North Korea’s state-sponsored hacking operations have evolved dramatically through integration of artificial intelligence tools that enable small teams to operate with industrial-scale efficiency, according to Kostas Kryptos Chalkias, co-founder and chief cryptographer of Mysten Labs. The country’s cyber units, responsible for an estimated $2 billion in cryptocurrency theft in 2025 alone, now deploy large language models across nearly every attack phase including reconnaissance, phishing, code analysis, and money laundering. The Lazarus Group’s February breach of Bybit, which resulted in $1.5 billion losses and was attributed by the FBI to North Korean operatives, exemplifies the scale these AI-enhanced capabilities enable. Unlike traditional manual analysis requiring dozens of programmers, AI models can scan thousands of smart contracts across multiple blockchains within minutes, identifying vulnerabilities and replicating successful exploits from one ecosystem to another.
Chalkias emphasizes that AI represents a more immediate threat to blockchain security than quantum computing, which remains at least a decade away from breaking modern cryptographic standards despite long-standing industry concerns. The ability of AI to combine data from previous hacks and instantly identify similar weaknesses elsewhere transforms small state-backed hacking cells into operations resembling digital industrial complexes capable of scaling attack surfaces with single prompts. Security researchers at Microsoft and Mandiant have documented rising AI-assisted phishing campaigns, deepfake impersonations, and synthetic job applications where North Korean operatives pose as Western software developers. The regime’s AI toolkit now spans the entire intrusion chain, including pattern-recognition algorithms that automate money laundering by tracking liquidity paths through mixers and over-the-counter brokers.
The defensive implications are substantial, with Chalkias predicting that regulators will soon mandate continuous AI-aware auditing for exchanges and smart-contract platforms—essentially permanent red teams that rerun vulnerability scans each time major AI models receive updates. DeFi platforms face particular exposure due to open-source code that allows both friendly and hostile AI models to analyze every line of logic, with AI making it trivial to find mirrored bugs across protocols where single oracle failures can expose dozens of platforms sharing identical flaws. While quantum computing threats remain theoretical and organizations like the NSA and EU’s Enisa push early adoption of quantum-safe standards, Chalkias worries that AI might accelerate quantum development by helping physicists design new materials or error-correction methods.
Despite the escalating threat landscape, AI functions as a double-edged sword offering defensive capabilities alongside attack vectors. Chalkias advocates embedding AI-based security into wallets, custodians, and exchanges while continuously re-auditing smart contracts and preparing for eventual quantum transitions before regulatory mandates force adoption. North Korea’s primary near-term weapon remains AI-enhanced social engineering rather than quantum capabilities, with Western intelligence agencies documenting experiments in AI-generated propaganda and disinformation. The country lacks the resources to compete in the quantum computing race between the United States and China, but doesn’t require quantum capability to maintain effectiveness—AI alone enables simulation of legitimate users, transaction mimicry, and fund laundering with unprecedented subtlety, making attacks increasingly invisible to traditional detection methods.
