Google Mandiant Says AI Used to Hack Crypto Market, Infiltrates Virtual Meetings of Crypto Firms

▲ North Korean hacker

Google has issued a stark warning that North Korea-origin malware campaigns, now armed with artificial intelligence technology and growing increasingly sophisticated, are directly targeting the security systems of the cryptocurrency and decentralized finance markets.

According to recent findings, Mandiant, a security firm under Google, revealed that North Korean-linked hacking groups are advancing their attack methods against crypto companies by deploying AI-generated deepfake videos in fake video conferences. The investigation found that a North Korean threat group known as UNC1069, also called CryptoCore, is impersonating fictitious individuals or real executives in the crypto industry to lure victims into elaborate phishing meetings. The attackers hijack Telegram accounts and send fraudulent Zoom links, inducing victims to execute malicious commands within their systems.

To dispel suspicion, the attackers boldly display AI deepfake videos modeled after the CEOs of well-known cryptocurrency firms during video calls. Once the meeting begins, the hackers claim there are audio issues and trick victims into entering specific commands to resolve them. Systems compromised through this so-called ClickFix technique were found to have been infected with seven different malware families designed to steal credentials, browser data, and session tokens. North Korean hackers are no longer merely imitating advanced technologies but are integrating AI as a core engine of their attacks to maximize evasion capabilities.

The scale of North Korea’s cryptocurrency theft continues to break records each year, posing a threat to the global financial system. Blockchain analytics firm Chainalysis reported that North Korea-linked hackers stole $2.02 billion worth of cryptocurrency in 2025 alone, a 51% increase from the previous year. The cumulative total of digital assets stolen by North Korea has reached approximately $6.75 billion, accounting for about 59% of all cryptocurrency theft incidents worldwide. Rather than conducting large-scale phishing operations, North Korea has shifted to precision strikes targeting specific companies and individuals, causing massive damage with fewer attacks.

Fraser Edwards, CEO of decentralized identity firm cheqd, noted that the alarming aspect of these attacks lies in their exploitation of trust within routine workflows. He explained that AI is not used solely for video production but also to refine the tone of messages and perfectly mimic conversation partners, leaving little room for doubt. He further warned that as AI agents become more integrated into everyday communication and decision-making, impersonation attacks leveraging deepfakes could evolve from manual efforts into automated, large-scale processes.

The cryptocurrency industry and individual investors must maintain extreme caution regarding unverified external links or video meeting requests. Google assesses that cyber threats originating from North Korea go beyond simple asset theft and could undermine trust in financial networks, and it plans to strengthen international threat intelligence sharing. Rather than relying on instinct or familiarity to judge security, it is urgently necessary to build robust defense systems capable of verifying authenticity at the systemic level. As North Korea evolves with AI as its new wing, the security paradigm of the crypto ecosystem must undergo fundamental change.

*Disclaimer: This article is for investment reference only and we are not responsible for any investment losses incurred based on it. The content should be interpreted solely for informational purposes.*

속보는 코인리더스 텔레그램으로 (클릭)

t.me/coinreadersofficial

속보는 코인리더스 텔레그램으로 (클릭)

t.me/coinreadersofficial