Radiant verbindet $50 Millionen Krypto-Raub mit nordkoreanischen Hackern

Teilen:

Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack.

The attribution comes after investigating the incident, assisted by cybersecurity experts at Mandiant, who say the attack was conducted by North Korean state-affiliated hackers known as Citrine Sleet, aka “UNC4736 and “AppleJeus.”

The US previously warned that North Korean threat actors targeting cryptocurrency firms, exchanges, and gaming companies to generate and launder funds to support the country’s operations.

October incident

Radiant is a decentralized finance (DeFi) platform that allows users to deposit, borrow, and manage cryptocurrency across multiple blockchain networks.

The platform utilizes Ethereum blockchain security through the Arbitrum Layer 2 scaling system and operates under a community-driven system enabling users to participate in governance through RDNT lockers, submit proposals, and vote on active initiatives.

On October 16, 2024, Radiant announced it suffered a $50M breach caused by ‘sophisticated malware’ targeting three trusted developers whose devices were compromised to execute the unauthorized transactions.

The hackers appeared to have exploited the routine multi-signature process, collecting valid signatures under the guise of transaction errors and stealing funds from Arbitrum and Binance Smart Chain (BSC) markets.

The attack bypassed hardware wallet security and multiple verification layers, and transactions appeared normal during manual and simulation checks, indicative of high sophistication.

Finger pointed at North Korea

Following an internal investigation of the attack, aided by Mandiant, Radiant could now share more information about the malware used and the perpetrators behind it.

The attack started on September 11, 2024, when a Radiant developer received a Telegram message spoofing a former contractor, tricking them into downloading a malicious ZIP file.

The archive contained a PDF file to be used as a decoy and a macOS malware payload named ‘InletDrift,’ which established a backdoor on the infected device.

Decoy PDF file used in the attack
Decoy PDF file used in the attack
Source: Radiant

Radiant says the attack was so well-designed and flawlessly executed that it bypassed all security measures in place.

“This deception was carried out so seamlessly that even with Radiant’s standard best practices, such as simulating transactions in Tenderly, verifying payload data, and following industry-standard SOPs at every step, the attackers were able to compromise multiple developer devices,” explained Radiant.

“The front-end interfaces displayed benign transaction data while malicious transactions were signed in the background. Traditional checks and simulations showed no obvious discrepancies, making the threat virtually invisible during normal review stages.”

Mandiant assessed with high confidence that the attack was conducted by UNC4736, the same threat group that was exposed for exploiting a zero-day vulnerability on Google Chrome earlier this year.

Given the successful bypass of its security measures, Radiant underlines the need for more robust, device-level solutions to enhance transaction security.

As for the stolen funds, the platform says it is collaborating with U.S. law enforcement and zeroShadow to recover any amounts possible.

Quelle

Cyber-Sicherheit
Cyberattack
Bedrohungen
Technologie
Hacker

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:32 am, Juli 12, 2025
Wetter-Symbol 26°C
L: 24° | H: 27°
klarer Himmel
Luftfeuchtigkeit: 54 %
Druck: 1017 mb
Wind: 7 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 2%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:57 am
Sonnenuntergang: 9:14 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
24° | 27°°C 0 mm 0% 10 mph 48 % 1017 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
17° | 28°°C 0 mm 0% 6 mph 64 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
19° | 26°°C 0 mm 0% 17 mph 67 % 1015 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 22°°C 0 mm 0% 15 mph 69 % 1016 mb 0 mm/h
Mi. Juli 16 10:00 pm
Wetter-Symbol
16° | 28°°C 0 mm 0% 12 mph 74 % 1017 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
26° | 28°°C 0 mm 0% 7 mph 48 % 1017 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
29° | 30°°C 0 mm 0% 10 mph 37 % 1015 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
26° | 26°°C 0 mm 0% 10 mph 37 % 1014 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 6 mph 47 % 1015 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 4 mph 60 % 1015 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 5 mph 64 % 1014 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 5 mph 59 % 1013 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
23° | 23°°C 0 mm 0% 5 mph 47 % 1013 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€100,976.38
-0.12%
Ethereum(ETH)
€2,540.58
-1.58%
XRP(XRP)
€2.40
8.18%
Fesseln(USDT)
€0.86
0.00%
Solana(SOL)
€139.09
-1.00%
USDC(USDC)
€0.86
0.00%
Dogecoin(DOGE)
€0.171786
1.60%
Shiba Inu(SHIB)
€0.000011
-0.25%
Pepe(PEPE)
€0.000010
-2.36%
Peanut das Eichhörnchen(PNUT)
€0.246209
7.19%
Nach oben scrollen