CATENAA, Friday, December 13, 2024 – Decentralized finance (DeFi) platform Radiant Capital has confirmed a $50 million cyberattack, attributed to a hacker with ties to North Korea, according to a detailed investigation by cybersecurity firm Mandiant.
The breach began on September 11, when a Radiant developer received a Telegram message from an individual impersonating a former contractor.
The message included a seemingly benign zip file, later revealed to contain malware. Once shared among team members, the malware enabled attackers to gain unauthorized access to private keys and smart contracts.
Radiant Capital identified the breach on October 16, suspending its lending operations as the hackers moved stolen funds on October 24.
The attack exploited Radiant’s security measures, including transaction simulations and payload verification, by manipulating transaction data to disguise malicious activities as legitimate.
The hacker group, known as “UNC4736” or “Citrine Sleet,” is reportedly affiliated with North Korea’s Reconnaissance General Bureau and linked to the infamous Lazarus Group.
This group is implicated in stealing $3 billion in cryptocurrency between 2017 and 2023 to fund North Korea’s regime.
This is Radiant’s second major breach this year, following a $4.5 million flash loan exploit earlier in 2024 that led to a temporary shutdown of its lending markets.
Radiant Capital has not yet announced its recovery strategy or any additional safeguards to prevent future breaches.
