Radiant Capital hack
A cross-chain lending protocol drained of about $50M on October 16, 2024. Mandiant attributed it to a North Korea-linked actor (UNC4736 / AppleJeus) that used a fake-contractor Telegram lure to plant macOS malware on developers' machines and forge multisig approvals.
Also known as: Radiant Capital, Radiant, RDNT
Summary
Radiant Capital was a cross-chain lending protocol. On October 16, 2024, attackers seized control of its lending-pool contracts and drained about $50 million from its Arbitrum and BNB Chain markets. [1][2]
Method and attribution
According to a December 2024 update from Radiant and Mandiant, the operation began in September 2024 with a Telegram message impersonating a former contractor that delivered a zipped decoy PDF carrying the macOS backdoor "INLETDRIFT." The malware let attackers display legitimate-looking transactions to signers while signing malicious ones, defeating hardware wallets and simulation checks, and ultimately collecting enough multisig approvals to take over the contracts. Mandiant attributed the attack with high confidence to a DPRK-nexus group, UNC4736 (also tracked as AppleJeus / Citrine Sleet). Radiant had also suffered a separate ~$4.5M flash-loan hack in January 2024. [1][2]
Bracketed numbers refer to the numbered sources listed below.
Linked scams & cases
People & entities involved
Sources (2)
See also
- Loci (LOCIcoin)TokensA 2017–2018 ICO for 'LOCIcoin' tied to the InnVenn IP-search platform. The SEC charged Loci and CEO John Wise with fraud for raising $7.6M on false claims about revenue, headcount, and user base; Wise also misused investor funds. Settled with a $7.6M penalty and an officer/director bar.
- Blockchain Terminal (BCT)TokensA 2017–2018 ICO (BCT tokens, ~$30M) for a 'Blockchain Terminal' — a Bloomberg-style crypto trading terminal. The SEC and DOJ said convicted ex-hedge-funder Boaz Manor secretly ran it under a fake identity ('Shaun MacDonald'), using associate Edith Pardo as a front, and lied about the product's adoption.
- Crowd Machine (CMCT)Tokens
This page was last updated on Jun 8, 2026. View revision history.