Zerion claims ‘No user funds were affected’ as employee loses $100K in social engineering attack
After losing $100K in stolen funds, what steps has the Zerion team taken?
Zerion, a DeFi crypto wallet, has taken to the news, but for a security incident that happened last week. Unlike usual, where customers, users, or the public become targets of illicit actors. This time, a device of one of the team members of Zerion was compromised.
Naturally, this led to funds being lost, wherein approximately $100K from the “internal company hot wallets” was affected. The team, taking to X, said,
No user funds, Zerion apps or infrastructure were affected.
Alongside external API and interval services, zero Zerion social media accounts were compromised.
Steps taken by the Zerion team
As a step to avoid further security breaches, Zerion added,
We proactively took down the Zerion web app and it will be restored in the next 48 hours. Here’s what happened and what we’re doing about it.
The team had also “locked down infrastructure” to prevent the wrongdoer from positioning “malicious versions” on the company’s domain. They even reviewed all the devices of their employees to check for further vulnerabilities.
Needless to say, the team has taken the legal route by reporting specific addresses to the suitable law enforcement jurisdiction.
Remarking on the same, the Zerion team noted,
This was not an opportunistic attack. The actor is clearly sophisticated and well-resourced. They planned the attack thoroughly.
The North Korean black hole
The post-mortem of the security incident further revealed that an “AI-enabled social engineering attack linked to a DPRK threat actor” was the main driver behind this. With this method, the attacker was able to access the victim’s “logged-in sessions and credentials.”
Moreover, private keys to the company’s hot wallets used for “testing and internal purposes” were also affected.
Well, such an attack is not one-of-a-kind. In fact, the Security Alliance (SEAL) has also been investigating similar attacks from the 6th of February to the 7th of April of 2026.
In this investigation, SEAL has already identified 164 malicious websites connected to UNC1069—a North Korea-backed hacking group targeting crypto and Web3 users.
Ergo, to prevent further damage, SEAL has even restricted domains and issued a warning that the group used forged Zoom and Microsoft Teams calls. Software attacks were also one of the common attacks the group used to steal funds and sensitive data.
Crypto attacks continue
All this combined showcases an increase in different forms of attacks and the scale at which these malicious attackers are moving.
As AMBCrypto reported earlier, the FBI’s latest Internet Crime Complaint Center [IC3] report also highlighted a surge in cybercrime losses exceeding $20.8 billion in 2025.
Additionally, over 22,000 complaints were filed in 2025 involving AI-related elements, further confirming the rise in different kinds of attacks in the crypto space.
Final Summary
- A $100K loss from the Zerion team member’s device suggests such kinds of attacks are not opportunistic but planned.
- North Korea-backed hacking group is becoming the center of such attacks, with SEAL identifying 164 malicious websites connected to UNC1069.
