Radiant Capital, a prominent DeFi protocol, recently disclosed a staggering $50 million exploit that it suffered in October, attributing the attack to North Korean hackers. The chain of events leading up to the breach began in mid-September, with a deceptive Telegram message sent to a Radiant Capital developer by someone posing as a trusted former contractor. The message, which appeared to be a request for feedback on a new career opportunity related to smart contract auditing, contained a zipped PDF file that the developer unwittingly opened and shared with colleagues.
Unbeknownst to the recipients, the PDF file harbored a piece of malware known as INLETDRIFT, which established a persistent macOS backdoor while displaying a seemingly innocuous PDF to the user. Radiant Capital revealed that the malware managed to evade detection during traditional checks and simulations, rendering the threat virtually invisible during routine review processes. Through this covert access to the compromised computers, the hackers were able to seize control of several private keys, enabling them to carry out the extensive exploit.
Cybersecurity firm Mandiant, engaged to investigate the breach, identified the North Korean connection behind the attack. While the investigation remains ongoing, Mandiant pointed to UNC4736, a group aligned with North Korea’s Reconnaissance General Bureau, as the likely orchestrators of the incident. This group, also known as AppleJeus or Citrine Sleet, has a history of targeting cryptocurrency companies through deceptive tactics. In past attacks, UNC4736 has utilized fake crypto exchange websites to distribute malicious software, often under the guise of job openings or counterfeit wallets.
The breach suffered by Radiant Capital in October follows a separate incident in January, where the protocol experienced a $4.5 million loss due to an unrelated hack. As the fallout from the recent exploit continues to unfold, Radiant Capital remains committed to enhancing its security measures and fortifying its defenses against future cyber threats.
This new article on the Radiant Capital hack seamlessly integrates into a WordPress platform, providing readers with a comprehensive overview of the incident and its implications for the DeFi space.