Another Crypto Platform Falls Victim to North Korean Hackers

A prominent cryptocurrency platform has suffered a major cyberattack, leading to a $50 million theft on October 16, 2024.

The attack, which unfolded in October 2024, has been traced back to North Korean hackers, with the group suspected to be behind the breach. Cybersecurity experts from Mandiant linked the attack to a notorious threat group tied to the North Korean government’s intelligence division.

The hack began in September 2024 when a Radiant Capital developer received a seemingly benign message on Telegram from someone claiming to be a former contractor. The message included a file that appeared to showcase work on smart contract auditing but was actually laced with malware. This malicious software, disguised as a PDF, allowed the attackers to gain access to the developer’s device and establish a backdoor to the platform’s systems.

Over the next several weeks, the hackers used the compromised access to deploy malicious smart contracts across multiple blockchain networks, including Ethereum and Binance Smart Chain. Despite following standard security measures, the platform was unable to detect the attack due to sophisticated manipulation of transaction data.

While the stolen funds were moved almost immediately, the attackers expertly covered their tracks, erasing all traces of the malware used in the heist. The breach serves as a stark reminder of the vulnerabilities in decentralized finance (DeFi) security practices, particularly the reliance on transaction verification methods that can be easily exploited.

In response, Radiant Capital is collaborating with cybersecurity firms, law enforcement, and other agencies to track the stolen funds and prevent future breaches. This incident underscores the increasing sophistication of cyberattacks on the crypto space, with a clear need for stronger security protocols to safeguard against state-sponsored cybercrime.