Radiant Capital, a decentralized finance platform, has acknowledged that a North Korean hacking squad was responsible for a $50 million system breach in October. The attackers impersonated a trusted former contractor and supplied malware disguised as a valid document, taking advantage of professional communication standards.
The attack started on September 11 when a Radiant developer received a Telegram message from someone pretending to be a former contractor. The communication contained a zip file masquerading as a request for comments on a new project. After sharing the file with additional developers, the imbedded malware infected many devices.
This infection allowed hackers to access private keys and smart contracts, leading to the October 16 vulnerability that forced the platform to halt its lending activities. Mandiant, Radiant’s cybersecurity partner, linked the attack to a North Korean entity named “UNC4736,” likely associated with the Lazarus entity.
The platform reported that the virus was sophisticated, operating undetected by mimicking normal functionality and carrying out harmful operations in the background. This deceit rendered the compromise unnoticed during routine security assessments, including those performed with advanced technologies such as Tenderly.
Radiant Capital admitted that, despite strict security mechanisms, such as the use of hardware wallets and transaction simulations, the attackers were able to defeat these safeguards. The breach emphasizes the critical need for more robust hardware-based solutions to validate transactions on a deeper level.
The attackers relocated the stolen cash, worth an estimated $52 million, on October 24. This is the second large attack on Radiant Capital this year, after a $4.5 million vulnerability in January. The platform’s total value locked in (TVL) has since dropped from more than $300 million to under $5.81 million.
Radiant’s experience highlights the growing threat of complex assaults on DeFi platforms, as well as the significance of constant innovation in security practices.
