Get Free Airdrops and Crypto boxes
Read us in Google News
Join WhatsApp channelAccording to a thorough postmortem study, a North Korean state-sponsored hacker outfit was responsible for a $50 million exploit that targeted Radiant Capital. Through a counterfeit Telegram chat, the attackers, who were recognized as belonging to the UNC4736 threat group—also known as Citrine Sleet—deployed malware using sophisticated social engineering techniques.
In order to get access to Radiant Capital, the hackers pretended to be a “trusted former contractor” and used the legitimacy of an established connection. They claimed to have a report on the Penpie exploit, a previous incident in the DeFi area, in a zipped PDF file that they shared via Telegram. However, INLETDRIFT malware, which created a backdoor on macOS systems, was present in the zip file.
By altering the Safe{Wallet} interface—formerly known as Gnosis Safe—this hack exposed the hardware wallets of at least three Radiant developers. The malware carried out fraudulent transactions in the background while the interface showed valid transaction data.
Even though Radiant Capital used industry-standard security procedures, such as payload verifications and Tenderly simulations, the attackers were nonetheless able to compromise several developer machines.
Mandiant, a cybersecurity company, connected the attack to UNC4736, a threat actor with ties to the DPRK who has a track record of taking advantage of bitcoin companies. The organization is also notorious for attacking bitcoin exchanges and spreading AppleJeus malware. Estimates indicate that about $3 billion was embezzled from the cryptocurrency industry between 2017 and 2023, and it is thought that the proceeds support North Korea’s nuclear weapons program.
UNC4736 targeted crypto-focused organizations earlier this year by taking use of a zero-day vulnerability in the Chromium browser, evading its sandbox security. The FBI has brought attention to the group’s changing strategies, which include posing as IT specialists to get access to financial systems and businesses.
Global financial institutions are increasingly under risk from North Korean cybercrime, especially in the cryptocurrency space. Researchers at the Cyberwarcon Cybersecurity Conference claim that North Korean state-sponsored hackers have stolen more than $10 million in just six months by impersonating actual workers at well-known companies.
The Radiant Capital case highlights the urgent need for increased awareness, multi-layered security measures, and international cooperation to combat risks posed by state-backed cyber attacks as the crypto industry struggles with increasingly complex exploits.
