Radiant Capital has revealed new findings about the $50 million hack targeting its decentralized finance (DeFi) platform in October, attributing the attack to a hacker group aligned with North Korea.
The attackers gained access through an elaborate scheme involving malware distributed via Telegram.
$50 Million Radiant Capital DeFi Hack
The breach, first discovered on October 16, 2024, led Radiant to partner with cybersecurity companies such as Mandiant, zeroShadow, Hypernative, and SEAL 911 to investigate and mitigate the damage.
According to the official blog postThe attack dates back to September 11, 2024, when a Radiant developer received a Telegram message from someone posing as a former contractor. The message, crafted to appear innocuous, requested comments on an alleged career-related PDF file linked to smart contract auditing.
The sender convincingly spoofed a legitimate website, reducing suspicion. Once the file, titled Penpie_Hacking_Analysis_Report.zip, was opened, a backdoor malware for macOS called INLETDRIFT was delivered. The malware communicated with an external server and appeared harmless by displaying a realistic PDF.
Despite Radiant’s compliance with rigorous security protocols, including transaction simulations and payload verifications, the malware evaded detection by manipulating initial transaction data. The developers unknowingly approved malicious transactions, believing them to be legitimate. The attackers’ planning made the intrusion almost undetectable during routine checks.
zeroShadow, a Web3 security solutions provider, also corroborated Radiant Capital’s assessment that the attack was the work of actors linked to North Korea. in a statement On December 9, the platform said:
āWe also attribute the October 16 Radiant Capital incident to the DPRK with a high level of confidence based on multiple indicators we have collected on- and off-chain. āWe have traced movements to Hyperliquid as a result of Radiant users not revoking permissions and not funds stolen from the initial incident.ā
Radiant’s TVL dropped by more than 97% this year
Radiant Capital is a decentralized lending and borrowing protocol that integrates cross-chain capabilities using LayerZero technology. The latest figures from DefiLlama put its total value locked (TVL) at just over $6 million.
The October 16 hack is not the first time Radiant has been compromised this year. In January, a smart contract vulnerability was exploited, costing the platform $4.5 million, during which its TVL was significantly higher, exceeding $300 million, highlighting a significant decline in assets. blocked throughout the year despite the bull run.
Binance Free $600 (CryptoPotato Exclusive) ā Use this link to register a new account and receive an exclusive welcome offer of $600 on Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit: Use this link to register and open a FREE $500 position in any coin!
