Radiant Capital 再次遭受黑客攻击，BSC 和 Arbitrum 合约损失超过 5000 万美元

区块链借贷协议 Radiant Capital 遭受网络攻击，导致损失超过 5000 万美元（7482 万澳元）。

Blockchain lending protocol Radiant Capital suffered a cyberattack, leading to a loss of over $50 million (around AU$74.82 million).

区块链借贷协议 Radiant Capital 遭受网络攻击，导致损失超过 5000 万美元（约 7482 万澳元）。

Security experts revealed that the attacker gained control of Radiant's contracts by obtaining three private keys from its multi-signature wallet, which controls the protocol.

安全专家透露，攻击者通过从控制协议的多重签名钱包中获取三个私钥来控制 Radiant 的合约。

The exploit, which impacted the Binance Smart Chain and Arbitrum networks, allowed the hackers to drain assets like USDC, WBNB, and ETH.Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others⚠️

该漏洞影响了币安智能链和 Arbitrum 网络，使黑客能够盗取 USDC、WBNB 和 ETH 等资产。Radiant Capital 合约通过“transferFrom”功能在 BSC 和 ARB 链上被利用，从而导致用户被盗用。资金，即$USDC $WBNB $ETH 等⚠️

Revoke approvals ASAP👇

尽快撤销批准👇

0xd50cf00b6e600dd036ba8ef475677d816d6c4281

0xd50cf00b6e600dd036ba8ef475677d816d6c4281

And Another One

还有另外一个

Radiant, which is a decentralised lending protocol that leverages LayerZero technology, had already lost $4.5 million (around AU$6.73 million) in a January hack due to a smart contract bug.

Radiant 是一种利用 LayerZero 技术的去中心化借贷协议，由于智能合约错误，在 1 月份的一次黑客攻击中已经损失了 450 万美元（约 673 万澳元）。

The cause of this particular breach remains unclear, but the crypto community speculates that it could involve a compromised front-end, leading keyholders to unwittingly interact with malware.

这一特定漏洞的原因尚不清楚，但加密社区推测它可能涉及受损的前端，导致密钥持有者无意中与恶意软件交互。

However, according to Polygon Lab's Chief Security Officer, Mudit Gupta, the matter is more straightforward - Radiant's multisig wallet had 11 signers but only required three signatures to execute transactions. This low threshold has been criticized by industry experts as being insufficient for a protocol of Radiant's size.

然而，根据 Polygon Lab 首席安全官 Mudit Gupta 的说法，事情更简单 - Radiant 的多重签名钱包有 11 个签名者，但只需要三个签名即可执行交易。这一低门槛被行业专家批评为不足以满足 Radiant 规模的协议。

Radiant has acknowledged the incident and is working with several security firms to investigate it further.

Radiant 已承认这一事件，并正在与多家安全公司合作进一步调查。

We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible.

我们注意到 Binance Chain 和 Arbitrum 上的 Radiant Lending 市场存在问题。我们正在与 SEAL911、Hypernative、ZeroShadow 和 Chainaanalysis 合作，并将尽快提供更新。

Markets on Base and Mainnet are paused until further notice.

基础网络和主网上的市场已暂停，直至另行通知。

Security firm Hacken revealed that the malicious contract was prepared 14 days prior, with an earlier, unsuccessful attempt at the exploit occurring six days prior.

安全公司 Hacken 透露，恶意合约是在 14 天前准备好的，六天前曾进行过一次未成功的利用尝试。

Unsurprisingly, Radiant's native token, RDNT, dropped 9% following the news, trading at $0.066 at the time of writing.In Q3 of 2024, total crypto hacks combined resulted in about $1.58 billion (around AU$2.36 billion) in losses, nearly double the US$857 million (AU$1.28 billion) stolen during the same period in 2023. By the end of August, the total stolen had reached US$1.21 billion (AU$1.8 billion), reflecting a 15.5% increase from the US$1.048 billion (AU$1.57 billion) taken by this time in 2023.

不出所料，Radiant 的原生代币 RDNT 在消息传出后下跌了 9%，在撰写本文时交易价格为 0.066 美元。 2024 年第三季度，加密货币黑客攻击总计造成约 15.8 亿美元（约 23.6 亿澳元）的损失，几乎是 2024 年第三季度的两倍。 2023 年同期被盗金额为 8.57 亿美元（12.8 亿澳元）。截至 8 月底，被盗总额已达到 12.1 亿美元（18 亿澳元），较 10.48 亿美元（15.7 亿澳元）增加了 15.5% ）拍摄于 2023 年此时。

Cyber-criminal groups in North Korea, especially Lazarus, are largely responsible for these crimes, scheming all kinds of plans to trick DeFi protocols, employees, and regular users.

朝鲜的网络犯罪团体，尤其是 Lazarus，对这些犯罪负有主要责任，他们策划了各种计划来欺骗 DeFi 协议、员工和普通用户。