State-backed entities, notably North Korea, are leveraging advanced artificial intelligence to industrialize cryptocurrency theft and money laundering, presenting a new scale of threat to digital asset security.
Experts warn that groups like North Korea’s Lazarus Group are combining AI-driven automation with social engineering and sophisticated code analysis. This enables them to scale attacks to unprecedented levels.
A February 2025 attack, attributed to the Lazarus Group by a U.S. investigative body, serves as a paradigm case. This incident reportedly exploited the Bybit exchange for $1.5 billion, demonstrating AI’s potential for massive illicit gains.
The integration of large language models, similar to GPT and Claude, significantly accelerates these operations. These AI models can scan thousands of smart contracts and identify exploit patterns in minutes, a task that previously required large human teams.
This efficiency allows attackers to replicate successful exploits across various blockchain networks with minimal adjustments. It transforms isolated vulnerabilities into chains of exploitable weaknesses.
Kostas Kryptos Chalkias, co-founder and head of cryptography at Mysten Labs, highlighted AI’s dual nature. He told CoinDesk that AI is “the best tool I’ve had as a white hat hacker,” but also expressed concern over its misuse.
Beyond direct code exploitation, researchers from Microsoft and Mandiant report a rise in AI-assisted phishing, deepfakes, and synthetic job applications. These methods are used to infiltrate organizations and position malicious code.
The result is an integrated attack chain spanning reconnaissance, social engineering, code analysis, cross-chain exploitation, and fund laundering. This streamlined process reduces operational friction for attackers and amplifies their impact.
Decentralized Finance (DeFi) platforms are particularly vulnerable due to their open and replicable code. A single flaw in an oracle or a common library can propagate across numerous protocols that reuse shared components.
Chalkias explained that AI’s ability to combine data from past hacks enables attackers to locate and systematically exploit “mirror bugs.” Blockchain’s transparency, intended for trust, becomes a map for AI models processing vast amounts of code.
Traditional security audits are no longer sufficient against these evolving AI threats. The industry now calls for continuous scanning solutions and AI-integrated defenses capable of detecting patterns that human auditors might miss.
Private companies and academic institutions are developing automated “red teams.” These teams re-execute security tests whenever large language models receive updates, constantly evaluating defenses against rapidly evolving AI-powered threats.
While the long-feared threat of quantum computers breaking modern cryptography remains a future concern, estimated at least a decade away, current efforts focus on the immediate impact of AI. Mysten Labs is preparing quantum-resistant migration tools.
Industry recommendations center on three main areas: continuous auditing, integrating AI-based defenses, and fostering international cooperation. These measures aim to track and sanction illicit financial flows.
Custody platforms and cryptocurrency exchanges must implement automated scans. These systems should test smart contracts against multiple versions of language models to minimize exposure to new offensive AI variants.
Regulators and intelligence agencies are prioritizing the traceability of money laundering. Pattern recognition algorithms can map liquidity routes, helping to neutralize obfuscation techniques that previously relied on human analysis.
The developer community is urged to prioritize secure coding patterns and avoid direct copying of critical libraries without thorough reviews. Collaboration across companies, academia, and government agencies is vital to increase the cost for attackers.