Were Zerion users affected by the attack?

No, Zerion confirmed that no user funds, apps, or core systems were compromised. The breach was limited to company-controlled hot wallets, and the platform temporarily disabled its web app as a precaution.

How did the attackers gain access?

Hackers gained access through compromised employee sessions, credentials, and private keys. This shows the attack focused on exploiting human behaviour rather than technical vulnerabilities in smart contracts.

What role did AI play in this attack?

AI was used to enhance social engineering tactics, making fake identities, messages, and interactions more convincing. This increases the success rate of scams by mimicking real people or trusted contacts more effectively.

Who is believed to be behind the attack?

The attack is linked to North Korean-affiliated hacking groups, which are known for targeting crypto companies. These groups often use long-term, highly coordinated campaigns to gain access.

How does this compare to the Drift Protocol exploit?

The Zerion attack follows a larger $280 million exploit of Drift Protocol, which also involved structured social engineering. Both incidents highlight a shift toward targeting people rather than code.

Why are crypto companies vulnerable to social engineering?

Crypto firms often rely on internal access to wallets and infrastructure, making employees a key target. If attackers gain credentials or private keys, they can bypass traditional security systems.

What platforms are attackers using in these scams?

Attackers use platforms like LinkedIn, Telegram, and Slack to build trust with targets. They often impersonate colleagues, partners, or reputable firms to gain access over time.

North Korean hackers use AI in Zerion attack

Q: What happened in the Zerion crypto hack?

Crypto wallet Zerion reported that North Korean-linked hackers used AI-driven social engineering to steal around $100,000 from its hot wallets. The attack targeted internal access points rather than user funds or core infrastructure.

Written by Brie CarterPublished Apr. 15 2026Last Updated Apr. 15 2026

Crypto wallet Zerion said North Korean-linked hackers used AI-driven social engineering to steal around $100,000 from its hot wallets in a targeted attack.

The company confirmed no user funds or core infrastructure were affected and that it temporarily disabled its web app as a precaution following the breach.

“This incident showed that AI is changing the way cyber threats work,”

Zerion said.

The attackers gained access to employee sessions, credentials and private keys, highlighting how human vulnerabilities are becoming a primary entry point rather than smart contract flaws.

The incident follows a similar attack on Drift Protocol, where $280 million was exploited through a structured social engineering campaign linked to North Korean actors.

Security researchers say the group uses long-term tactics across platforms like LinkedIn, Telegram and Slack, often impersonating trusted contacts and leveraging AI tools to enhance credibility.

The attack underscores growing risks across the crypto sector, as increasingly sophisticated AI-enabled threats target individuals and organisations with access to digital asset infrastructure.