As a researcher with extensive experience in blockchain and cybersecurity, I find myself shaking my head in dismay yet again at the latest incident involving Radiant Capital. The recurring theme of security vulnerabilities and hacks is becoming all too familiar, and it’s a constant reminder of the challenges that DeFi platforms face in ensuring user trust and safety.
Radiant Capital was hacked on Wednesday, resulting in losses exceeding $50 million.
Multiple security companies specializing in blockchain have announced that a vulnerability was exploited, seemingly as a result of a cyberattack aimed at the smart contracts within the platforms on both the Binance and Arbitrum networks.
Compromised Multisig
The event was initially identified by blockchain security company Ancilia Inc., who shared concerns about abnormal behavior on a Radiant Capital smart contract within the BNB Chain, at approximately 1:35 PM Eastern Time, through a public post.
As reported by Ancilia, some blockchain transactions indicate that hackers withdrew over $18 million from Radiant on the Binance Smart Chain (BNB) network. The breach subsequently extended to the Ethereum layer-2 network Arbitrum, resulting in further assets being compromised within its liquidity pools.
In simpler terms, De.Fi, a company specializing in Web3 security, explained an attack where malicious users took control by breaching a multisig system. A multisig requires several parties to approve transactions, but in this case, the attacker managed to get hold of the private keys from 3 out of 11 signators who safeguard Radiant’s digital wallet. With that access, they could manipulate the platform’s smart contracts and transfer ownership to themselves.
It was noted by Hacken that multiple trading pools on Radiant, which included ones with well-known cryptocurrencies like USDC, USDT, Bitcoin wrapped version (wBTC), Ethereum wrapped version (wETH), Binance Coin wrapped version (wBNB), and more, had their resources depleted.
It was revealed that a breach occurred on the Spot On Chain protocol, resulting in a loss of approximately $53 million worth of cryptocurrencies. The perpetrator has subsequently transformed the pilfered resources into native tokens and currently holds 12,835 Ether (equivalent to around $33.56 million) and 32,113 Binance Coin (valued at approximately $19.35 million) in two separate wallets.
Radiant Capital’s Response
The DeFi platform acknowledged a reported issue in a post, explaining that they’ve noticed unusual activity impacting their lending markets on Binance Chain and Arbitrum. As a precautionary measure, they temporarily halted their operations on Ethereum and Base, a layer-2 network, while they conduct an investigation into the security incident.
“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum.”
The announcement further noted that Radiant is collaborating with various Web3 security allies such as SEAL911, Hypernative, ZeroShadow, and Chainalysis, in an effort to address the issue at hand and minimize any additional harm. Moreover, it advises users to withdraw all authorizations granted to the smart contracts supporting its system.
This incident is the second security issue that the protocol has encountered this year. Back in January 2024, a lending platform suffered a loss of $4.5 million due to a separate hack, which was traced back to a weakness in its smart contract system.
Read More
- W PREDICTION. W cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- PENDLE PREDICTION. PENDLE cryptocurrency
- PRCL PREDICTION. PRCL cryptocurrency
- Top Gift Ideas for Your League of Legends-Obsessed BF on a Budget
- NUUM PREDICTION. NUUM cryptocurrency
- ARDR PREDICTION. ARDR cryptocurrency
- DFL PREDICTION. DFL cryptocurrency
- SHX PREDICTION. SHX cryptocurrency
- LTC PREDICTION. LTC cryptocurrency
2024-10-17 14:58