Radiant Capital Attributes $50 Million Hack to North Korean Cyber Group

The sophisticated October attack exploited malware to compromise developer systems and bypass multiple security measures.

Radiant Capital confirmed that the $50 million cryptocurrency heist in October was conducted by North Korean state-affiliated hackers, identified as UNC4736 or Citrine Sleet.
The attack began in September when a developer was tricked via Telegram into downloading a malicious ZIP file disguised as a legitimate project from a former contractor.
The malware, named 'InletDrift,' established a macOS backdoor while displaying a decoy PDF, allowing hackers to compromise multiple developer devices undetected.
Hackers exploited the multi-signature transaction process, bypassing hardware wallet protections and stealing funds from Arbitrum and Binance Smart Chain networks.
Radiant Capital is collaborating with U.S. law enforcement and cybersecurity firms to recover the stolen funds and strengthen its security protocols.