Radiant Capital $50M Hack Linked to North Korean Hackers: Details

banner-image

Radiant Capital, a decentralized finance (DeFi) platform, has revealed that the $50 million exploit it suffered in October was orchestrated by North Korea-linked hackers. According to a December 6 investigation update, cybersecurity firm Mandiant attributed the attack to a Democratic People’s Republic of Korea (DPRK)-aligned threat actor identified as “UNC4736,” also known as “Citrine Sleet.”

Malware Delivered Through Telegram

The breach began on September 11, when a Radiant developer received a Telegram message from an individual posing as a former contractor. The message included a ZIP file purportedly seeking feedback on a new project. Upon review, the file was determined to have contained malware. The domain associated with the file spoofed the contractor’s legitimate website, making the deception highly convincing.

Once the malware infiltrated developer devices, it allowed attackers to gain control of private keys and smart contracts. The platform halted lending operations on October 16 after malicious transactions were executed under the guise of routine activities.

Sophisticated Tactics in Radiant Hack

Radiant highlighted the advanced techniques employed by the hackers, who exploited the DeFi platform’s reliance on blind signing and front-end verifications. The malware further spoofed transaction data on user interfaces, rendering traditional checks and simulations ineffective.

“Even with best practices, such as hardware wallets, transaction simulations, and standard operating procedures, the attackers executed their deception seamlessly,” Radiant noted.

North Korean hacking collectives, notably the Lazarus Group, have a history of targeting crypto platforms, stealing over $3 billion in assets between 2017 and 2023. In this case, the attackers transferred $52 million of stolen funds on October 24, causing a severe blow to Radiant’s operations.

This incident is not Radiant’s first setback this year. In January, the platform suffered a $4.5 million flash loan exploit. Following these events, Radiant’s total value locked (TVL) has plummeted from over $300 million at the start of the year to approximately $5.81 million, according to DefiLlama.   

Radiant underscored the need for hardware-level solutions to counteract advanced threats. As the DeFi sector continues to grow, attacks like these highlight the critical importance of bolstering cybersecurity measures to safeguard user funds and platform integrity.

January 19, 2025

In 2025, crypto industry will see an increasing wave of mergers..

January 19, 2025

Imagine investing in a cryptocurrency project that combines meme magic, robust..

features-presales-thunder

Stay ahead in crypto with AltcoinDaily.co! Get the latest news, expert analysis, and blockchain insights. Your trusted source for all things cryptocurrency. 🚀💰

Join Now