Web3 Security Firms Confirm North Korea’s Role in Radiant Capital Hack

Radiant Capital, a cross-chain DeFi protocol, has confirmed that the $50 million hack in October 2024 was orchestrated by a North Korea-aligned hacking group.

Key Points:

• Attack Method: The breach began in September 2024 when a Radiant developer was targeted via a Telegram message impersonating a contractor. A malicious PDF disguised as a smart contract audit was used to deploy INLETDRIFT malware, which manipulated front-end transaction data, bypassing detection.
• Impact: Despite strong security protocols, the malware led to malicious transactions being signed off. Radiant Capital partnered with cybersecurity firms like Mandiant and zeroShadow to investigate the attack.
• Confirmation: zeroShadow attributed the attack to North Korean actors with high confidence, citing on-chain and off-chain indicators.
• Decline in TVL: Radiant’s total value locked (TVL) has plummeted by over 97% this year, from over $300 million in January to just $6 million now, following two major exploits in 2024.

The incident underscores the need for heightened vigilance in securing DeFi platforms against increasingly sophisticated attacks.