Radiant Capital Suffers Another Hack, Loses Over US$50M From BSC and Arbitrum Contracts

Radiant Capital, a blockchain lending protocol, suffered a cyberattack that resulted in a loss of over US$50M (AU$74.82M).

Blockchain lending protocol Radiant Capital suffered a cyberattack, leading to a loss of over $50 million (around AU$74.82 million).

Security experts revealed that the attacker gained control of Radiant's contracts by obtaining three private keys from its multi-signature wallet, which controls the protocol.

The exploit, which impacted the Binance Smart Chain and Arbitrum networks, allowed the hackers to drain assets like USDC, WBNB, and ETH.Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others⚠️

Revoke approvals ASAP👇

0xd50cf00b6e600dd036ba8ef475677d816d6c4281

And Another One

Radiant, which is a decentralised lending protocol that leverages LayerZero technology, had already lost $4.5 million (around AU$6.73 million) in a January hack due to a smart contract bug.

The cause of this particular breach remains unclear, but the crypto community speculates that it could involve a compromised front-end, leading keyholders to unwittingly interact with malware.

However, according to Polygon Lab's Chief Security Officer, Mudit Gupta, the matter is more straightforward - Radiant's multisig wallet had 11 signers but only required three signatures to execute transactions. This low threshold has been criticized by industry experts as being insufficient for a protocol of Radiant's size.

Radiant has acknowledged the incident and is working with several security firms to investigate it further.

We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible.

Markets on Base and Mainnet are paused until further notice.

Security firm Hacken revealed that the malicious contract was prepared 14 days prior, with an earlier, unsuccessful attempt at the exploit occurring six days prior.

Unsurprisingly, Radiant's native token, RDNT, dropped 9% following the news, trading at $0.066 at the time of writing.In Q3 of 2024, total crypto hacks combined resulted in about $1.58 billion (around AU$2.36 billion) in losses, nearly double the US$857 million (AU$1.28 billion) stolen during the same period in 2023. By the end of August, the total stolen had reached US$1.21 billion (AU$1.8 billion), reflecting a 15.5% increase from the US$1.048 billion (AU$1.57 billion) taken by this time in 2023.

Cyber-criminal groups in North Korea, especially Lazarus, are largely responsible for these crimes, scheming all kinds of plans to trick DeFi protocols, employees, and regular users.