Decentralized protocol Radiant Capital has revealed new details about the hack it suffered on October 16. An investigation by cybersecurity firm Mandiant has revealed that the hack was carried out by the UNC4736 group, which is linked to North Korea's Intelligence General Bureau (RGB).
UNC4736, also known as AppleJeus or Citrine Sleet, specializes in financial cybercrime and often uses advanced social engineering techniques to infiltrate systems.
Attack on DeFi -The Radiant Capital protocol began on September 11th, when the platform's developer received a message in Telegram from a person claiming to be a former contractor. The message contained a ZIP file, purportedly containing the results of a smart contract audit. However, it actually contained the INLETDRIFT malware, disguised as a PDF file.
After the software was injected into the system, the UNC4736 hackers spent several weeks deploying malicious smart contracts Arbitum , Binance Smart Chain, Base and Ethereum , carefully planning the theft. Immediately after the hack on October 16, the criminals withdrew the funds and removed all traces of the malware.
Radiant is now working with cybersecurity companies and U.S. law enforcement to track down and recover the stolen funds.
