Radiant Capital has disclosed details of the October cyberattack that resulted in $50 million in losses. The attack was orchestrated by a North Korea-linked hacker group that exploited Telegram to deliver a malicious file.
In a statement on December 6, Radiant Capital identified the threat actor as “UNC4736,” also known as “Citrine Sleet,” which operates under North Korea’s Reconnaissance General Bureau (RGB).
How the Cyberattack Unfolded
The attack began on September 11 with a malicious ZIP file sent to a Radiant developer. Disguised as a legitimate message from a former contractor, the file built trust to bypass initial suspicion. Radiant Capital later determined that the file was crafted by North Korean threat actors.
The malware spread as it was shared among developers, infecting multiple devices. It conducted malicious activities in the background while presenting a normal interface to users.
Impact of the Hack
- Lending Services Suspended: Radiant halted lending operations on October 16.
- Funds Stolen: $52 million was transferred on October 24.
- Platform Value Drop: Radiant’s total value locked (TVL) plummeted from $300 million at the start of 2023 to just $5.81 million.
- Attribution: Security firm Mandiant attributed the attack to North Korean actors with high confidence.
Radiant Capital emphasized the sophistication of the attack, noting that “traditional security measures, simulations, and even hardware wallets were insufficient to counter the threat.”
North Korea’s Growing Role in Crypto Hacks
Since 2017, North Korea-linked hacker groups have stolen an estimated $3 billion worth of cryptocurrencies through attacks on crypto platforms. The group behind the Radiant Capital hack is reportedly associated with the infamous Lazarus Group.
For the latest cryptocurrency insights and updates, click now and stay informed!