radiant blames lazarus heist

North Korean hackers have struck again, siphoning $50 million from Radiant Capital in a sophisticated cyber heist that bears all the hallmarks of state-sponsored theft.

The attack has been attributed to a group known as Citrine Sleet (also tracked as UNC4736 or AppleJeus), following investigations conducted by Radiant Capital in partnership with cybersecurity firm Mandiant.

The breach began innocuously enough—with a Telegram message.

The breach began innocuously enough—with a Telegram message that would ultimately unleash digital chaos across the entire system.

Attackers impersonated a former contractor and sent Radiant developers a ZIP file containing a PDF in September.

This wasn’t just any PDF; it was laced with INLETDRIFT malware targeting macOS devices.

Think of it as a digital Trojan horse—looks harmless on the outside, but inside lurks a battalion of code ready to take over the digital kingdom.

Once inside developer systems, the attackers gained the ability to sign and approve fraudulent transactions during routine protocol adjustments. The hackers carefully removed all traces of their activity after completing the attack.

It’s like having someone steal your house keys, make copies, and then wait patiently for you to go on vacation before emptying your home.

The cyber thieves stole funds from both Arbitrum and BSC markets by bypassing hardware wallet security and multiple verification layers.

This heist is just one piece of a much larger puzzle.

North Korean hackers have allegedly stolen approximately $659 million in cryptocurrency in 2024 alone, targeting platforms like DMM Bitcoin ($308M), WazirX ($235M), and Upbit ($50M).

These funds reportedly help North Korea evade international sanctions and finance weapons programs.

The attackers are linked to North Korea’s Reconnaissance General Bureau—the country’s primary intelligence agency—and operate as part of the infamous Lazarus Group collective.

Their toolkit includes fake job recruitment offers, malicious files disguised as employment assessments, and custom malware that installs backdoors for remote surveillance. Investors should remain especially vigilant when receiving unsolicited communications containing attachments or links, as these are common entry points for sophisticated scams.

In a joint statement, the US, Japan, and South Korea officially confirmed North Korea’s responsibility for several major cryptocurrency thefts this year.

As crypto platforms continue to strengthen security measures, North Korean hackers appear equally determined to evolve their tactics, creating a digital cat-and-mouse game with extremely high stakes.

Leave a Reply
You May Also Like

Wallet Labeled ‘Coinbase Hacker’ Buys $8M Solana After Breach

A hacker who stole millions from Coinbase boldly poured $8M into Solana—only to immediately lose $200,000. Their digital shell game continues.

Bybit Exchange $1.5B Hack Becomes Largest Crypto Security Breach of 2025

$1.5B Bybit hack shatters crypto security records as North Korea’s Lazarus Group pillages Ethereum, sending markets spiraling. Your crypto isn’t as safe as you think.

Canadian Charged Over $65M DeFi Exploits on KyberSwap, Indexed Finance

A 22-year-old’s $65M code heist has authorities scrambling globally. He turned DeFi math into millions while demanding control of the platform he broke. Justice inches closer.

Phemex Exchange Security Breach Exposes Platform Vulnerability to Hackers

$85 million vanished in under two hours: See how Phemex’s devastating breach across 16 blockchains exposes critical vulnerabilities even North Korea exploits. Your crypto might be next.