Key Takeaways:
- North Korean Connection: North Korean-linked hacking group UNC4736 exploited Radiant Capital, stealing $52M through malware delivered via Telegram.
- Advanced Deception: Attackers bypassed robust security protocols, including transaction simulations, to gain control of private keys and smart contracts.
- Impact on Radiant: The breach followed a $4.5M loss in January, reducing Radiant’s total value locked from $300M to $5.81M by Dec. 9.
A North Korean-affiliated hacking group, identified as “UNC4736” or “Citrine Sleet,” orchestrated a $50 million cyberattack on DeFi platform Radiant Capital in October 2023, the company revealed.
The attackers, linked to North Korea’s Reconnaissance General Bureau (RGB), used advanced social engineering to breach the platform.
Posing as a trusted former contractor, the hackers contacted a Radiant developer via Telegram on Sept. 11, sharing a malware-laden ZIP file disguised as a project for feedback.
This malware spread among developers, compromising devices and allowing the hackers to gain access to private keys and smart contracts.
By Oct. 16, Radiant halted its lending operations as the attackers moved the stolen funds on Oct. 24.
Despite Radiant’s use of robust security measures like hardware wallets and transaction simulations, the attackers’ techniques bypassed standard defenses.
This marks the second major breach for Radiant in 2023, following a $4.5 million flash loan exploit in January, reducing its total value locked from $300 million to just $5.81 million by December.
The incident highlights the growing sophistication of cyber threats against DeFi platforms, with Radiant calling for hardware-level security innovations to combat such attacks.
The breach underscores the vulnerability of even advanced systems to social engineering and malware-based exploits.