Key Points
- A sophisticated cyberattack attributed to North Korean hackers compromised Radiant Capital through a malicious PDF file, resulting in a $50M theft despite rigorous security protocols in place
- The attack involved INLETDRIFT malware and was executed by UNC4736 (AppleJeus/Citrine Sleet), a group linked to North Korea’s Reconnaissance General Bureau, highlighting escalating threats to DeFi platforms
Social Engineering Breach Leads to Major Security Compromise
The attack began on September 11, 2024, when attackers impersonated a former contractor via Telegram, sending a malicious ZIP file disguised as a legitimate PDF document for review. The sophisticated deception included a spoofed domain matching the contractor’s website, which helped bypass initial suspicion from the development team.
Advanced Malware Deployment and Execution
The attackers utilized INLETDRIFT, a sophisticated malware package concealed within “Penpie_Hacking_Analysis_Report.zip.” This malware established a persistent macOS backdoor while displaying a legitimate-looking PDF, communicating with a command-and-control server through the domain atokyonews[.]com. The attack culminated in the theft on October 16, with the attackers strategically placing malicious smart contracts across multiple blockchains including Arbitrum, Binance Smart Chain, Base, and Ethereum.
Industry-Wide Security Implications
This incident has exposed critical vulnerabilities in current DeFi security practices. Even with hardware wallets, simulation tools, and thorough human review processes in place, sophisticated attackers were able to circumvent these safeguards. Radiant Capital’s experience underscores the urgent need for the DeFi industry to develop more robust, hardware-level solutions for transaction validation and payload verification.
In response to the attack, Radiant Capital has engaged multiple security firms including Mandiant, zeroShadow, and Hypernative for investigation and asset recovery efforts. The organization continues to work closely with U.S. law enforcement agencies while remaining committed to sharing their findings to strengthen industry-wide security standards.
