A prolific blockchain safety researcher and sensible contract hack investigator going by the title Nick L. Franklin is suspected of involvement in October’s $50 million hack on Radiant Capital, carried out by the infamous North Korean hacking collective Lazarus Group.
Fellow safety researchers have been alerted to suspicious behaviour by decentralized trade 1inch’s Anton Bukov, and started digging into the messaging historical past of Franklin’s (now deleted) Telegram account.
For properly over a yr, Franklin’s deal with has been persistently energetic in crypto security-focused Telegram teams. Within the wake of even small dollar-value hacks, he’s typically fast off the mark in linking to root trigger analyses of sensible contract exploits, that are printed on his X profile.
He claims to have “analyzed every major blockchain hack.”
After Bukov’s alert, through which he claims to have caught Franklin making an attempt to ship a bug report in APP format, different crypto safety professionals appeared into Franklin’s previous posts.
Metamask’s Taylor Monahan, who maintains a Github repository with particulars of addresses linked to numerous Lazarus Group hacks, pointed to earlier warnings about safety researchers and their communities being focused particularly.
She additionally highlighted repeated, more and more frantic Telegram messages about Radiant Capital earlier than the hack.
Nonetheless, the large reveal got here when working alongside ZeroShadow investigator tanuki42. An deal with Franklin used to request testnet tokens was matched to one of many addresses recognized in Monahan’s repository as utilized in testing for the $50 million Radiant hack.
Wanting this deal with up in our notes, we observed that this deal with was additionally concerned in one thing else -> It was a signer on two safes, on BSC and Arbitrum: 0xcCfE10Cbc381dD6752fA34253a17e7e7c0cf7951. This precise Secure was used for testing in one other incident… the hack towards… pic.twitter.com/HBxRoR7xVR
— tanuki42 (@tanuki42_) March 26, 2025
Franklin replied to Bukov’s preliminary submit, explaining that his “Telegram and personal site was compromised,” earlier than asking him to “delete this post asap.”
Franklin has up to now failed to answer numerous requests to publicly insult North Korea’s Supreme Chief Kim Jong-un, a tongue-in-cheek (although seemingly efficient) screening methodology standard among the many rightly suspicious crypto crowd.
For the reason that Radiant Capital assault, North Korean hackers have managed to make use of an analogous assault vector to fleece $1.5 billion price of ether from centralized trade ByBit final month.
In the direction of the tip of final yr, suspicions have been additionally aroused by exercise on decentralized leverage buying and selling platform Hyperliquid, as accounts utilizing funds from the Radiant hack seemed to be testing for vulnerabilities.
At present’s revelations, nonetheless, got here towards the backdrop of Hyperliquid’s newest stress check, as one other “whale” tried to go away the platform’s hyperliquidity supplier vault holding their bag.
Given {that a} related tactic paid off to the tune of $1.8 million simply two weeks in the past, Hyperliquid validators determined to step on this time, manually overriding the value of the token in query.
