Key Points:

• North Korea is likely responsible for the hack at Radiant Capital that occurred in October.
• The hackers impersonated a former contractor to gain access.
• This group has been linked to other attacks targeting the cryptocurrency sector.

---

DeFi protocol Radiant Capital reported that it fell victim to a $50 million exploit in October, which it claims was orchestrated by North Korean hackers. According to a report released on December 6, the cybercriminals began their tactics around mid-September, purportedly reaching out via Telegram as a trusted former contractor.

The message detailed the contractor's pursuit of a career in smart contract auditing and requested feedback. It included a link to a zipped PDF file that the developer opened and subsequently shared with colleagues. The file contained malware named INLETDRIFT, establishing a persistent backdoor on macOS, all while appearing as a legitimate PDF.

Radiant Capital indicated that typical security checks failed to reveal any threats, resulting in near invisibility during standard reviews. The hackers managed to seize control of several private keys through access to the systems.

Cybersecurity firm Mandiant identified the connection to North Korea, associating the attack with the UNC4736 group linked to the country's reconnaissance operations. This same group is known for utilizing false crypto exchange sites to distribute harmful software via fraudulent job offers and phishing links.

This incident follows a prior unrelated breach of Radiant Capital in January, where it lost $4.5 million.