A shift in cryptocrime is coming, and North Korea’s state-backed hackers are at the forefront.
There is no longer a need for dozens of expensively educated programmers to analyze blockchain code and smart contracts for vulnerabilities; It is now possible to configure AI for the task, according to Kostas Kryptos Chalkias, co-founder and chief cryptographer at Mysten Labs.
Large language models pose a greater threat to the industry than quantum computing, which would potentially run so fast that the encryption algorithms used would become obsolete. Pyongyang’s cyber units, responsible for stealing roughly $2 billion in cryptocurrency this year, have begun integrating large language models into nearly every stage of their attacks: reconnaissance, phishing, code analysis and profit laundering, he said.
“AI is the best tool I have ever had as a white hat hacker,” Chalkias said in an interview with CoinDesk. “And you can imagine what happens when it’s in the wrong hands.”
AI-powered theft on record scale
The Lazarus Group, the country’s most notorious hacking unit, has already set records in 2025. Researchers say the $1.5 billion Bybit leak in February, attributed by the FBI to North Korean agents, was the largest crypto hack in history.
What’s new this year, Chalkias said, is automation. Using AI models similar to ChatGPT and Claude, attackers can now analyze open source codebases across multiple blockchains, pinpoint potential vulnerabilities, and mirror successful exploits from one ecosystem to another.
“AI can combine data from previous attacks and immediately detect the same weakness in other places,” he explained. “A human cannot manually scan thousands of smart contracts, but an AI can do it in minutes.”
That capability turns a small cell of state hackers into something akin to a digital industrial complex. “You can scale your attack surface with a single message,” Chalkias said. “That’s what makes it dangerous.”
Security researchers at Microsoft and Mandiant have been working together on this trend, documenting a rise in AI-assisted phishing, fake impersonations, and synthetic job applications used by North Korean agents posing as Western software developers.
The regime’s AI toolset now spans the entire intrusion chain, from social engineering, code analysis, and cross-chain exploitation to laundering, which uses pattern recognition algorithms to trace liquidity paths through OTC mixers and brokers, automating obfuscation.
Quantum: still distant, but imminent
For years, the industry’s doomsday scenario centered on quantum computing: machines powerful enough to crack bitcoin’s SHA-56 encryption and unlock millions of dormant coins.
Chalkias, who has a PhD in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.
“Today there is no evidence that any computer, even a classified one, can crack modern cryptography,” he said. “We’re at least 10 years away from that.”
He credits organizations like the U.S. National Security Agency and Enisa, the European Union’s cybersecurity agency, for driving the early adoption of quantum security standards, and frames those efforts as preventative rather than reactive.
Mysten Labs, developer of the Sui blockchain, is already creating migration tools that will allow users to transfer funds to quantum-resistant accounts when the time comes. Chalkias worries that AI could bring that date closer by helping physicists design new materials or error-correction methods.
“The combination of AI and quantum is what scares me,” he said. “We could have created a new species and we cannot predict its pace.”
The biggest and fastest threat
While quantum threats remain theoretical, AI is breaking things at a dizzying pace.
DeFi platforms are particularly exposed, Chalkias said, because open source code allows AI models, friendly or hostile, to analyze every line of logic.
“AI makes it trivial to find errors reflected in all protocols,” he said. “If one oracle fails, dozens may share the same defect.”
He predicts that regulators will soon require continuous, conscious AI auditing for exchanges and smart contract platforms, essentially a permanent red team that reruns vulnerability scans every time a major AI model is updated.
“Each new version of GPT or Claude finds different weaknesses,” he said. “If you’re not testing against them, you’re already behind.”
Still, AI is a double-edged sword and can be used in both defense and attack.
That means building AI-based security into wallets, custodians, and exchanges, and continually re-auditing smart contracts. It also means preparing for the long-term quantum transition now, before regulation forces it.
“Unless we build defenses against AI into everything we do,” he warned, “we will always be one step behind.”
North Korea’s next step
Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most potent weapon in the near term remains AI-enhanced social engineering.
When asked if North Korea could ever build the first quantum computer, he laughed.
“No,” he said. “The real race is between the United States and China. North Korea will overuse AI for phishing, deepfakes and hoaxes. That’s where its strength lies.”
Even without quantum capabilities, AI allows hackers to simulate legitimate users, imitate transactions, and launder funds with unprecedented subtlety.
“They don’t need quantum to crack cryptocurrencies,” Chalkias said. “They just need AI to make the attack invisible.”
