HexagonalRodent is presented as a DPRK-attributed crypto-theft operation overlapping with Famous Chollima, Contagious Interview, and the broader Lazarus/TraderTraitor ecosystem. The campaign targets Web3 and DeFi developers through AI-generated LinkedIn recruiter personas, fake companies, and malicious coding assessments that run BeaverTail before deploying OtterCookie and InvisibleFerret. FalconFeeds cites Expel findings that Q1 2026 activity stole about $12 million from 26,584 wallets across 2,726 compromised systems, with 31 operators organized into six teams. The report emphasizes the operational significance of AI-assisted identity fabrication and malware refinement, and recommends stronger controls around developer recruitment workflows and third-party code execution.