North Korea’s notorious state-sponsored hackers have taken a technological leap: they’re now using artificial intelligence tools like ChatGPT to automate cryptocurrency theft, according to South Korean cybersecurity experts. This revelation highlights a dangerous new frontier in cybercrime, where advanced AI is weaponized by state actors to target digital assets with unprecedented efficiency.
Lee Seul-gi, lead researcher at the Korea Internet & Security Agency (KISA), disclosed during a security conference in Seoul on Thursday that North Korean hacking groups are leveraging AI-generated scripts to automatically transfer stolen crypto funds. The operation is so precise that transfers are triggered as soon as a victim’s wallet balance exceeds $200.
“These attackers are now using AI-configured scripts to monitor and syphon crypto holdings in real time,” Lee said, emphasising the sophistication and automation behind these attacks. His findings are based on an extensive investigation into 39 virtual server images seized last September, which revealed the inner workings of North Korea-linked hacking groups.
Evidence Points to Kimsuky and Andariel Groups
According to Lee, two of Pyongyang’s most infamous cyber units were implicated: Kimsuky, known for targeting cryptocurrency investors, and Andariel, which has historically focused on stealing military-related documents.
The investigation uncovered how these groups collected a wealth of online resources, from Python code found on Google to tutorials on YouTube, to train their AI systems. The hackers then used ChatGPT to streamline the development of scripts capable of tracking wallet balances, querying cryptocurrency exchange APIs, creating phishing sites, and parsing harvested data for actionable intelligence.
“Our analysis showed repeated ChatGPT prompts related to wallet monitoring tools, mnemonic input scripts, and price-fetching utilities,” Lee explained. “This allowed them to automate key parts of their heist process with remarkable speed and scale.”
Infiltration of South Korean Crypto Communities
The attackers’ strategy extended beyond technical exploits. Lee revealed that the groups infiltrated a popular South Korean cryptocurrency community boasting around a million members. By joining online forums, they harvested usernames and email addresses, which they later used in highly targeted phishing campaigns designed to trick victims into revealing sensitive credentials.
What sets this campaign apart, Lee noted, is the integration of AI-generated scripts throughout the operation, from identifying and tracking promising targets to orchestrating the transfer of funds. It remains unclear whether the hackers manually refined the code produced by ChatGPT, but the evidence suggests a high degree of automation.
OpenAI Responds to AI Misuse
The revelations have caught the attention of OpenAI, the company behind ChatGPT. In early June, OpenAI acknowledged concerns over its platform being exploited by North Korean cyber units and confirmed that it had banned accounts suspected of belonging to Pyongyang’s operatives.
These bans targeted individuals believed to be using AI not just for direct theft but also to obtain remote IT jobs fraudulently, an emerging trend that has increasingly entangled the cryptocurrency industry. By infiltrating companies as remote workers, these operatives could gain privileged access to internal systems, opening new avenues for cyber espionage and theft.
A Growing Threat to Global Crypto Security
Experts warn that the use of advanced AI by North Korean hackers could mark the beginning of a new era of cybercrime, where rogue states and organised crime syndicates exploit publicly available AI tools to launch attacks that are faster, cheaper, and harder to detect.
The stakes are high: as cryptocurrency adoption continues to rise across Asia and beyond, billions of dollars in digital assets are at risk from increasingly sophisticated threats.
“This is a wake-up call for the crypto industry and regulators alike,” Lee concluded. “The misuse of AI tools like ChatGPT by North Korean hackers shows just how quickly cybercriminals can adapt. We need to step up our defences now, before this becomes the new normal.”
As the investigation continues, cybersecurity experts are calling for stronger collaboration between governments, AI developers, and crypto platforms to mitigate these emerging threats and protect users worldwide from state-sponsored cybercrime fueled by artificial intelligence.
