A North Korean state-sponsored hacking group with limited technical skills used artificial intelligence tools to steal as much as $12 million in cryptocurrency from more than 2,000 victims over three months, according to a report released Wednesday by cybersecurity firm Expel.
The operation, dubbed HexagonalRodent by researchers, targeted developers working on cryptocurrency launches, NFT creation, and Web3 projects. The hackers used AI tools from US-based companies including OpenAI, Cursor, and Anima to “vibe code” nearly every aspect of their campaign—from writing malware to building fake company websites used in phishing schemes.
“These operators don’t have the skills to write code. They don’t have the skills to set up infrastructure. AI is actually enabling them to do things that they otherwise just would not be able to do,” said Marcus Hutchins, the security researcher who discovered the group and previously gained recognition for disabling the WannaCry ransomware worm.
The hackers lured victims with fraudulent job offers at fake tech companies, creating complete websites using AI web design tools. Targets were instructed to download and complete coding assignments that contained credential-stealing malware, which infiltrated their computers and accessed cryptocurrency wallet keys.
Despite their effectiveness, the hackers left parts of their infrastructure unsecured, exposing the AI prompts they used with tools like ChatGPT and Cursor, as well as a database tracking victim wallets. Analysis of the malware revealed telltale signs of AI generation: thorough English-language annotations uncommon for North Korean coders and code littered with emojis—a documented indicator of large language model-generated software.
The discovery highlights how AI is enabling less sophisticated cybercriminals to execute complex, profitable attacks, raising concerns about the democratization of hacking capabilities in 2026.
Source: Business Latest