Originally published on: December 09, 2024
Radiant Capital recently revealed that a staggering $50 million hack on its decentralized finance (DeFi) platform in October was orchestrated by a hacker associated with North Korea. The hacker posed as an ex-contractor and sent malware via Telegram to carry out the attack.
According to Radiant Capital’s update on December 6, their contracted cybersecurity firm Mandiant has confirmed that the attack was attributed to a threat actor linked to the Democratic People’s Republic of Korea (DPRK).
The hack began when a Radiant developer received a message via Telegram from someone posing as a trusted former contractor, asking for feedback on a new project. The ZIP file attached to the message contained malware that allowed the hacker to infiltrate the platform.
The attack forced Radiant’s DeFi platform to cease lending markets on October 16 after the hacker gained control of private keys and smart contracts. North Korean hackers have been targeting crypto platforms for years and have successfully stolen billions of dollars since 2017.
Radiant Capital explained that the deceptive tactics used by the hacker made it difficult to detect the intrusion. Even with standard security measures and checks in place, the attackers managed to compromise multiple developer devices.
The threat actor responsible for the attack, known as “UNC4736” or “Citrine Sleet,” is affiliated with North Korea’s main intelligence agency, the Reconnaissance General Bureau (RGB), and may be linked to the Lazarus Group.
Radiant Capital emphasized the need for stronger, hardware-level solutions to prevent similar attacks in the future. Despite implementing rigorous SOPs and tools like Tenderly, the platform fell victim to the highly advanced threat actor.
This incident serves as a costly lesson for DeFi platforms like Radiant Capital, highlighting the ever-evolving tactics of cybercriminals in the crypto space. As the platform works to recover from this significant breach, the importance of robust security measures remains paramount to safeguard user funds and maintain trust within the decentralized finance ecosystem.
