Gate News message, April 24 — A North Korean state-sponsored APT group dubbed HexagonalRodent has stolen over $12 million in cryptocurrency and NFTs from Web3 developers in the first quarter of 2026, according to cybersecurity firm Expel. The group compromised 2,726 developer devices and gained access to 26,584 crypto wallets.
The group primarily uses fake job postings on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skill tests” embedded with malicious code. When victims open project files in VSCode, the malware—including BeaverTail, OtterCookie, and InvisibleFerret—automatically executes, enabling credential theft, remote access, and reverse shell capabilities. The attackers also registered shell companies in Mexico to enhance credibility.
Notably, HexagonalRodent has heavily leveraged generative AI tools like ChatGPT and Cursor to develop malware, create fake company websites, and generate AI-powered executive profiles. The group recently conducted its first supply chain attack, successfully compromising a VSCode extension.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Gate Daily Report (April 24): US Treasury sanctions Cambodian crypto “pig butchering” scams; Tether mints an additional 1 billion USDT
Bitcoin (BTC) rebound momentum is weakening, with a temporary quote around $78,030 as of April 24. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned a Cambodian politician linked to a crypto “pig butchering” scam center. Tether issued another 1 billion USDT on the Ethereum network; over the past 5 days, it has issued a total of 3 billion USDT on the Ethereum network.
MarketWhisper1h ago
U.S. Treasury Sanctions Cambodian Senator Kok An Over Crypto Scam Network Targeting Americans
Gate News message, April 24 — The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Cambodian senator Kok An, who allegedly controls scam compounds throughout the country, along with 28 other individuals and entities linked to his network. The move targets what OFAC describes as
GateNews1h ago
Trump Vows to Investigate Federal Employees’ Polymarket Trades; U.S. Soldiers Arrested for Betting on Maduro
The U.S. Department of Justice arrested a U.S. military servicemember on April 23, accusing him of using classified information to place bets on the prediction market Polymarket that Venezuelan President Nicolás Maduro would be arrested, resulting in profits of more than $400k from an initial wager of more than $33k. On Thursday, U.S. President Trump said he will investigate whether federal employees have been placing bets on sports betting platforms, criticizing, “the world has become a casino.”
MarketWhisper2h ago
Arbitrum Security Council Freezes $71M in KelpDAO Attack Funds, Reigniting Decentralization Debate
Gate News message, April 24 — Arbitrum's Security Council froze approximately 30,000 ETH (roughly $71 million) in associated funds from the KelpDAO attack on April 24, triggering renewed discussion across the crypto industry about the true meaning of
GateNews3h ago
Jane Street Files Motion to Dismiss Terraform Labs' Insider Trading Lawsuit
Gate News message, April 24 — Jane Street and several individual defendants have filed a motion with the U.S. District Court for the Southern District of New York seeking to dismiss the insider trading lawsuit brought by Terraform Labs' bankruptcy estate. The quant firm argues that Terraform is atte
GateNews7h ago
U.S. Treasury Sanctions Cambodian Senator Over Crypto Scam Network
## Overview
The U.S. Treasury Department sanctioned Cambodian Senator Kok An and 28 entities associated with him on Thursday, according to the Treasury's Office of Foreign Assets Control (OFAC). The action targets what officials describe as a massive crypto scam operation in Southeast Asia.
## The
CryptoFrontier10h ago
