There you have it! North Korean hackers just stole up to $12M in crypto in 90 days — by vibe-codi…
April 26, 2026 · 0 likes · 0 comments
Cybersecurity Workforce
There you have it! North Korean hackers just stole up to $12M in crypto in 90 days — by vibe-coding their malware with AI.
The group is called HexagonalRodent. North Korea-linked. 2,000+ machines infected. Cybersecurity firm Expel pulled the receipts.
Here is what they used AI for:
— Writing the malware itself.
— Generating fake company websites to lure targets.
— Spinning up phishing infrastructure on demand.
— Producing the recruiter personas, the job descriptions, the LinkedIn polish.
Read that again.
While Washington holds another roundtable on "responsible AI," Pyongyang is shipping malware faster than most Silicon Valley startups ship features.
This is the real AI arms race.
Not Senate hearings. Not safety frameworks. Not 200-page policy memos.
It is a sanctioned regime, sitting in basements, using the same tools your kid uses to build a school project — to drain American crypto wallets at industrial scale.
$12M. 90 days. One small group. You can't make this up.
I have been warning about this for years. Adversaries do not wait for our ethics committees. They build. They ship. They steal. And they fund a nuclear program with the proceeds.
We are bringing knives to a vibe-coded gunfight.
You've been warned.
My new book REPLACEMENT — out around end of July — covers exactly this. The economic and security collision course we keep pretending isn't happening.
And Episode 2 of "Inside My AI Kingdom" goes LIVE Tuesday, May 5 at 1PM ET.
LinkedIn: https://lnkd.in/eZNmtQNW
YouTube: https://lnkd.in/e_6wSkKC
Bring your questions. We are going deep.
The group is called HexagonalRodent. North Korea-linked. 2,000+ machines infected. Cybersecurity firm Expel pulled the receipts.
Here is what they used AI for:
— Writing the malware itself.
— Generating fake company websites to lure targets.
— Spinning up phishing infrastructure on demand.
— Producing the recruiter personas, the job descriptions, the LinkedIn polish.
Read that again.
While Washington holds another roundtable on "responsible AI," Pyongyang is shipping malware faster than most Silicon Valley startups ship features.
This is the real AI arms race.
Not Senate hearings. Not safety frameworks. Not 200-page policy memos.
It is a sanctioned regime, sitting in basements, using the same tools your kid uses to build a school project — to drain American crypto wallets at industrial scale.
$12M. 90 days. One small group. You can't make this up.
I have been warning about this for years. Adversaries do not wait for our ethics committees. They build. They ship. They steal. And they fund a nuclear program with the proceeds.
We are bringing knives to a vibe-coded gunfight.
You've been warned.
My new book REPLACEMENT — out around end of July — covers exactly this. The economic and security collision course we keep pretending isn't happening.
And Episode 2 of "Inside My AI Kingdom" goes LIVE Tuesday, May 5 at 1PM ET.
LinkedIn: https://lnkd.in/eZNmtQNW
YouTube: https://lnkd.in/e_6wSkKC
Bring your questions. We are going deep.