North Korea's digital thefts fuel a surge in AI-powered security for cryptocurrencies

North Korean hackers have ramped up their attacks on crypto companies, utilizing advanced social engineering and malware strategies. This surge has led industry professionals and cybersecurity specialists to recommend the use of dual wallet controls and AI-based surveillance. Recent findings from ESET and

indicate that groups such as DeceptiveDevelopment and TraderTraitor are using tactics like fake job interviews, AI-created personas, and undisclosed software vulnerabilities to breach organizations, resulting in more than $2.17 billion stolen during just the first half of 2025 ESET Research: North Korean IT workers use fake profiles to steal crypto [ 1 ]. The FBI has linked the $1.5 billion Bybit hack—North Korea’s largest theft to date—to the Lazarus Group, highlighting a shift from random attacks to organized, government-supported operations BeInCrypto: Alleged North Korea’s 2025 Crypto Hacks | Largest Heist Ever [ 4 ].

North Korean agents often pretend to be recruiters on sites like LinkedIn and Upwork, presenting fake job offers to entice developers into installing malicious software disguised as troubleshooting utilities. ESET’s report details the use of ClickFix, a method where targets are sent to fraudulent interview platforms and deceived into running harmful code via terminal commands ESET Research: North Korean IT workers use fake profiles to steal crypto [ 1 ]. Furthermore, North Korean IT specialists are infiltrating companies using stolen identities, with the Security Alliance (SEAL) team identifying over 60 such imposters. These insiders frequently abuse their access to extract sensitive data, blackmail employers, or divert funds through bogus contracts Cointelegraph: CZ, Crypto 'SEAL' Team Sound Alarm On 60 North … [ 2 ].

The financial consequences of these breaches are immense. According to Chainalysis, North Korea was responsible for 70% of all crypto thefts worldwide in the first half of 2025, laundering the proceeds through services like Tornado Cash. The recent conviction of Tornado Cash co-founder Roman Storm by the DOJ marks a regulatory push against money laundering tools, but analysts caution that decentralized finance (DeFi) and privacy-focused cryptocurrencies will likely continue to attract North Korean actors BeInCrypto: Alleged North Korea’s 2025 Crypto Hacks | Largest Heist Ever [ 4 ]. TRM Labs estimates that North Korean operations brought in $1.6 billion in 2025 through a mix of exchange hacks and remote work scams, with stolen wages and ransom money supporting weapons development Cointelegraph: Dual Wallets, AI Monitoring Can Save Crypto From North Korean H… [ 5 ].

To counter these threats, crypto businesses are encouraged to implement dual-authorization wallet systems—requiring multiple parties to approve transactions—and to deploy AI-powered tools for real-time detection of suspicious activity. Hacken’s Yehor Rudytsia stresses the importance of “comprehensive background screening, strict access controls, and improved activity logging” to reduce insider threats. Deddy Lavid from Cyvers suggests that AI-based anomaly detection, especially during onboarding and in linking onchain and offchain data, can help prevent incidents like the $400 million Coinbase breach Cointelegraph: US Sanctions North Korea IT Worker Crypto Fraud Ring [ 6 ]. Binance’s CZ has also advocated for thorough candidate screening and staff education to guard against phishing and malware-infected interview links Cointelegraph: CZ, Crypto 'SEAL' Team Sound Alarm On 60 North … [ 2 ].

International enforcement efforts are intensifying. The U.S. Treasury has imposed sanctions on two people and four organizations connected to North Korea’s IT worker fraud network, freezing their assets and prohibiting transactions under the Kingpin Act. At the same time, the DOJ confiscated $7.7 million in cryptocurrency linked to fraudulent employment operations, targeting those who managed “laptop farms” to provide remote access for North Korean operatives. Despite these actions, authorities warn that the scale of the threat—which included 47 incidents in 2024 and 75 in the first half of 2025—demands coordinated global action to close enforcement loopholes BeInCrypto: Alleged North Korea’s 2025 Crypto Hacks | Largest Heist Ever [ 4 ].

With North Korean strategies constantly evolving, the crypto sector must address both technical vulnerabilities and the broader regulatory and geopolitical challenges. The rise of fake identities, AI-powered deepfakes, and international deception highlights the urgent need for proactive security measures. Without strong defenses, crypto companies remain at high risk for further attacks and the resulting financial and reputational harm within the decentralized finance landscape.