On October 16, 2024, Radiant Capital, a prominent decentralized finance (DeFi) platform, suffered a devastating cyberattack resulting in a loss of approximately $50 million.
Radiant Capital has now released a comprehensive report on this incident, providing key details on the attack and the ongoing investigation.
According to the report, the attack is believed to have been carried out by a hacker group with ties to North Korea.
Radiant Capital enlisted the help of leading cybersecurity firm Mandiant to assist with the investigation, particularly in conducting in-depth forensic analysis on the impacted devices.
Also Read: ZachXBT Exposes $3.5M Crypto Fraud On Memecoins Linked To Social Media Account Hacks
Attacker’s Sophisticated Tactics
The report sheds light on the advanced tactics employed by the attackers. It appears the initial intrusion vector was a seemingly innocuous Telegram message received by a Radiant developer on September 11, 2024.
The message claimed to be from a former trusted contractor, offering a link to a zipped PDF file related to a new smart contract auditing opportunity.
Despite Radiant’s standard security practices, including transaction simulation and payload verification, the attackers were able to bypass these measures.
The malware delivered through the ZIP file, named “INLETDRIFT”, established a persistent macOS backdoor while displaying a legitimate-looking PDF to the user.
This malware then communicated with the domain “atokyonews[.]com”, allowing the attackers to carry out malicious transactions in the background undetected.
Impact and Ongoing Investigation
The Radiant Capital hack has had a significant impact on the DeFi ecosystem, highlighting the urgent need for industry-wide improvements in transaction verification practices.
In the wake of this incident, Radiant has continued its investigation, engaging additional security firms like zeroShadow and Hypernative for on-chain asset tracking, as well as SEAL 911 for further support.
Mandiant’s ongoing forensic analysis has attributed the attack with a high degree of confidence to a hacker group with ties to North Korea.
This revelation underscores the sophisticated and persistent nature of the threat actors targeting the DeFi space.
Lessons Learned and Industry Implications
The Radiant Capital hack serves as a sobering reminder of the evolving threats faced by decentralized finance platforms.
The report emphasizes the need for the industry to collectively strengthen its security measures, particularly in areas such as transaction verification and supply chain risk management.
As the investigation continues, Radiant Capital has pledged to share its findings and best practices with the broader DeFi community, with the aim of helping others better prepare for and mitigate similar attacks.
This commitment to transparency and knowledge-sharing will be crucial in driving industry-wide improvements and enhancing the overall security and resilience of the DeFi ecosystem.
Also Read: Pump Science Faces Private Key Leak For Wallet, Hacker Uses Key To Generate New Tokens
Radiant’s Path Forward
Looking ahead, Radiant Capital remains committed to supporting its users and restoring confidence in its platform.
The company has reiterated its dedication to safeguarding user assets and continually enhancing its security protocols to prevent future incidents.
Radiant’s transparency in this matter, along with its proactive approach to addressing the vulnerabilities exposed by this attack, will be key in navigating the challenges ahead and strengthening the DeFi industry as a whole.