- Aug 05, 2025
- 2 min read
AI Driving Surge in North Korean Crypto Thefts and Job Infiltration
Generative AI is being used to facilitate an increase in crypto heists and fraudulent infiltration traced to North Korea.
Photo credit: DC Studio / Shutterstock.com
Generative AI is being used to facilitate an increase in crypto heists and fraudulent infiltration traced to North Korea.
Decrypt recently reported that, so far in 2025, North Korean hacking groups have stolen $1.6 billion in cryptocurrencies. Google Cloud’s Cloud Threat Horizons Report also highlights two instances of a North Korean-linked group, UNC4899, infiltrating secure environments after contacting employees on social media.Â
UNC4899 is known to use fraudulent freelance job opportunities in social engineering scams to trick software developers on platforms like LinkedIn and Telegram into executing malware. This then gives attackers access to secure environments, allowing them to withdraw “several millions worth of cryptocurrency.”
Meanwhile, there has been a surge in North Korean IT worker infiltrations, with a 220% year-over-year increase in cases of companies hiring DPRK software developers. North Korea is believed to have trained thousands of tech specialists who have been hired remotely after using generative AI to forge synthetic identities. They are also believed to be using AI to mask their appearances, pass technical examinations, and appear more fluent in English.Â
“Laptop farms” have also been used by North Koreans to gain access to remote work opportunities at Fortune 500 companies. In one such case in the United States, Christina Chapman was sentenced to over eight years in a federal prison for operating a laptop farm from her Arizona home. She was found guilty of helping to defraud more than 300 US firms by securing places for North Korean operatives, generating more than $17 million for the regime.
The increase in crypto heists and cases of fraud from North Korea shows the importance of vigilance in a fast-evolving tech landscape. Generative AI and synthetic identities put companies at risk of inadvertently breaching sanctions on North Korea, which is believed to use the proceeds to fund its nuclear weapons program.
