Gate News message, April 24 — A North Korean state-sponsored APT group dubbed HexagonalRodent has stolen over $12 million in cryptocurrency and NFTs from Web3 developers in the first quarter of 2026, according to cybersecurity firm Expel. The group compromised 2,726 developer devices and gained access to 26,584 crypto wallets.
The group primarily uses fake job postings on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skill tests” embedded with malicious code. When victims open project files in VSCode, the malware—including BeaverTail, OtterCookie, and InvisibleFerret—automatically executes, enabling credential theft, remote access, and reverse shell capabilities. The attackers also registered shell companies in Mexico to enhance credibility.
Notably, HexagonalRodent has heavily leveraged generative AI tools like ChatGPT and Cursor to develop malware, create fake company websites, and generate AI-powered executive profiles. The group recently conducted its first supply chain attack, successfully compromising a VSCode extension.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Zondacrypto Collapse Triggers Fraud Probe in Poland
Zondacrypto, an Estonia-registered digital asset trading platform, announced last month that it was on the brink of collapse after attracting $100 million in savings from Polish clients following a major marketing campaign. The company has since stopped servicing client accounts, and state
CryptoFrontier4h ago
$20M Pig Butchering Scam Victim Files Lawsuit Against Citibank
Michael Zidell sues Citibank in Manhattan federal court for $20M in pig butchering transfers, alleging AML neglect and ignored alerts.
Abstract: The article describes Michael Zidell's suit against Citibank in Manhattan federal court, alleging negligent AML controls allowed $20 million to be sent to pig butchering scammers via accounts linked to Carolyn Parker and Guju Inc. It frames the case amid rising crypto scams and systemic fiat-crypto AML vulnerabilities.
TodayqNews6h ago
California Man Sentenced to 6.5 Years in $250M Crypto Theft Ring
A federal judge in Washington, D.C. sentenced 20-year-old California resident Marlon Ferro to 78 months in prison on Wednesday for his role in a criminal network that stole more than $250 million in cryptocurrency from victims across the United States, according to court records. Ferro, who operated
CryptoFrontier8h ago
Kenya arrests suspects over an AI crypto investment scam platform, court orders 7 days of detention
Local media, citing court documents, reported that Kenya’s Criminal Investigations Department (DCI) Capital Markets Fraud Investigations Unit arrested suspect Dickson Ndege Nyakango at the I&M Bank branch on Kenyatta Avenue on May 4. DCI detectives told the court that the alleged fraud platform had scammed about $440k from multiple investors. The court ordered Nyakango be remanded in custody at the Kilemani Police Station for seven days.
MarketWhisper10h ago
Samourai Wallet Co-Founder Sentenced to 5 Years, Faces $2M Legal Debt
According to Cointelegraph, on May 7, Keonne Rodriguez, co-founder of Samourai Wallet, was sentenced to five years in prison and fined $250,000 for operating an unlicensed money transmitter. Rodriguez is facing an additional $2 million in legal fees and has appealed to the crypto community for
GateNews11h ago
CFTC Sues 5-6 States Over Prediction Market Authority at Consensus 2026
According to CFTC Chair Michael Selig at Consensus 2026, the CFTC has sued approximately five to six states, including Arizona, Connecticut, Illinois, and New York, over regulatory authority of prediction markets. The core dispute centers on whether the CFTC or state regulators have jurisdiction ove
GateNews12h ago
