Crypto crime is changing, and North Korea’s state-backed hackers are at the forefront.
No longer needing dozens of expensive educated programmers to analyze blockchain code and smart contracts for vulnerabilities, it is now possible to set AI to work, according to Costas Kryptos Chalkias, co-founder and chief cryptographer of Myst Labs.
Large language models represent a greater threat to the industry than quantum computing, which would potentially operate so fast that the encryption algorithms used would become obsolete. He said Pyongyang’s cyber units, which have already been responsible for the theft of an estimated $2 billion in crypto this year, have begun to integrate large language models into nearly every phase of their attacks: reconnaissance, phishing, code analysis and money laundering.
“AI is the best tool I have ever had as a white-hat hacker,” Chalkias said in an interview with CoinDesk. “And you can imagine what happens when it’s in the wrong hands.”
AI-powered theft on record scale
The country’s most notorious hacking unit Lazarus Group has already set a record in 2025. The $1.5 billion Bybit breach in February, which the FBI attributed to North Korean operatives, was the largest crypto hack in history, investigators say.
What’s new this year is automation, Chalkias said. Using the same AI models as ChatGPT and Cloud, attackers can now analyze open-source codebases across multiple blockchains, flagging potential vulnerabilities and mirroring successful exploits from one ecosystem to another.
“AI can combine data from previous hacks and quickly see the same weakness elsewhere,” he explained. “A human cannot manually scan thousands of smart contracts, but an AI can do it in minutes.”
This capability turns a small cell of state hackers into something like a digital industrial complex. “You can measure your attack surface with a signal,” Chalkias said. “That’s what makes it dangerous.”
Security researchers at Microsoft and Mandiant have worked together on this trend, documenting a rise in AI-assisted phishing, deepfake impersonation, and synthetic job applications used by North Korean operators posing as Western software developers.
Governance’s AI toolkit now spans the entire intrusion chain, from social engineering, code analysis and cross-chain exploitation to laundering, which uses pattern-recognition algorithms to track liquidity paths through mixers and OTC brokers, which automate obfuscation.
Quantum: still far away, but looming
For years, the industry’s doomsday vision focused on quantum computing: machines powerful enough to crack Bitcoin’s SHA-56 encryption and unlock millions of dormant coins.
Chalkias, who holds a doctorate in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.
He said, “There is no evidence today that any computer, even classified computers, can break modern cryptography.” “We’re at least 10 years away from that.”
He credits organizations like the U.S. National Security Agency and ENISA, the European Union’s agency for cybersecurity, for pushing for early adoption of quantum-safe standards, and frames those efforts as preventative rather than reactive.
Mysten Labs, the developer of the Sui blockchain, is already building a migration tool that will let users transfer funds to quantum-resistant accounts when the time comes. Chalkias worries that AI could bring that date closer by helping physicists design new materials or error-correction methods.
“The combination of AI and quantum bothers me,” he said. “We may have created a new species, and we can’t predict its speed.”
great and imminent danger
While quantum threats remain theoretical, AI is currently breaking things at a rate of knots.
DeFi platforms are particularly exposed, Chalkias said, because open-source code allows AI models, friendly or hostile, to tackle every line of reasoning.
“AI makes it easier to find bugs reflected in protocols,” he said. “If one oracle fails, dozens may have the same fault.”
He predicts that regulators will soon require constant, AI-aware auditing of exchanges and smart-contract platforms, essentially a permanent red-team that re-runs vulnerability scans every time a major AI model is updated.
“Each new version of GPT or cloud has different vulnerabilities found in it,” he said. “If you’re not testing against them, you’re already behind.”
Nevertheless, AI is a double-edged sword and can be used defensively as well as offensively.
This means embedding AI-based security into wallets, custodians, and exchanges, and constantly re-auditing smart contracts. It also means preparing for the long-term quantum transition now, before regulation pressures are imposed.
“Until we build anti-AI protection into everything we do, we will always be one step behind,” he warned.
North Korea’s next step
Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most powerful near-term weapon is AI-enhanced social engineering.
When asked if North Korea could ever build the first quantum computer, he laughed.
“No,” he said. “The real race is between the US and China. North Korea will use AI heavily for phishing, deepfakes and deception. That’s where their strength lies.”
Even without quantum capabilities, AI lets hackers simulate legitimate users, mimic transactions, and launder money with unprecedented precision.
“They don’t need quantum to break crypto,” Chalkias said. “They just need AI to make the attack invisible.”