North Korean Hackers Exposed in $50M Crypto Heist, Radiant Investigation Reveals

North Korean Hackers Exposed in $50M Crypto Heist, Radiant Investigation Reveals

North Korean Hackers Behind $50M Radiant Capital Cryptocurrency Heist

Radiant Capital has confirmed that North Korean state-affiliated hackers, identified as Citrine Sleet (also known as UNC4736 and AppleJeus), were responsible for the $50 million cryptocurrency theft that occurred on October 16. The attribution follows an investigation conducted in collaboration with cybersecurity firm Mandiant.

The Attack Timeline and Method
The breach began on September 11, 2024, when attackers impersonated a former contractor via Telegram, convincing a Radiant developer to download a malicious ZIP file. The file contained a decoy PDF and the “InletDrift” malware, which established a backdoor on the targeted MacOS device.

Technical Sophistication
The attack demonstrated remarkable sophistication, successfully:
– Bypassing hardware wallet security
– Circumventing multiple verification layers
– Exploiting the multi-signature process
– Making malicious transactions appear legitimate during security checks

Impact on Radiant Platform
Radiant, a DeFi platform operating across multiple blockchain networks through Arbitrum Layer 2 scaling system, saw unauthorized transactions affecting both Arbitrum and Binance Smart Chain (BSC) markets. Three trusted developers’ devices were compromised in the attack.

Response and Recovery Efforts
Radiant is currently:
– Working with U.S. law enforcement
– Collaborating with zeroShadow for fund recovery
– Implementing enhanced device-level security solutions

This incident aligns with previous U.S. warnings about North Korean actors targeting cryptocurrency firms to generate funds for state operations.

Share This Article