TLDR
- KISA reports North Korean hackers use AI for crypto theft.
- Automated scripts transfer funds over $200 to hackers’ wallets.
- Kimsuky and Andariel are key groups in these cybercrimes.
On June 26, 2025, South Korea’s Korea Internet & Security Agency (KISA) revealed new information about North Korea’s use of AI tools to automate cryptocurrency theft. According to KISA, these cybercriminals are utilizing ChatGPT, an AI language model, to enhance their operations. Lead researcher Lee Seul-gi shared the information at a security conference in Seoul.
This finding is based on 39 virtual server images analyzed after being seized in September. The evidence highlights the advanced tactics of North Korean state-sponsored hacking groups, Kimsuky and Andariel. These groups have a history of digital espionage and crypto theft.
The Role of AI in North Korean Cyber Activities
North Korean hackers are now employing AI to streamline the stealing of cryptocurrencies. Lee Seul-gi explained that these attackers are “using AI-configured scripts to automatically transfer crypto to their own wallets once a victim’s balance exceeds $200.” This reflects a shift towards more efficient and automated methods of cybercrime.
Additionally, the hackers have been found to use ChatGPT for different tasks, such as generating scripts for wallet tracking, API queries, phishing sites, and data parsing. The investigation has uncovered repeated prompt histories, indicative of real-time monitoring and automation of wallet balances.
Who are Kimsuky and Andariel?
Kimsuky and Andariel are advanced persistent threat (APT) groups linked to North Korean cybercrime operations. Known for spear-phishing and data theft, these groups target digital assets to generate revenue for the North Korean regime. Previous operations have targeted cryptocurrency investors and military-related documents.
While the Lazarus Group is often associated with major crypto heists like the ByBit hack, Kimsuky and Andariel are currently at the forefront of AI-enhanced theft strategies. To learn more, see the US government’s cybercrime prevention strategies and regulatory insights.
Implications for Cryptocurrency Holders
The automation methods put forth by these groups suggest a broad targeting approach. While the report does not specify assets, scripts for balance checks imply potential impacts on widely held cryptocurrencies such as ETH, BTC, and various altcoins. Advisories highlight increased cryptocurrency laundering as a consequence of these thefts.
Even with observable on-chain activities, exact figures related to recent attacks remain scarce. Historically, stolen funds are laundered to evade detection, affecting liquidity within the crypto markets. Past incidents like the ByBit hack have shown such operations can introduce short-term market instability. For more context, read about ByBit heist implications.
Official Reactions and Regulatory Attention
The FBI has connected recent large cyber thefts, including the ByBit incident, to North Korean hackers. International cooperation continues in efforts to trace and seize stolen assets. However, no current policies specifically address AI’s role in these cybercrimes, though interest from regulators in AI’s application seems likely.
Despite these significant developments, key industry figures like Arthur Hayes, Changpeng Zhao, and others have not commented publicly. As the cybersecurity landscape evolves, increased vigilance and adaptive strategies will be crucial for cryptocurrency security mechanisms.
| Disclaimer: The content on defiliban.com is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |
