There’s a change coming in crypto crime, and North Korea’s state-backed hackers are at the vanguard.
There is no longer any need for dozens of expensively educated programmers to analyze blockchain code and smart contracts for vulnerabilities, it is now possible to set AI to work, according to Kostas Kryptos Chalkias, Co-Founder and Chief Cryptographer of Mysten Labs.
Large language models represent a greater threat to the industry than quantum computing, which potentially works so fast that the encryption algorithms used are obsolete. Pyongyang’s cyber units, responsible for stealing approx $2 billion in crypto already this year.
“AI is the best tool I have as a white-hat hacker,” Chalkias said in an interview with Coindesk. “And you can imagine what happens when it’s in the wrong hands.”
AI-driven theft on a record scale
The Lazarus Group, the country’s most notorious hacking unit, has already set records in 2025. Investigators say $ 1.5 billion Bybit Breach in Februarywhich the FBI linked to North Korean operatives, was the largest crypto hack in history.
What’s new this year, Chalkias said, is automation. Using AI models like ChatGPT and Claude, attackers can now analyze open-source codebases across multiple blockchains, likely vulnerabilities and mirror successful exploits from one ecosystem to another.
“AI can combine data from previous hacks and immediately spot the same vulnerability elsewhere,” he explained. “A person cannot manually scan thousands of smart contracts, but an AI can do it in minutes.”
That ability turns a small cell of state hackers into something resembling a digital industrial complex. “You can measure your attack surface with a single prompt,” Chalkias said. “That’s what makes it dangerous.”
Security researchers at Microsoft and Mandiant have worked together In the trend, documenting the rise of AI-assisted phishing, Deepfake impersonations and Synthetic work applications Used by North Korean operatives posing as Western software developers.
Today’s regime’s AI toolkit covers the entire chain of intrusion from social engineering, code analysis and cross-chain exploitation to laundering, using pattern-recognition algorithms to trace liquidity paths through mixers and OTC brokers, automating obfuscation.
Quantity: Still far away, but floating
For years, the industry’s Doomsday scenario centered on Quantum Computing: Machines powerful enough to crack Bitcoin’s SHA-56 encryption and unlock millions of dormant coins.
Chalkias, who holds a doctorate in identity-based cryptography and has spent more than a decade researching post-quantum algorithms, remains calm.
“There is no evidence today that any computer, even a classified one, can break modern cryptography,” he said. “We’re at least 10 years away from that.”
He credits organizations such as the US’ National Security Agency and ENISA, the European Union’s agency for cybersecurity, for pushing for the early adoption of secure quantum standards, and frames these efforts as preventative rather than reactive.
Mysten Labs, developer of the SUI blockchain, is already building transfer tools that will let users transfer funds to accounts that are fully fledged when the time comes. Chalkias worries that AI could get closer to that date by helping physicists design new materials or error-correction methods.
“The combination of AI and Quantum is what blows me away,” he said. “We could be creating a new species, and we can’t predict how fast it will go.”
The bigger and faster threat
While quantitative threats remain theoretical, AI is currently taking things apart at the rate of knots.
Defi platforms are particularly exposed, Chalkias said, because open-source code allows AI models, friendly or hostile, to comb through every line of logic.
“AI makes it trivial to find mirrored bugs across protocols,” he said. “If one Oracle fails, dozens may share the same flaw.”
He predicts that regulators will require continuous, AI-aware auditing for exchanges and smart-contract platforms, essentially a standing red-team that scans vulnerability reruns every time a core AI model is updated.
“Each new version of GPT or Claude finds different vulnerabilities,” he said. “If you’re not testing against them, you’re already behind.”
However, AI is a double-edged sword and can be used defensively as well as offensively.
This means embedding AI-based security into wallets, custodians, and exchanges, and re-auditing smart contracts. It also means preparing for long-term volume migration now, before regulation forces it.
“Unless we build anti-AI defenses into everything we do,” he warned, “We’ll always be one step ahead.”
North Korea’s next move
Beyond pure hacking, North Korea has begun experimenting with AI-generated propaganda and disinformation, according to Western intelligence agencies. But Chalkias said he believes the country’s most powerful close-range weapon remains AI-enhanced social engineering.
When asked if North Korea could build the first quantum computer, he laughed.
“No,” he said. “The real race is between the US and China. North Korea will overuse AI for phishing, deepfakes and deception. That’s their strength.”
Although completely incompetent, AI allows hackers to impersonate legitimate users, simulate transactions, and launder funds with unprecedented efficiency.
“They don’t need volume to break crypto,” Chalkias said. “They just need the AI to not detect the attack.”
