Radiant Capital 再次遭受駭客攻擊，BSC 和 Arbitrum 合約損失超過 5,000 萬美元

區塊鏈借貸協議 Radiant Capital 遭受網路攻擊，導致損失超過 5,000 萬美元（7,482 萬澳元）。

Blockchain lending protocol Radiant Capital suffered a cyberattack, leading to a loss of over $50 million (around AU$74.82 million).

區塊鏈借貸協議 Radiant Capital 遭受網路攻擊，導致損失超過 5,000 萬美元（約 7,482 萬澳元）。

Security experts revealed that the attacker gained control of Radiant's contracts by obtaining three private keys from its multi-signature wallet, which controls the protocol.

安全專家透露，攻擊者透過從控制協定的多重簽章錢包中取得三個私鑰來控制 Radiant 的合約。

The exploit, which impacted the Binance Smart Chain and Arbitrum networks, allowed the hackers to drain assets like USDC, WBNB, and ETH.Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others⚠️

該漏洞影響了幣安智能鍊和 Arbitrum 網絡，使駭客能夠盜取 USDC、WBNB 和 ETH 等資產。即$USDC $WBNB $ETH 等⚠️

Revoke approvals ASAP👇

盡快撤銷核准👇

0xd50cf00b6e600dd036ba8ef475677d816d6c4281

0xd50cf00b6e600dd036ba8ef475677d816d6c4281

And Another One

還有另外一個

Radiant, which is a decentralised lending protocol that leverages LayerZero technology, had already lost $4.5 million (around AU$6.73 million) in a January hack due to a smart contract bug.

Radiant 是一種利用 LayerZero 技術的去中心化借貸協議，由於智能合約錯誤，在 1 月份的一次黑客攻擊中已經損失了 450 萬美元（約 673 萬澳元）。

The cause of this particular breach remains unclear, but the crypto community speculates that it could involve a compromised front-end, leading keyholders to unwittingly interact with malware.

這個特定漏洞的原因尚不清楚，但加密社群推測它可能涉及受損的前端，導致金鑰持有者無意中與惡意軟體互動。

However, according to Polygon Lab's Chief Security Officer, Mudit Gupta, the matter is more straightforward - Radiant's multisig wallet had 11 signers but only required three signatures to execute transactions. This low threshold has been criticized by industry experts as being insufficient for a protocol of Radiant's size.

然而，根據 Polygon Lab 首席安全官 Mudit Gupta 的說法，事情更簡單 - Radiant 的多重簽名錢包有 11 個簽名者，但只需要三個簽名即可執行交易。這一低門檻被行業專家批評為不足以滿足 Radiant 規模的協議。

Radiant has acknowledged the incident and is working with several security firms to investigate it further.

Radiant 已承認此事件，並正在與多家安全公司合作進一步調查。

We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible.

我們注意到 Binance Chain 和 Arbitrum 上的 Radiant Lending 市場有問題。我們正在與 SEAL911、Hypernative、ZeroShadow 和 Chainaanalysis 合作，並將盡快提供更新。

Markets on Base and Mainnet are paused until further notice.

基礎網路和主網上的市場已暫停，直至另行通知。

Security firm Hacken revealed that the malicious contract was prepared 14 days prior, with an earlier, unsuccessful attempt at the exploit occurring six days prior.

保全公司 Hacken 透露，惡意合約是在 14 天前準備好的，六天前曾進行過一次未成功的利用嘗試。

Unsurprisingly, Radiant's native token, RDNT, dropped 9% following the news, trading at $0.066 at the time of writing.In Q3 of 2024, total crypto hacks combined resulted in about $1.58 billion (around AU$2.36 billion) in losses, nearly double the US$857 million (AU$1.28 billion) stolen during the same period in 2023. By the end of August, the total stolen had reached US$1.21 billion (AU$1.8 billion), reflecting a 15.5% increase from the US$1.048 billion (AU$1.57 billion) taken by this time in 2023.

不出所料，Radiant 的原生代幣RDNT 在消息傳出後下跌了9%，在撰寫本文時交易價格為0.066 美元。 ）的損失，幾乎是2024 年第三季的兩倍。 10.48 億美元（15.7 億澳元）增加了15.5% ）拍攝於 2023 年此時。

Cyber-criminal groups in North Korea, especially Lazarus, are largely responsible for these crimes, scheming all kinds of plans to trick DeFi protocols, employees, and regular users.

北韓的網路犯罪團體，尤其是 Lazarus，對這些犯罪負有主要責任，他們策劃了各種計劃來欺騙 DeFi 協議、員工和普通用戶。