Global blockchain supervision and query platform

English
Download

Radiant Capital Hit by $50M Cyberattack: North Korea Group Linked

Radiant Capital Hit by $50M Cyberattack: North Korea Group Linked WikiBit 2024-12-08 03:04

Radiant Capital has confirmed new findings surrounding the devastating $50 million cyberattack it su

Radiant Capital has confirmed new findings surrounding the devastating $50 million cyberattack it suffered on October 16, 2024. An investigation by cybersecurity firm Mandiant identified the attackers as UNC4736, a North Korea-linked threat group connected to the nations Reconnaissance General Bureau (RGB).

This is another alarming rise in the sophistication of cyberattacks targeting decentralized finance (DeFi), showing the urgent need for stronger security measures in the industry.

How the Attack Unfolded

The attack was set in motion on September 11, 2024, when a Radiant developer received a seemingly normal Telegram message from someone posing as a former contractor. The message had a ZIP file, supposedly showcasing the contractors work in smart contract auditing. But it contained a sophisticated malware called INLETDRIFT.

This malware, disguised as a legitimate PDF file, established a macOS backdoor on the victims device and connected it to an external domain controlled by the attackers. Over subsequent weeks, UNC4736 deployed malicious smart contracts across Arbitrum, Binance Smart Chain, Base, and Ethereum, meticulously planning the heist.

Although Radiant followed standard security protocols, such as transaction simulations using Tenderly and payload verification, the attackers used vulnerabilities in front-end interfaces to manipulate transaction data. By the time the theft happened, the hackers had concealed their actions well, making detection nearly impossible.

Attribution and Tactics

UNC4736, also known as AppleJeus or Citrine Sleet, is a well-known threat group linked to DPRKs TEMP.Hermit. The group focuses on cyber financial crimes, often using highly advanced social engineering techniques to infiltrate systems. Mandiant attributes this attack to the group with high confidence, because of their use of state-level tactics.

The stolen funds were moved within minutes of the theft, and all traces of malware and browser extensions used during the attack were wiped clean.

A Wake-Up Call for DeFi Security

This breach highlights the vulnerabilities in current DeFi security practices, particularly reliance on blind signing and front-end transaction verifications. Radiant Capital has called for an industry-wide shift toward hardware-level transaction verification to prevent similar incidents.

Radiant DAO is working with Mandiant, zeroShadow, Hypernative, and U.S. law enforcement to track and recover the stolen funds. Efforts continue, and the organization plans to share its findings to improve security standards for the broader crypto ecosystem.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

  • Crypto token price conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00