- Radiant Capital lost $50M in a cyberattack by North Korean hackers (Lazarus Group).
- Despite strong security, the breach exposed vulnerabilities in DeFi platforms.
- Radiant’s total value locked (TVL) dropped from $300M to $5.81M post-attack.
Radiant Capital has issued an update on its case following an October cyberattack by hackers that targeted its decentralized finance (DeFi) platform. It was an extremely sophisticated attack attributed to a North Korean state-aligned hacking group. Radiant lost $50 million, demonstrating key vulnerabilities within an otherwise very secure platform.
According to Radiant’s Dec. 6 update, cybersecurity firm Mandiant has attributed the attack to a threat actor linked to the Democratic People’s Republic of Korea (DPRK). The breach began on Sept. 11, when a Radiant developer received a Telegram message from what appeared to be a trusted former contractor. The message included a ZIP file that, under the guise of seeking feedback, delivered sophisticated malware upon being opened.
“This ZIP file, shared among developers for review, introduced malware that ultimately led to the intrusion,” Radiant stated. The impersonation was seamless, with the domain spoofing the contractor’s legitimate website and raising no immediate suspicions.
North Korean Hackers Strike Radiant Capital
On Oct. 16, the attackers exploited compromised developer devices to gain control of private keys and smart contracts, forcing Radiant to suspend its lending markets. The platform later identified that benign transaction data displayed on front-end interfaces masked malicious transactions executed in the background.
Radiant highlighted that this malware had evaded even the routine examination detection. “Traditional checks and simulations did not show obvious discrepancies, making the threat practically invisible,” the update said.
Radiant Capital pegged it on UNC4736, the much better known “Citrine Sleet,” who under normal circumstances would operate under North Korea’s Reconnaissance General Bureau (RGB), it said, and was held highly in association with Lazarus Group. It specifically targets crypto platforms, from which it has reportedly reeled in around $3 billion since 2017-23. Meanwhile, they could only move about $52m of the hacked money cut up until October 24th of that year.
Despite Radiant’s adherence to industry-standard practices, such as hardware wallets, simulation tools like Tenderly, and rigorous human review, the attackers showed that they could circumvent these defenses. Radiant emphasized the need for more robust, hardware-level solutions for transaction validation.
“This incident underscores that even the most stringent security protocols can be outmaneuvered by sophisticated threat actors,” the update warned.
Radiant Capital Breach Exposes DeFi Security Flaws
This was Radiant’s second major security breach in 2023, after a $4.5 million flash loan exploit in January. These incidents have hit hard on the standing of the platform. The total value locked (TVL) in Radiant has plunged from over $300 million at the end of 2022 to approximately $5.81 million as of Dec. 9, according to DefiLlama.
As DeFi platforms face increasingly sophisticated threats, Radiant Capital’s case underlines the urgent need to evolve security measures that protect the industry against cybercriminals backed by hostile nation-states.
Related | Ethereum (ETH) Eyes New Highs Amid Bullish Momentum: Will It Reach $9,300?
