Suspected Involvement of Nick L. Franklin in $50M Hack

A prolific blockchain security researcher and smart contract hack investigator, known as Nick L. Franklin, is suspected of being involved in the October $50 million hack on Radiant Capital. This hack is attributed to the notorious North Korean hacking collective, Lazarus Group.

Fellow security researchers were alerted to suspicious behaviors by Anton Bukov, a part of decentralized exchange 1inch, who began investigating Franklin’s now-deleted Telegram messaging history.

Read more: Radiant Capital’s $50M crypto hack underlines DeFi’s multisig dependence

For over a year, Franklin’s handle has remained active in crypto security-focused Telegram groups. He is known for promptly linking to analyses of smart contract exploits shortly after hacks, claiming to have “analyzed every major blockchain hack.”

After Bukov’s alert about Franklin trying to send a bug report in APP format, other crypto security experts delved into Franklin’s past posts. Taylor Monahan from Metamask noted historical warnings regarding security researchers being targeted and highlighted Franklin’s frantic messages concerning Radiant Capital before the hack.

The significant connection came from collaborating with ZeroShadow investigator tanuki42, who matched an address Franklin used to request testnet tokens with one from Monahan’s repository related to the $50 million Radiant hack.

Franklin responded to Bukov’s post, claiming his “Telegram and personal site was compromised,” and requested the deletion of the post.

He has yet to respond to requests for him to publicly insult North Korea’s Supreme Leader Kim Jong-un, a method of screening employed by the wary crypto community.

Since the Radiant Capital attack, North Korean hackers have exploited similar tactics, withdrawing $1.5 billion worth of ether from centralized exchange ByBit last month. Suspicion also arose from activity on the decentralized leverage trading platform Hyperliquid, where funds from the Radiant hack appeared to be testing vulnerabilities.

Today’s revelations occurred during Hyperliquid’s latest stress test, where another “whale” tried to exit the platform’s hyperliquidity provider vault. Given a previous successful tactic that garnered $1.8 million just two weeks ago, Hyperliquidity validators intervened to manually override the price of the token in question.

Read more: North Korean hackers posing as devs exposed with ‘I Hate Kim Jong Un’ test