根據鏈上證據和 Web3 安全 Ancilia 的數據，全鏈貨幣市場 Radiant Capital RDNT -6.78% 似乎正在遭受攻擊。

攻擊於週三下午開始，針對 Radiant 的以太坊 ETH +0.85% Layer 2 Arbitrum ARB -0.95% 實例，然後轉移到

Omnichain money market Radiant Capital (RDNT) is being exploited, onchain evidence suggests.

鏈上證據表明，全鏈貨幣市場 Radiant Capital (RDNT) 正在被利用。

The attack began on Radiant’s Ethereum (ETH) Layer 2 Arbitrum instance on Wednesday afternoon and then moved onto BNB Chain, according to Arkham Intelligence data.

根據 Arkham Intelligence 的數據，攻擊於週三下午開始針對 Radiant 的以太坊 (ETH) Layer 2 Arbitrum 實例，然後轉移到 BNB 鏈。

“We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had vulnerability functions,” Ancilia wrote on X.

「我們注意到有幾筆透過合約 0xd50cf00b6e600dd036ba8ef475677d816d6c4281 從使用者帳戶進行的轉帳。請盡快撤銷您的核准。看起來新的實作有漏洞功能，」Ancilia 在 X 上寫道。

A transferFrom exploit uses a smart contract’s transferFrom function to enable one account to send a specified number of tokens from a target account to a third account. It generally requires the victim’s account to grant permission to interact with a spoofed wallet address. Ancilia is warning Radiant users to revoke all Radiant contract addresses as a safety measure.

TransferFrom 漏洞利用智慧合約的 TransferFrom 函數，使一個帳戶能夠將指定數量的代幣從目標帳戶傳送到第三個帳戶。它通常需要受害者的帳戶授予與欺騙性錢包地址互動的權限。 Ancilia 警告 Radiant 用戶撤銷所有 Radiant 合約位址，作為安全措施。

“Radiant capital has fallen victim to a hack causing $51mm in losses so far across Arbitrum and BnB chain. The Ethereum and Base deployments seem to be secure but we would warn anyone to be careful interacting with these contracts at this time,” Tony Ke, security research lead at Fuzzland, told Blockworks in an interview.

「Radiant Capital 已成為駭客攻擊的受害者，迄今為止，Arbitrum 和 BnB 鏈上的損失已達 51 毫米。以太坊和 Base 部署似乎是安全的，但我們會警告任何人此時與這些合約進行互動時要小心，」Fuzzland 安全研究主管 Tony Ke 在接受 Blockworks 採訪時表示。

A backdoor contract was deployed at approximately 17:09 UTC on Wednesday, enabling the unknown attacker to gain unauthorized access and begin transferring tokens, according to Ancilia.

據 Ancilia 稱，後門合約於週三世界標準時間 17:09 左右部署，使未知攻擊者能夠獲得未經授權的訪問並開始轉移代幣。

“Radiant leverages a multisig setup for their smart contract controls which seems to have been compromised internally,” Ke said. The attack profile suggests that someone was either phished or there was a compromised computer or an inside attacker that led to Radiant’s private keys leaking.

「Radiant 利用多重簽名設定來控制智慧合約，這似乎已在內部受到損害，」Ke 說。攻擊概況表明，有人遭到網路釣魚，或電腦受到感染，或內部攻擊者導致 Radiant 的私鑰外洩。

“As we learn more information about how this occurred, we will try to work in conjuction with the Radiant team to help in any fund recovery efforts possible,” Ke said.

「當我們了解更多有關此事如何發生的資訊時，我們將嘗試與 Radiant 團隊合作，幫助開展任何可能的資金追回工作，」Ke 說。

The hacker transferred wrapped versions of BNB, ETH, USDC and USDT tokens, among others, from a Radiant-controlled wallet to a single address beginning 0x0629b. That wallet currently has a BNB balance of over $5 million, according to DeBank.

駭客將 BNB、ETH、USDC 和 USDT 代幣等的打包版本從 Radiant 控制的錢包轉移到以 0x0629b 開頭的單一位址。據 DeBank 稱，該錢包目前的 BNB 餘額超過 500 萬美元。

That same wallet’s account on DeBank shows a $51 million balance, with a 2,619,512.54% increase in token holdings since it was created, indicating the attack could be far more widespread.

該錢包在 DeBank 上的帳戶顯示餘額為 5,100 萬美元，自創建以來代幣持有量增加了 2,619,512.54%，這表明攻擊可能更加廣泛。

The attacker’s address also holds over $32 million worth of Arbitrum-based assets and around $18 million worth of tokens on BNB Chain, according to Arkham Intelligence. Its largest holdings are ETH derivatives wstETH and weETH.

據 Arkham Intelligence 稱，攻擊者的地址還持有價值超過 3,200 萬美元的 Arbitrum 資產以及 BNB 鏈上價值約 1,800 萬美元的代幣。其最大持倉是ETH衍生性商品wstETH和weETH。

Earlier this year, Radiant Capital lost around 1900 ETH, worth $4.5 million, in a flash loan attack.

今年早些時候，Radiant Capital 在閃貸攻擊中損失了約 1900 ETH，價值 450 萬美元。