ARB
by BSCN
October 16, 2024
Radiant capital hacked for $50M, the second time they have seen an exploit
Radiant Capital, a decentralized lending protocol, has suffered a massive cyberattack, losing more than $50 million in digital assets. The attack, which occurred across Binance's BNB Chain and Ethereum's layer-2 Arbitrum network, marks the second significant exploit the platform has faced this year, further raising concerns about the security of decentralized finance (DeFi) platforms.
The attack was first reported on Wednesday by blockchain security firm Ancilia Inc., which flagged suspicious activity involving Radiant Capital's smart contracts on BNB Chain. Initial reports showed approximately $16 million being drained from the platform on BNB. Shortly after, assets were also siphoned from Radiant's liquidity pools on Arbitrum. Another security firm, Hacken, later confirmed that the total stolen assets, including USDT, USDC, and ARB, amounted to nearly $50 million.
Radiant Capital acknowledged the issue on X (formerly Twitter), stating, "We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum," and assured users they were working with blockchain security teams SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach.
According to Web3 security firm De.Fi, the attackers managed to exploit Radiant's smart contracts through the 'transferFrom' function, allowing them to drain user funds. Radiant operates using a multi-signature (multisig) wallet system, requiring 11 signers to authorize any protocol upgrades. The attackers somehow obtained three of these private keys, which gave them enough control to modify the smart contracts and carry out the attack.
While the exact method by which the private keys were compromised remains unclear, some experts in the Ethereum security community have speculated that it may have resulted from a front-end attack. This type of exploit could have deceived legitimate key-holders into interacting with a malicious interface, thereby granting the attacker access to the protocol.
Radiant’s response included pausing its markets on Ethereum and the layer-2 network Base while urging users to revoke their smart contract permissions as a safety measure. The platform also directed users to the Revoke.Cash service to check if they were at risk.
This latest exploit isn't the first time Radiant Capital has been targeted. Earlier in January, the protocol lost $4.5 million in a separate flash loan-based attack on Arbitrum due to a bug in its smart contracts. The recurrent breaches underline the vulnerabilities in DeFi systems, where even protocols designed to be capital-efficient and secure are regularly targeted by sophisticated hackers.
Radiant Capital operates as a decentralized autonomous organization (DAO) and describes its mission as unifying fragmented liquidity across Web3's various money markets into one seamless, omnichain platform. Despite its ambitious goals, repeated security incidents could undermine confidence in Radiant and similar DeFi projects. The need for more robust security frameworks is evident as hackers continuously exploit weak points in decentralized systems.
This breach, resulting in such a significant financial loss, highlights the risks for users engaging with DeFi platforms. Although Radiant and its team are working to address the issue, the full extent of the damage—both financial and reputational—is still unfolding.
The $50 million exploit on Radiant Capital has rattled the DeFi community once again, raising serious concerns about the security of blockchain protocols and the safeguarding of user funds. With two major hacks in less than a year, Radiant faces an uphill battle to restore trust. The incident serves as a reminder of the critical need for constant vigilance and improved security mechanisms in the rapidly evolving world of decentralized finance.
This story is still developing, and Radiant Capital has yet to provide a detailed explanation of how the attackers obtained access to the private keys. Until the investigation concludes, users are advised to stay alert and take appropriate measures to protect their assets.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCN. The information provided in this article is for educational and entertainment purposes only and should not be construed as investment advice, or advice of any kind. BSCN assumes no responsibility for any investment decisions made based on the information provided in this article. If you believe that the article should be amended, please reach out to the BSCN team by emailing [email protected].
Latest News
6h : 46m ago
Weekly Article Recap: 3/17-3/21
March 21, 2025
What is PIDaoSwap? A New Decentralized Exchange (DEX) on Pi Network
March 21, 2025
What Makes Sidra Chain Unique? Full Analysis
March 21, 2025
CHEEMS Memecoin Analysis: A BNB Giant
March 21, 2025
Who Is the Mysterious Hyperliquid Whale?
March 21, 2025
PumpFun Introduces PumpSwap to Challenge Raydium
March 20, 2025
Goldfinch and Plume Unlock Private Credit in the Crypto Ecosystem
March 20, 2025
BNB Analysis: Massive Growth and Outperforming BTC