- Radiant Capital attributes the recent $50 million hack of its DeFi platform to a North Korea-aligned hacking group.
- Despite rigorous security measures, the malware used in the attack evaded detection, leading to substantial financial losses.
In a startling revelation, Radiant Capital has confirmed that a North Korea-aligned hacking group was responsible for the recent breach of its decentralized finance (DeFi) platform. The attack, which resulted in a loss of $50 million, was meticulously executed via malware distributed through a seemingly innocuous Telegram message.
The Intricate Breach
The incident unfolded on October 16, 2024, when Radiant Capital first detected unauthorized activities within its system. The origins of the breach were traced back to September 11, 2024, marking a period of stealth operations by the attackers.
It began with a Radiant developer receiving a Telegram message from an individual posing as a former contractor. The message contained a link to a PDF file purportedly related to smart contract auditing, a common practice in blockchain operations to ensure contract security and integrity.
However, this file was anything but benign. Titled “Penpie_Hacking_Analysis_Report.zip,” it deployed a macOS backdoor malware known as INLETDRIFT upon opening. The malware established communication with an external server and presented a realistic PDF document to mask its malicious intent.
Despite Radiant’s robust security protocols, which include transaction simulations and payload verifications, the malware managed to manipulate front-end transaction data. This deception caused developers to unknowingly approve malicious transactions under the guise of legitimacy, showcasing a sophisticated level of planning and execution by the attackers.
Further cementing the attribution to North Korean actors, zeroShadow, a prominent Web3 security solutions provider, confirmed the involvement of DPRK-affiliated hackers. On December 9, zeroShadow reported high confidence in this attribution based on various indicators observed both on and off the blockchain.
They noted that subsequent asset movements were related to Radiant users not revoking permissions post-breach, rather than the initial theft of funds.
The breach has had a devastating impact on Radiant Capital’s financial standing. Data from DefiLlama indicates that Radiant’s total value locked (TVL) has plummeted by over 97% this year alone, now standing at just over $6 million.
This marks a significant downturn from earlier in the year when the TVL exceeded $300 million. Notably, this is not the platform’s first security challenge in 2024; a smart contract vulnerability in January also led to substantial losses.
This incident highlights the persistent and evolving threats in the blockchain and DeFi sectors. Even platforms with advanced security measures are not immune to the tactics of state-aligned cybercriminals, especially those as sophisticated as those employed by North Korean groups.
The breach serves as a critical reminder of the importance of continuous vigilance and innovation in cybersecurity practices within the rapidly growing but increasingly targeted blockchain industry.
The post North Korea Implicated in $50 Million Radiant Capital DeFi Hack appeared first on ETHNews.
