ETH Gas

Gwei

Fear

Navigating Web3 tides with focused insights

Contribute An Article

Media Requests

Risk Disclosure: This website's content is not investment advice and offers no trading guidance or related services. Per regulations from the PBOC and other authorities, users must be aware of virtual currency risks. Contact us / support@techflowpost.com ICP License: 琼ICP备2022009338号

TechFlow News, April 24: According to a research report released by cybersecurity firm Expel, the company is tracking an advanced persistent threat (APT) group named “HexagonalRodent,” which is highly assessed to be state-sponsored by North Korea (DPRK). This group primarily targets Web3 developers and specializes in stealing high-value digital assets such as cryptocurrencies and NFTs. In the first quarter of 2026 alone, the group compromised 2,726 developer devices and stole access credentials for 26,584 cryptocurrency wallets, with the total value of stolen assets reaching up to $12 million.

The group mainly conducts its attacks via fake job postings—publishing high-paying positions on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skills assessments” embedded with malicious code. These assessments exploit VSCode’s tasks.json functionality to automatically execute malware when victims open the project folder. The malware used includes BeaverTail, OtterCookie, and InvisibleFerret, all of which possess capabilities such as password theft, remote control, and reverse shell execution.

Notably, the group extensively leverages generative AI tools—including ChatGPT and Cursor—to develop malware, build counterfeit corporate websites, and generate AI-synthesized executive teams. It has even registered a shell company in Mexico to enhance the credibility of its operations. Additionally, the group recently carried out its first-ever supply-chain attack, successfully compromising the VSCode extension “fast-draft” to distribute malware.

Source

Add to Favorites

Share to Social Media

7x24h News

4/24, 04:05

China National Intellectual Property Administration: Artificial Intelligence, Chips, and Brain–Computer Interfaces Included in the “Fast Protection” Channel

4/24, 03:54

3F Closes $4 Million Seed Round, Led by Maven 11

4/24, 03:33

U.S. Department of Justice Launches Major Crackdown on Southeast Asian Fraud Hubs, Freezing Over $700 Million in Cryptocurrency

TechFlow Selected

7x24hNews

North Korean hacking group “HexagonalRodent” leverages AI to industrialize attacks against Web3 developers, stealing over $12 million in crypto assets in three months

2026.04.24 - 02:40

North Korean hacking group “HexagonalRodent” leverages AI to industrialize attacks against Web3 developers, stealing over $12 million in crypto assets in three months

According to a research report released by cybersecurity firm Expel, the company is tracking an advanced persistent threat (APT) group dubbed “HexagonalRodent,” which is highly assessed to be a North Korean (DPRK) state-sponsored actor. This group primarily targets Web3 developers and specializes in stealing high-value digital assets—including cryptocurrencies and NFTs. In the first quarter of 2026 alone, the group compromised 2,726 developer devices and stole access credentials for 26,584 cryptocurrency wallets, with the total value of stolen assets reaching as high as $12 million. The group primarily carries out its attacks via fake job postings—publishing lucrative positions on LinkedIn and Web3 recruitment platforms to lure job seekers into completing “skills assessments” embedded with malicious code. These assessments exploit VSCode’s tasks.json functionality to automatically execute malware when victims open the project folder. The malware used includes BeaverTail, OtterCookie, and InvisibleFerret, all of which possess capabilities such as password theft, remote control, and reverse shell execution. Notably, the group extensively leverages generative AI tools—including ChatGPT and Cursor—to develop malware, build counterfeit corporate websites, and generate AI-forged executive teams. It even registered a shell company in Mexico to enhance the credibility of its operations. Additionally, the group recently carried out its first-ever supply-chain attack, successfully infiltrating a VSCode extension.

2026.04.24 - 02:40:00

Navigating Web3 tides with focused insights