North Korean hackers have struck again, siphoning $50 million from Radiant Capital in a sophisticated cyber heist that bears all the hallmarks of state-sponsored theft.
The attack has been attributed to a group known as Citrine Sleet (also tracked as UNC4736 or AppleJeus), following investigations conducted by Radiant Capital in partnership with cybersecurity firm Mandiant.
The breach began innocuously enough—with a Telegram message.
The breach began innocuously enough—with a Telegram message that would ultimately unleash digital chaos across the entire system.
Attackers impersonated a former contractor and sent Radiant developers a ZIP file containing a PDF in September.
This wasn’t just any PDF; it was laced with INLETDRIFT malware targeting macOS devices.
Think of it as a digital Trojan horse—looks harmless on the outside, but inside lurks a battalion of code ready to take over the digital kingdom.
Once inside developer systems, the attackers gained the ability to sign and approve fraudulent transactions during routine protocol adjustments. The hackers carefully removed all traces of their activity after completing the attack.
It’s like having someone steal your house keys, make copies, and then wait patiently for you to go on vacation before emptying your home.
The cyber thieves stole funds from both Arbitrum and BSC markets by bypassing hardware wallet security and multiple verification layers.
This heist is just one piece of a much larger puzzle.
North Korean hackers have allegedly stolen approximately $659 million in cryptocurrency in 2024 alone, targeting platforms like DMM Bitcoin ($308M), WazirX ($235M), and Upbit ($50M).
These funds reportedly help North Korea evade international sanctions and finance weapons programs.
The attackers are linked to North Korea’s Reconnaissance General Bureau—the country’s primary intelligence agency—and operate as part of the infamous Lazarus Group collective.
Their toolkit includes fake job recruitment offers, malicious files disguised as employment assessments, and custom malware that installs backdoors for remote surveillance. Investors should remain especially vigilant when receiving unsolicited communications containing attachments or links, as these are common entry points for sophisticated scams.
In a joint statement, the US, Japan, and South Korea officially confirmed North Korea’s responsibility for several major cryptocurrency thefts this year.
As crypto platforms continue to strengthen security measures, North Korean hackers appear equally determined to evolve their tactics, creating a digital cat-and-mouse game with extremely high stakes.
