. “If one oracle fails, dozens may share the same failure.”
He predicts that regulators will soon require continuous, AI-aware auditing for exchanges and smart-contract platforms, essentially a standing red team that repeats vulnerability scans every time a major AI model is updated.
“Each new version of GPT or Claude finds different weaknesses,” he said. “If you don’t test against them, you’re already behind.”
Still, AI is a double-edged sword and can be used defensively as well as offensively.
This means embedding AI-based security in wallets, custodian banks and exchanges and re-auditing smart contracts on an ongoing basis. It also means preparing for the long-term quantum transition now, before regulation forces it.
“Unless we build anti-AI defenses into everything we do,” he warned, “we will always be one step behind.”
North Korea’s next move
Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most potent weapon in the short term remains AI-enhanced social engineering.
When asked if North Korea could ever build the first quantum computer, he laughed.
“No,” he said. “The real race is between the US and China. North Korea will overuse artificial intelligence for phishing, deepfakes and deception. That’s where their strength lies.”
Even without quantum capability, AI lets hackers simulate legitimate users, mimic transactions and launder funds with unprecedented subtlety.
“They don’t need quantum to break crypto,” Chalkias said. “They just need AI to make the attack invisible.”
