根据链上证据和 Web3 安全 Ancilia 的数据，全链货币市场 Radiant Capital RDNT -6.78% 似乎正在遭受攻击。

攻击于周三下午开始，针对 Radiant 的以太坊 ETH +0.85% Layer 2 Arbitrum ARB -0.95% 实例，然后转移到

Omnichain money market Radiant Capital (RDNT) is being exploited, onchain evidence suggests.

链上证据表明，全链货币市场 Radiant Capital (RDNT) 正在被利用。

The attack began on Radiant’s Ethereum (ETH) Layer 2 Arbitrum instance on Wednesday afternoon and then moved onto BNB Chain, according to Arkham Intelligence data.

根据 Arkham Intelligence 的数据，攻击于周三下午开始针对 Radiant 的以太坊 (ETH) Layer 2 Arbitrum 实例，然后转移到 BNB 链。

“We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had vulnerability functions,” Ancilia wrote on X.

“我们注意到有几笔通过合约 0xd50cf00b6e600dd036ba8ef475677d816d6c4281 从用户帐户进行的转账。请尽快撤销您的批准。看起来新的实现有漏洞功能，”Ancilia 在 X 上写道。

A transferFrom exploit uses a smart contract’s transferFrom function to enable one account to send a specified number of tokens from a target account to a third account. It generally requires the victim’s account to grant permission to interact with a spoofed wallet address. Ancilia is warning Radiant users to revoke all Radiant contract addresses as a safety measure.

TransferFrom 漏洞利用智能合约的 TransferFrom 函数，使一个账户能够将指定数量的代币从目标账户发送到第三个账户。它通常需要受害者的帐户授予与欺骗性钱包地址交互的权限。 Ancilia 警告 Radiant 用户撤销所有 Radiant 合约地址，作为安全措施。

“Radiant capital has fallen victim to a hack causing $51mm in losses so far across Arbitrum and BnB chain. The Ethereum and Base deployments seem to be secure but we would warn anyone to be careful interacting with these contracts at this time,” Tony Ke, security research lead at Fuzzland, told Blockworks in an interview.

“Radiant Capital 已成为黑客攻击的受害者，迄今为止，Arbitrum 和 BnB 链上的损失已达 51 毫米。以太坊和 Base 部署似乎是安全的，但我们会警告任何人此时与这些合约进行交互时要小心，”Fuzzland 安全研究主管 Tony Ke 在接受 Blockworks 采访时表示。

A backdoor contract was deployed at approximately 17:09 UTC on Wednesday, enabling the unknown attacker to gain unauthorized access and begin transferring tokens, according to Ancilia.

据 Ancilia 称，后门合约于周三世界标准时间 17:09 左右部署，使未知攻击者能够获得未经授权的访问并开始转移代币。

“Radiant leverages a multisig setup for their smart contract controls which seems to have been compromised internally,” Ke said. The attack profile suggests that someone was either phished or there was a compromised computer or an inside attacker that led to Radiant’s private keys leaking.

“Radiant 利用多重签名设置来控制智能合约，这似乎已在内部受到损害，”Ke 说。攻击概况表明，有人遭到网络钓鱼，或者计算机受到感染，或者内部攻击者导致 Radiant 的私钥泄露。

“As we learn more information about how this occurred, we will try to work in conjuction with the Radiant team to help in any fund recovery efforts possible,” Ke said.

“当我们了解更多有关此事如何发生的信息时，我们将尝试与 Radiant 团队合作，帮助开展任何可能的资金追回工作，”Ke 说。

The hacker transferred wrapped versions of BNB, ETH, USDC and USDT tokens, among others, from a Radiant-controlled wallet to a single address beginning 0x0629b. That wallet currently has a BNB balance of over $5 million, according to DeBank.

黑客将 BNB、ETH、USDC 和 USDT 代币等的打包版本从 Radiant 控制的钱包转移到以 0x0629b 开头的单个地址。据 DeBank 称，该钱包目前的 BNB 余额超过 500 万美元。

That same wallet’s account on DeBank shows a $51 million balance, with a 2,619,512.54% increase in token holdings since it was created, indicating the attack could be far more widespread.

该钱包在 DeBank 上的账户显示余额为 5100 万美元，自创建以来代币持有量增加了 2,619,512.54%，这表明攻击可能更加广泛。

The attacker’s address also holds over $32 million worth of Arbitrum-based assets and around $18 million worth of tokens on BNB Chain, according to Arkham Intelligence. Its largest holdings are ETH derivatives wstETH and weETH.

据 Arkham Intelligence 称，攻击者的地址还持有价值超过 3200 万美元的 Arbitrum 资产以及 BNB 链上价值约 1800 万美元的代币。其最大持仓是ETH衍生品wstETH和weETH。

Earlier this year, Radiant Capital lost around 1900 ETH, worth $4.5 million, in a flash loan attack.

今年早些时候，Radiant Capital 在闪贷攻击中损失了约 1900 ETH，价值 450 万美元。