North Korean Hackers Steal $50 Million from Radiant Capital DeFi Platform

In a significant cybersecurity incident, Radiant Capital, a prominent decentralized finance (DeFi) platform, has disclosed new details about a sophisticated cyberattack that resulted in the theft of approximately $50 million in cryptocurrency assets. The attack, which occurred on October 16, 2024, has been attributed to a North Korean state-sponsored hacking group known as "UNC4736" or "Citrine Sleet."

According to a forensic investigation conducted by Mandiant, a global cybersecurity firm contracted by Radiant Capital, the attackers employed advanced tactics linked to the Democratic People's Republic of Korea's (DPRK) Reconnaissance General Bureau (RGB). The investigation revealed that the threat actors successfully compromised the devices of at least three core contributors through sophisticated malware injection techniques.

The attackers utilized advanced social engineering methods, posing as a trusted former contractor and distributing a malware-laden ZIP file through Telegram. The compromised devices showed minimal warning signs, with users only experiencing minor glitches and error messages during routine processes, making the attack particularly difficult to detect in its early stages.

"This incident demonstrates the evolving sophistication of state-sponsored cyber threats targeting the cryptocurrency sector," said a spokesperson from Mandiant. "The attackers' ability to maintain stealth while compromising multiple devices highlights the advanced nature of their operations."

In response to the breach, Radiant Capital has enlisted the assistance of several cybersecurity firms, including zeroShadow and Hypernative for on-chain tracking of stolen assets, and SEAL 911 for additional recovery support. U.S. law enforcement agencies are actively collaborating with Radiant Capital and blockchain security companies to freeze the stolen assets and identify the perpetrators.

The October attack marks the second major security breach for Radiant Capital in 2024, following a $4.5 million flash loan exploit in January. These incidents have significantly impacted the platform's operations, with its total value locked (TVL) plummeting from $300 million to just $5.81 million by December 9, 2024.

"The cryptocurrency industry continues to be a prime target for North Korean cyber operations," explained a blockchain security expert familiar with the case. "These attacks are becoming increasingly sophisticated, combining social engineering with advanced malware deployment techniques."

The incident has raised concerns about the security measures implemented by DeFi platforms and their vulnerability to state-sponsored cyber attacks. Industry experts are calling for enhanced security protocols and improved authentication mechanisms to prevent similar incidents in the future.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. You may also like these articles: