Gate News message, April 24 — A North Korean state-sponsored APT group dubbed HexagonalRodent has stolen over $12 million in cryptocurrency and NFTs from Web3 developers in the first quarter of 2026, according to cybersecurity firm Expel. The group compromised 2,726 developer devices and gained access to 26,584 crypto wallets.
The group primarily uses fake job postings on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skill tests” embedded with malicious code. When victims open project files in VSCode, the malware—including BeaverTail, OtterCookie, and InvisibleFerret—automatically executes, enabling credential theft, remote access, and reverse shell capabilities. The attackers also registered shell companies in Mexico to enhance credibility.
Notably, HexagonalRodent has heavily leveraged generative AI tools like ChatGPT and Cursor to develop malware, create fake company websites, and generate AI-powered executive profiles. The group recently conducted its first supply chain attack, successfully compromising a VSCode extension.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Brazil Bans Polymarket, Kalshi in Prediction Market Crackdown
Brazil has enacted a sweeping ban on prediction markets and betting platforms, including the two leading platforms Polymarket and Kalshi, according to local media and government filings. The Banco Central do Brasil issued a resolution prohibiting the platforms due to non-compliance with local
CryptoFrontier1h ago
Polish Crypto Exchange Zondacrypto CEO Flees to Israel as $97M Fraud Probe Deepens
Polish prosecutors have opened a fraud investigation into cryptocurrency exchange Zondacrypto after chief executive Przemysław Kral departed for Israel, where his citizenship could prevent extradition, leaving up to 30,000 users facing losses tied to an inaccessible cold wallet holding 4,500
Coinpedia2h ago
Litecoin Reorg Undoes MWEB Privacy Layer Exploit
Litecoin underwent a deep chain reorganization on Saturday after attackers exploited a zero-day vulnerability in its MimbleWimble Extension Block (MWEB) privacy layer, according to the Litecoin Foundation. The incident resulted in a three-hour reorg that erased invalid transactions from the
CryptoFrontier3h ago
US Sanctions Iran-Linked Crypto Wallets Holding $344M Frozen by Tether
U.S. Treasury Secretary Scott Bessent announced sanctions on multiple wallets linked to Iran as part of President Donald Trump's efforts to increase economic pressure on the country, according to CNN. The move follows Tether's freeze of $344 million in USDT on Tron, which has been linked to
CryptoFrontier3h ago
CFTC Sues New York as 38 AGs Back Kalshi Prediction Market Ban
New York Attorney General Letitia James joined a bipartisan coalition of 37 other attorneys general and the District of Columbia on Friday in urging Massachusetts' top court to uphold a preliminary injunction against prediction market platform Kalshi, while the U.S. Commodity Futures Trading Commiss
CryptoFrontier4h ago
CFTC sues New York State: Defend the federal exclusive jurisdiction over prediction markets
CFTC4/24 filed a lawsuit against the State of New York in the U.S. Federal Court for the Southern District of New York, arguing that the event contracts are subject to federal exclusive jurisdiction, and seeking a permanent injunction to stop state law from interfering with CFTC-registered entities. The core issue is field preemption; if they win, Polymarket, Kalshi, and others in the U.S. will have compliance and market positioning dominated by the federal framework, and the influence of state law will be weakened.
ChainNewsAbmedia5h ago
