The hackers behind Radiant Capital have made their first major move in months, offloading an additional $13 million in Ethereum.
Summary
- Radiant Capital hackers cash out $13M ETH
- Hackers used sophisticated malware and social engineering
- North Korean-linked hackers likely behind the attack
What was once called one of the most sophisticated hacks in DeFi continues to unfold. On Tuesday, August 12, blockchain security firm Onchain Lens reported that the hackers behind Radiant Capital converted an additional 3,091 Ethereum (ETH) into 13.26 million USD-pegged DAI stablecoins. The hackers then moved the DAI to another wallet.
Hackers obtained the 3,091 ETH in a major exploit on October 17, 2024, which cost the platform and its users $53 million. Hackers stole various crypto assets across Arbitrum and BSC. Immediately after the breach, hackers converted the stolen crypto into 12,835 ETH, worth $33.56 million at the time, and 32,113 BNB (BNB), worth $19.35 million.
Interestingly, the latest sale of $13 million worth of ETH barely made any impact on the market. This suggests that the sophisticated hackers are aware of the impact of liquidity on their sales, and may be looking for the best moment to offload funds.
Radiant Capital hackers tied to North Korea
According to a post-mortem report by cybersecurity firm Mandiant, commissioned by Radiant Capital, the hackers had ties to North Korea. Specifically, Mandiant attributed the attack to the AppleJeus hacking group, affiliated with the DPRK regime.
North Korean hackers are known for engineering sophisticated attacks. In the Radiant Capital case, they used a mix of social engineering and malware to create a backdoor into developers’ devices.
The attackers impersonated a former contractor via Telegram to deliver a zip file, supposedly containing a PDF. In reality, the file contained macOS malware that enabled blind signing of malicious smart contract transactions.
