North Korea crypto hackers tap ChatGPT, Malaysia road money siphoned: Asia Express

Audio version of the article will appear right here in minutes.

North Korean hackers automate crypto crime with ChatGPT

North Korea’s state-sponsored hacking groups are automating cryptocurrency theft with the help of AI tools like ChatGPT, according to South Korean cybersecurity officials.

Lee Seul-gi, lead researcher at the Korea Internet & Security Agency (KISA), said attackers are using AI-configured scripts to automatically transfer crypto to their own wallets once a victim’s balance exceeds $200.

During a security conference in Seoul on Thursday, Lee shared the findings of an investigation that analyzed 39 virtual server images seized in September, according to local media.

The analysis uncovered evidence of operations by two North Korea-linked groups: Kimsuky, which allegedly targeted cryptocurrency investors, and Andariel, which sought military-related documents.

According to Lee, the attackers relied on a variety of online information, such as searching Google for crypto-related Python code, browsing forums and watching YouTube tutorials. They also heavily relied on ChatGPT to generate scripts for wallet tracking, API queries, phishing sites and data parsing.

ChatGPT rejection to generate scam script — *ChatGPT declines to generate an illicit script in Magazine’s test. (OpenAI)*

Lee reportedly said internet activity history revealed repeated prompts related to wallet balance checks, mnemonic input tools and price-fetching scripts. A key feature of the operation involved real-time wallet monitoring, which was eventually used to automate crypto transfers.

The hackers are suspected of infiltrating a South Korean crypto community with about a million members using an online forum, collecting usernames and email addresses to target with phishing campaigns.

The entire process appears to have been supported by ChatGPT-generated code, according to Lee, adding that his research team has not determined whether the scripts were manually refined by the attackers.

ChatGPT developer OpenAI appears aware that its platform is being misused by North Korean cyber units. In early June, the company said it had banned accounts believed to be linked to North Korean operatives, including individuals suspected of using AI tools to obtain remote IT jobs, which has been a rising issue that has also impacted the cryptocurrency industry.

Malaysia’s highway development funds converted to crypto for personal use

The Malaysian Anti-Corruption Commission (MACC) reported that 11 million Malaysian ringgit (about $2.3 million), intended to fund the Maju Expressway Extension (MEX II) project, has been misappropriated and diverted into cryptocurrency for personal expenses.

The 18-kilometer MEX II project kicked off in 2016 and was due for completion in 2019, but funds meant for its development appear to have been siphoned off. The MACC has so far questioned 55 individuals and made nine arrests. It has also frozen 14 personal accounts and eight company accounts totaling 156 million ringgit as part of its probe.

MACC Chief Commissioner Azam Baki talking to media broadcasted by state media outlet Bernama — *MACC says it has raided the residence of the main suspect. (Bernama TV*)

Investigators believe the crypto-linked funds were part of a larger web of financial misconduct involving alcohol, unlicensed gambling and high-end luxury spending. The wider scandal is believed to involve hundreds of millions of ringgit and centers on a high-profile corporate figure with the title “Tan Sri,” one of Malaysia’s highest civilian honorifics. The individual allegedly channeled funds through proxy companies and personal accounts, including those belonging to his wife.

MACC Chief Commissioner Azam Baki said at a press conference that at least ten more witnesses will be called in the coming weeks and that formal statements from the banks involved are being compiled.

Azam added that he expects the case to be wrapped up within two months.

Hong Kong’s crypto policy to start with stablecoin licenses

The Financial Services and the Treasury Bureau released an updated policy statement on Thursday outlining its strategy for integrating cryptocurrencies into Hong Kong’s financial system.

Paul Chan Financial Secretary's Office — *Hong Kong continues to roll out policy statements to attract crypto business. (Financial Secretary’s Office*)

The plan introduces a framework divided into four segments: legal, tokenized products, stablecoins and talent.

Key regulatory reforms include upcoming licensing regimes for digital asset dealers and custodians, led by the Securities and Futures Commission.

In parallel, a legal review on tokenization will explore how to integrate bonds, gold and renewable energy into the blockchain economy.

Hong Kong also pledged to regularize tokenized government bond issuance and clarify stamp duty exemptions for tokenized exchange-traded funds.

The most immediate change will be the rollout of Hong Kong’s stablecoin licensing system, set to take effect on Aug. 1. Passed in May, the Stablecoins Ordinance requires any entity issuing a fiat-backed stablecoin in Hong Kong to obtain a license from the Hong Kong Monetary Authority, the city’s de facto central bank.

Financial Secretary Paul Chan said in a recent interview that the government would begin with fiat-pegged stablecoins that encourage real-world use cases such as cross-border payments and settlement.

India’s own crypto spy gets arrested

Screenshot of a video of navy clerk Vishal Yadav's arrest in India for selling military secrets to Pakistan for crypto. — *Yadav reportedly communicated with a Pakistani intelligence agent through social media. (Press Trust of India*)

A clerk working at India’s naval headquarters has been arrested for allegedly passing classified information to Pakistan in exchange for cryptocurrency.

The suspect, Vishal Yadav, is accused of leaking sensitive defense details, including information related to Operation Sindoor, a military response launched on May 7 after the April 22 Pahalgam attack, which killed 26 civilians and was attributed to militants based in Pakistan, according to broadcaster NDTV.

Cryptocurrency is increasingly being used in espionage cases. In 2024, Taiwan charged two military officers with selling secrets to China for Tether (USDT), while eight others were later convicted in related cases.

Where past espionage was often connected to ideological motives, recent examples suggest that financial pressure — particularly among younger personnel — is becoming a common driver.

In a more recent incident, Israeli media reported that on Monday, authorities arrested three citizens suspected of spying for Iran, also allegedly in exchange for crypto payments.

Share Share Share Share

Yohan Yun

Yohan Yun is a multimedia journalist covering blockchain since 2017. He has contributed to crypto media outlet Forkast as an editor and has covered Asian tech stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking, and experimenting with new recipes.