Zerion says a team member’s device was compromised in an AI-enabled social engineering attack linked to a DPRK threat actor. The attacker gained access to logged-in sessions, credentials, and private keys for internal company hot wallets, leading to about $100,000 in stolen company funds. Zerion states that user funds, mobile and browser app builds, backend infrastructure, APIs, and social media accounts were not affected. The response included locking down deployment infrastructure, taking the web app into maintenance mode, rotating credentials and keys, reconfiguring multisig accounts, scanning employee devices, and working with security partners to trace attacker wallets.