North Korean Hackers Leverage AI to Steal $12 Million in Cryptocurrency Cybersecurity firm Expel has uncovered a North Korean state-sponsored hacking campaign that exploited AI tools to orchestrate a large-scale cryptocurrency theft operation. The group, dubbed HexagonalRodent, targeted over 2,000 developers working on cryptocurrency, NFT, and Web3 projects, using AI-generated malware and phishing infrastructure to siphon an estimated $12 million in just three months. Unlike highly sophisticated cybercrime syndicates, HexagonalRodent relied on AI platforms including OpenAI, Cursor, and Anima to compensate for its lack of technical expertise. The hackers used these tools to write malware, design fake company websites, and craft phishing lures, particularly fraudulent job offers aimed at developers. Victims were tricked into downloading malware-laced coding assignments, which stole credentials and, in some cases, crypto wallet keys. Security researcher Marcus Hutchins, who identified the group, noted that the operation’s success stemmed not from advanced hacking skills but from AI’s ability to automate tasks that would otherwise require significant technical knowledge. The hackers’ reliance on AI was evident in their malware, which included unusual features like excessive English-language comments and emoji-littered code hallmarks of large language model-generated software. Despite their effectiveness, the group left critical infrastructure exposed, revealing their AI prompts and a database tracking victim wallets. While the $12 million figure represents the total value of compromised wallets, researchers could not confirm whether all funds had been drained, as some wallets may have been protected by hardware security tokens. The campaign underscores how AI is lowering the barrier to entry for cybercriminals, enabling even low-skilled actors to execute high-impact attacks.