Zerion disclosed a security incident in which a team member’s device was compromised through an AI-enabled social engineering attack linked to a DPRK threat actor. The breach resulted in the theft of company funds from internal hot wallets. User assets remained untouched because the Zerion Wallet operates on a fully self-custodial model. The company responded by immediately placing its web application into maintenance mode and expects to restore service within 48 hours while implementing enhanced protective measures across its operations.
Team Device Compromised
Last week a Zerion team member became the target of a sophisticated AI-enabled social engineering campaign associated with a DPRK threat actor, similar to incidents previously examined by security researchers at SEAL. The attackers successfully obtained access to the employee’s active logged-in sessions and credentials together with private keys belonging to several company hot wallets maintained exclusively for testing and internal purposes. Internal security protocols activated promptly, preventing the intruders from achieving any material additional abuse of the stolen credentials. The web application was moved to maintenance mode on April 11, 2026, after anomalous activity was detected on app.zerion.io, thereby blocking any possibility of malicious code deployment to Zerion’s domains.
Impact and Industry Warning
The breach produced no losses to any user funds, as Zerion Wallet grants the team zero access to customer private keys or seed phrases. Zerion’s mobile applications, browser extensions, backend infrastructure, external API services, and all social media and communication channels stayed fully isolated and operational throughout the event. In its official statement the company stressed that “this was not an opportunistic attack” and described the perpetrator as “clearly sophisticated and well-resourced” with a carefully planned operation. It further warned the broader crypto industry to exercise extreme caution with unexpected permission prompts, verify every link, and remain skeptical of AI-generated video calls or meetings. Zerion has already engaged specialized security partners to trace the stolen funds and has reported the attacker wallets to law enforcement authorities.
Key Incident Summary
- Attack exploited AI tools to breach a single team member’s credentials and internal hot wallet keys
- Financial damage confined to roughly $100,000 in company-controlled assets with zero user impact
- Web application proactively taken offline on April 11 to eliminate deployment risks
- Full credential rotation, device audits, and strengthened authentication policies now underway
