Hackers Exploit Radiant Capital With Malware, $50M Stolen in Heist - 1

Image by Freepik

Hackers Exploit Radiant Capital With Malware, $50M Stolen in Heist

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A malware-laced PDF sent to Radiant Capital engineers enabled North Korean hackers to steal over $50 million.

In a Rush? Here are the Quick Facts!

  • Radiant Capital suffered a $50M loss in an October 16, 2024 cyberattack.
  • Attackers impersonated a former contractor, delivering malware through a spoofed Telegram message.
  • Malware enabled malicious transactions while displaying benign data in Radiant’s front-end interfaces.

In a recent follow-up report on the breach, Radiant assisted by Mandiant revealed further details. On September 11, 2024, a Radiant developer received a Telegram message from an impersonated former contractor.

The message, purportedly from a former contractor, included a link to a zipped PDF. Allegedly related to a new smart contract auditing project, the document sought professional feedback.

The domain associated with the ZIP file convincingly mimicked the contractor’s legitimate website, and the request appeared routine in professional circles. Developers frequently exchange PDFs for tasks such as legal reviews or technical audits, reducing initial suspicion.

Trusting the source, the recipient shared the file with colleagues, inadvertently setting the stage for the cyber heist.

Unbeknownst to the Radiant team, the ZIP file contained INLETDRIFT, an advanced macOS malware camouflaged within the “legitimate” document. Once activated, the malware established a persistent backdoor, using a malicious AppleScript.

The malware’s design was sophisticated, displaying a convincing PDF to users while operating stealthily in the background.

Despite Radiant’s rigorous cybersecurity practices—including transaction simulations, payload verification, and adherence to industry-standard operating procedures (SOPs)—the malware successfully infiltrated and compromised multiple developer devices.

The attackers exploited blind signing and spoofed front-end interfaces, displaying benign transaction data to mask malicious activities. As a result, fraudulent transactions were executed without detection.

In preparation for the heist, the attackers staged malicious smart contracts across multiple platforms, including Arbitrum, Binance Smart Chain, Base, and Ethereum. Just three minutes after the theft, they erased traces of their backdoor and browser extensions.

The heist was executed with precision: just three minutes after transferring the stolen funds, the attackers wiped traces of their backdoor and associated browser extensions, further complicating forensic analysis.

Mandiant attributes the attack to UNC4736, also known as AppleJeus or Citrine Sleet, a group linked to North Korea’s Reconnaissance General Bureau (RGB). This incident highlights the vulnerabilities in blind signing and front-end verifications, emphasizing the urgent need for hardware-level solutions to validate transaction payloads.

Radiant is collaborating with U.S. law enforcement, Mandiant, and zeroShadow to freeze stolen assets. The DAO remains committed to supporting recovery efforts and sharing insights to improve industry-wide security standards.

Harvard Releases Free Large-Scale AI Training Database - 2

Photo by Aleks Marinkovic on Unsplash

Harvard Releases Free Large-Scale AI Training Database

  • Written by Andrea Miliani Former Tech News Expert

Harvard University announced it will release a large data set of almost 1 million public-domain books for AI training for free, created by its new program Institutional Data Initiative (IDI).

In a Rush? Here are the Quick Facts!

  • Harvard in collaboration with Google Books released a dataset with almost 1 million public-domain books to train AI models for free
  • The dataset was created by the new Institutional Data Initiative, an initiative backed by Microsoft and OpenAI
  • Small organizations can benefit from this data collection to compete more fairly in the AI sphere

According to Wired , the dataset includes publications scanned by Google Books that are not protected by copyright anymore—it usually expires 70 years after the author’s death or its publication. The data collection covers multiple formats and genres, from creative writing by famous authors like Charles Dickens, Shakespeare, and Dante to textbooks and dictionaries.

According to IDI’s executive director Greg Leppert, the goal is to “level the playing field” and allow more organizations and small projects to join the AI race with valuable tools. The data set’s size is larger than the one used to train popular AI models like Meta’s Llama. “I think about it a bit like the way that Linux has become a foundational operating system for so much of the world,” said Leppert.

The IDI was officially launched today and it has been supported by OpenAI and Microsoft with funding and encouraging words. The initiative aims to work with knowledge institutions like government agencies and libraries “to develop data collections and best practices for artificial intelligence.” The details of how the new dataset can be downloaded have not been revealed, only that Google will help with the distribution.

This new data collection should avoid disputes for copyright infringement as many AI companies have been facing this year. “Large public domain datasets like these further demolish the ‘necessity defense’ some AI companies use to justify scraping copyrighted work to train their models,” said Ed Newton-Rex, a former executive at Stability AI who now runs a nonprofit that certifies ethically-trained AI tools to Wired.

Newton-Rex recently led a petition to stop tech companies from scraping data to train their AI models.