- Radiant Capital, a decentralised lending protocol, suffered a cyberattack, losing over US$50M after hackers gained control of its contracts by compromising three private keys from its multi-signature wallet.
- The exploit affected both the Binance Smart Chain and Arbitrum networks, allowing the attackers to drain assets such as USDC, WBNB, and ETH.
- Following the attack, Radiant’s native token, RDNT, dropped by 9%, and the protocol is currently working with security firms to investigate the incident.
Radiant Capital, a blockchain lending protocol, suffered a cyberattack that resulted in a loss of over US$50M (AU$74.82M).
Security experts revealed that the attacker gained control of the platform’s contracts by obtaining three private keys from its multi-signature wallet, which controls the protocol.
Related: FBI Crafts Fake Crypto Token in Historic Sting to Tackle Market Manipulation, Charges 18
The exploit impacted the Binance Smart Chain and Arbitrum networks, allowing hackers to drain assets like USDC, WBNB, and ETH.
🚨~$58,000,000 Exploit Alert🚨
Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users’ funds, namely $USDC $WBNB $ETH and others
⚠️Revoke approvals ASAP👇
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwEmL— De.Fi Antivirus Web3 🛡️ (@De_FiSecurity) October 16, 2024
And Another One
Radiant Capital, which is a decentralised lending protocol leveraging LayerZero technology, had already lost US$4.5M (AU$6.73M) in a January hack due to a smart contract bug.
As if things couldn’t get worse, the cause of this particular breach remains unclear. However, the crypto community speculates it could involve a compromised front-end, causing keyholders to unknowingly interact with malware.
According to Polygon Lab’s Chief Security Officer, Mudit Gupta, it’s more straightforward — Radiant’s multisig wallet had 11 signers but only required three signatures to execute transactions. Industry experts have criticised this low threshold as inadequate given the protocol’s size.
However, there’s no need to worry, as Radiant has acknowledged the incident and is currently collaborating with various security firms to investigate it.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
— Radiant Capital (@RDNTCapital) October 16, 2024
Security firm Hacken revealed that the malicious contract was prepared 14 days prior, with an unsuccessful exploit attempt six days earlier.
Unsurprisingly, Radiant’s native token, RDNT, dropped 9% following the news, trading at $0.066.
Related: Trump-Endorsed Crypto Token Sale Falls Short of Target, Faces Technical Issues
In Q3 of 2024, total crypto hacks combined resulted in about $1.58 billion (AU$2.36 billion) in losses, nearly double the US$857 million (AU$1.28 billion) stolen during the same period in 2023. By the end of August, the total stolen had reached US$1.21 billion (AU$1.8 billion), reflecting a 15.5% increase from the US$1.048 billion (AU$1.57 billion) taken by this time in 2023.
Cyber-criminal groups in North Korea, especially Lazarus, are largely responsible for these crimes, scheming all kinds of plans to trick DeFi protocols, employees, and regular users.
