Key Highlights
- The Zerion breach linked to North Korea saw $100K stolen via employee-targeted social engineering attack.
- Attackers used advanced tactics to access internal wallets, exposing risks beyond crypto infrastructure.
- Firms contain impact quickly, but experts warn AI-driven phishing is raising crypto security risks.
A sophisticated cyberattack has raised concerns after Zerion confirmed a breach linked to North Korean hackers. The attackers used social engineering techniques to steal about $100,000 from the company’s internal wallets. The incident took place last week and targeted a team member’s device.
In a post on X, Zerion clarified that the breach did not affect user funds or its core infrastructure. The company said attackers gained access through compromised credentials and active login sessions. The team further stated that it quickly shut down its web app as a precaution.
“No user funds were lost,” Zerion stated in its update. However, the incident exposed internal security weaknesses tied to phishing methods and human error.
AI social engineering raises security stakes
The attackers used advanced tools to carry out a long-term social engineering campaign. They focused on a specific employee and eventually gained access to private keys. These keys controlled internal hot wallets used only for testing purposes.
Zerion said the tactics were linked to North Korea–connected threat groups. These groups have repeatedly targeted crypto firms over several years. Security experts say the use of advanced tools has made phishing messages and impersonation attempts more convincing and harder to detect.
Researchers have warned about this shift in attacks. MetaMask developer and security researcher Taylor Monahan noted earlier that North Korean-linked operators infiltrated atleast 40 crypto projects for years. Noted investigator ZachXBT also highlighted similar North Korea related risks for crypto.
Blockchain firm Elliptic also said in a February blog post that these methods now go beyond exchanges. It added, “Individual developers, project contributors, and anyone with access to cryptoasset infrastructure is a potential target.”
Response measures and broader industry impact
Zerion responded quickly after detecting the breach. The company locked down its systems and reset all exposed credentials. It also scanned employee devices for malware and tightened internal access controls. In addition, the team worked with security firms to trace attacker wallets and report them to authorities.
The company confirmed that its mobile apps and backend systems were not affected. It also stressed that its self-custodial design protects user funds, since the platform does not hold user private keys. Zerion said it plans to improve staff training and strengthen authentication policies to reduce future risks.
Also Read: Florida Recovers Record $5.4M in Crypto From Scam Network
