Zerion Confirms: DPRK Grabbed the Office Snack Fund, Not Your DeFi Bags

In a twist that would make even the most seasoned crypto detective scratch their head, Zerion just admitted that one of their team members got caught in a social engineering net—loss came to about $100K from internal company hot wallets. The good news? User funds stayed safe. No Zerion apps or infrastructure got hit. External APIs and services? All good. Social media accounts? Untouched. Turns out the hackers weren't after your DeFi bags—they just wanted the office granola bars and whatever was in the crypto snack jar.

Zerion didn't waste time. They yanked the Zerion web app offline and promised to get it back up within 48 hours. The team locked down infrastructure to stop any malicious versions from popping up on their domain. Every employee device got audited for vulnerabilities. Basically, they hit the emergency brake harder than a degen watching a coin dump in real-time.

The attackers weren't some random opportunists either. Zerion's post-mortem pinned the breach on an AI-enabled social engineering attack linked to a DPRK threat actor. These folks got into logged-in sessions and credentials, snagging private keys to hot wallets used for testing and internal purposes. The Zerion crew didn't sugarcoat it: "This was not an opportunistic attack. The actor is clearly sophisticated and well-resourced. They planned the attack thoroughly." In other words, these weren't your garden-variety Nigerian princes—they came with PowerPoint presentations and AI slide decks.

This looks like part of a bigger pattern. The Security Alliance (SEAL) has been investigating similar campaigns from February 6 to April 7, 2026, flagging 164 malicious websites tied to UNC1069—a North Korea-backed hacking group with a taste for crypto and Web3 targets. SEAL restricted domains and warned that the group leveraged forged Zoom and Microsoft Teams calls, plus software attacks to swipe funds and data. Apparently, the real Web3 killer app isn't yield farming—it's convincing people to click suspicious links while pretending to be IT support.

For context: the FBI's IC3 report just dropped word of cybercrime losses surpassing $20.8 billion in 2025, with over 22,000 complaints mentioning AI-related elements. Long story short, the attacks aren't slowing down—they're getting more creative. And somewhere, a degen is still wondering why their Discord DMs from "vitalik.eth" got so much more convincing lately.