A North Korea hacking group purchased a Decentralised Finance (DeFi) platform called Radiant Capital and stole $50m in October, according to reports filed by the firm. The hackers used virus-infected messages in the Telegram messenger posing as a former contractor to penetrate the platform’s security. This disclosure further confirms that the threats experienced in the crypto market are becoming more complex.
How the $50M Attack Unfolded
On September 11, the developer of Radiant Capital reportedly got a message on Telegram from what seemed to be an ex-contractor. This they sent the conventional ‘Dear [Recipient’s Name],’ an e-mail message containing a ZIP folder with the caption ‘Your Feedbacks Needed’ and information on a supposed project. But this file included virus which entered into their system when these files are transmitted to other developers in their organization.
In a statement on December 6, cybersecurity firm Mandiant said the attack came from UNC4736, or “Citrine Silet,” a North Korea-affiliated group. One group that is believed to be a sub-strain of the Lazarus Group is affiliated with the Reconnaissance General Bureau of North Korea.
“When shared for feedback with other developers, this ZIP file contained a payload that delivered malware, which in turn enabled the subsequent breach,” the report by Radiant Capital reads.
Sophisticated Tactics Deceive Experts
The attack exposed organisation and complication of methods to the highest level. The malware was able to infect several developer devices at Radiant and modify the entire front-end of the system to conceal malicious processes. These were real legitimate ones while unauthorized ones were conducted behind the scenes.
Radiant Capital said that, “During any normal course of check and simulations the threat was practically undetectable.”
The attackers can bypass the security measures put in place by Radiant Capital such as hardware wallets and other simulation tools like Tenderly. The event shows that attacks on the DeFi sector are gradually becoming more diverse.
The Effect on Radiant Capital and the DeFi Ecosystem
Advertisement Banner
The breach led to the suspension of Radiant Capital’s lending markets on October 16 following the compromise of private keys and smart contracts. Only a week later, the attackers were able to transfer $52 million in stolen funds.
This was the second big attack that was suffered Radiant. Prior to it, a $4.5 million flash loan exploit shut down the platform for a while in early January. Such occurrences have caused great losses in the reputation, profile and financially on the platform.
Radiant Capital’s total value locked (TVL) fell from over $300 million at the end of the year 2022 to approximately $5.81 million as of December 9 by the DeFiLlama data.
In its statement, Radiant Capital emphasized the need for improved security measures in the DeFi space:
“The trust in blind signing and front-end checks that can be easily faked calls for better hardware-based approaches to decoding and verifying transaction payloads.”
North Korea’s Continued Crypto Exploits
This attack is not the first of its kind but a type of North Korean hacking groups that target crypto platforms. Lazarus and other North Korean cyber operators are alleged to have stolen more than $3 billion worth of cryptocurrency between 2017 and 2023, source several cybersecurity firms.
Such cyberattacks are essential for funding North Korea’s regime because of the constantly imposed sanctions. Analysts say that the money is channelled to prosecute weapons programmes and other government activities.
“This case shows that the best templates and irremovable work and means can be bypassed by highly skillful attackers,” Radiant Capital noted in its recent update.
Conclusion: A Wake-Up Call for DeFi Security
This attack on Radiant Capital raises the following issues related to the risks within the DeFi space: hackers’ interest in utilizing the DeFi space as a target and state-sponsored hackers as one of the key emerging threats. While platforms such as Radiant strive to regain lost ground and beef up their defences, this post is a good reminder of the need to be more innovative in approaches to security.
The general understanding and approach of users and developers within the DeFi sector is that one needs to be much more careful when it comes to security, to embrace more enhanced security measures, and constantly be on the watch for new and improved scams. Keep following The Bit Journal for latest updates on Radiant Capital hack.
Follow us on Twitter and LinkedIn and join our Telegram channel to be instantly informed about breaking news!
The price predictions and financial analysis presented on this website are for informational purposes only and do not constitute financial, investment, or trading advice. While we strive to provide accurate and up-to-date information, the volatile nature of cryptocurrency markets means that prices can fluctuate significantly and unpredictably.
You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. The Bit Journal does not guarantee the accuracy, completeness, or reliability of any information provided in the price predictions, and we will not be held liable for any losses incurred as a result of relying on this information.
Investing in cryptocurrencies carries risks, including the risk of significant losses. Always invest responsibly and within your means.
