DPRK hackers steal $ 50 million from Radiant Capital crypto exchange

Hackers from the DPRK have launched a cyberattack on the decentralized financial platform Radiant Capital, stealing $ 50 million. The incident occurred in October, when the developer received a file via Telegram from a fake contractor. As it turned out, the file contained malware, Cointelegraph reports.

According to cybersecurity company Mandiant, the attack was carried out by the UNC4736 group, which is also associated with the well-known North Korean hacker group Lazarus. The attackers used fake websites and fake PDFs to penetrate the platform’s systems.

The attack allowed them to gain control over developers' private keys and sign transactions. The hackers moved the stolen funds to other addresses on October 24. After that, Radiant Capital temporarily suspended the operation of its credit markets.

This is not the first such case for Radiant Capital this year. In January, the platform lost $ 4.5 million due to a flash-loan attack. The total value of Radiant Capital’s blocked assets fell sharply from $ 300 million at the end of last year to $ 5.81 million in December 2024.

This case emphasizes the need to strengthen security measures in the DeFi industry, including the development of new hardware solutions for verifying transactions.