Radiant Capital, a decentralized finance (DeFi) protocol, has attributed a $50 million breach to a cyberattack linked to hackers from the Democratic People’s Republic of Korea (DPRK).
The announcement came after Radiant Capital enlisted cybersecurity specialists Mandiant to investigate the breach. Mandiant strongly accused a DPRK-affiliated hacking group of orchestrating the operation.
The attack’s origins trace back to September, when one of Radiant’s developers was contacted by an individual posing as a former contractor trusted by the team.
Did you know?
Subscribe - We publish new crypto explainer videos every week!
NEAR Protocol Explained: Beginner's Guide to NEAR (Animated)
The fraudster presented the developer with a zip file, claiming it contained a new project requiring feedback. Once shared within the developer community, the file deployed advanced malware onto the systems.
This malicious software not only gained backdoor access to macOS devices but also cleverly displayed a genuine-looking PDF to avoid suspicion. The hackers' technical skills allowed the malware to communicate with a domain name that appeared harmless, ensuring its covert operations.
The attackers leveraged this malware to compromise several devices, bypassing multiple layers of security provided by Tenderly, a web3 infrastructure provider.
According to Radiant Capital’s detailed post-mortem, the malware’s payload included a deceptive AppleScript that enabled seamless transaction manipulation. Tenderly’s tools, which typically simulate transactions and verify payload data, failed to detect any abnormalities during these checks.
Despite adhering to best practices and security procedures, Radiant’s team admitted that the deceptive methods used in the attack rendered traditional safeguards ineffective.
According to the company, this exploit, executed in October, stands out as one of the most complex incidents in DeFi history.
While the Radiant Capital hack highlights the audacity of DPRK’s cyber tactics, it’s only the tip of the iceberg. Recently, North Korea’s cyber army has quietly infiltrated global IT networks. How did they pull it off? Read the full story.