A prolific blockchain safety researcher and sensible contract hack investigator going by the title Nick L. Franklin is suspected of involvement in October’s $50 million hack on Radiant Capital, carried out by the infamous North Korean hacking collective Lazarus Group.
Fellow safety researchers had been alerted to suspicious behaviour by decentralized change 1inch’s Anton Bukov, and started digging into the messaging historical past of Franklin’s (now deleted) Telegram account.
For nicely over a yr, Franklin’s deal with has been constantly lively in crypto security-focused Telegram teams. Within the wake of even small dollar-value hacks, he’s typically fast off the mark in linking to root trigger analyses of sensible contract exploits, that are printed on his X profile.
He claims to have “analyzed every major blockchain hack.”
After Bukov’s alert, through which he claims to have caught Franklin making an attempt to ship a bug report in APP format, different crypto safety professionals regarded into Franklin’s previous posts.
Metamask’s Taylor Monahan, who maintains a Github repository with particulars of addresses linked to numerous Lazarus Group hacks, pointed to earlier warnings about safety researchers and their communities being focused particularly.
She additionally highlighted repeated, more and more frantic Telegram messages about Radiant Capital earlier than the hack.
Nonetheless, the large reveal got here when working alongside ZeroShadow investigator tanuki42. An handle Franklin used to request testnet tokens was matched to one of many addresses recognized in Monahan’s repository as utilized in testing for the $50 million Radiant hack.
Trying this handle up in our notes, we observed that this handle was additionally concerned in one thing else -> It was a signer on two safes, on BSC and Arbitrum: 0xcCfE10Cbc381dD6752fA34253a17e7e7c0cf7951. This actual Secure was used for testing in one other incident… the hack in opposition to… pic.twitter.com/HBxRoR7xVR
— tanuki42 (@tanuki42_) March 26, 2025
Franklin replied to Bukov’s preliminary publish, explaining that his “Telegram and personal site was compromised,” earlier than asking him to “delete this post asap.”
Franklin has to this point failed to answer varied requests to publicly insult North Korea’s Supreme Chief Kim Jong-un, a tongue-in-cheek (although seemingly efficient) screening technique widespread among the many rightly suspicious crypto crowd.
For the reason that Radiant Capital assault, North Korean hackers have managed to make use of an identical assault vector to fleece $1.5 billion price of ether from centralized change ByBit final month.
In direction of the tip of final yr, suspicions had been additionally aroused by exercise on decentralized leverage buying and selling platform Hyperliquid, as accounts utilizing funds from the Radiant hack seemed to be testing for vulnerabilities.
Immediately’s revelations, nevertheless, got here in opposition to the backdrop of Hyperliquid’s newest stress take a look at, as one other “whale” tried to go away the platform’s hyperliquidity supplier vault holding their bag.
Given {that a} related tactic paid off to the tune of $1.8 million simply two weeks in the past, Hyperliquid validators determined to step on this time, manually overriding the value of the token in query.
