Radiant Capital Hit by $50M Exploit Across BNB Chain and Arbitrum in Second Major Attack

Radiant Capital, a decentralized lending protocol, has suffered a massive cyberattack, losing more than $50 million in digital assets. The attack, which occurred across Binance's BNB Chain and Ethereum's layer-2 Arbitrum network, marks the second significant exploit the platform has faced this year, further raising concerns about the security of decentralized finance (DeFi) platforms.

The Incident Unfolds

The attack was first reported on Wednesday by blockchain security firm Ancilia Inc., which flagged suspicious activity involving Radiant Capital's smart contracts on BNB Chain. Initial reports showed approximately $16 million being drained from the platform on BNB. Shortly after, assets were also siphoned from Radiant's liquidity pools on Arbitrum. Another security firm, Hacken, later confirmed that the total stolen assets, including USDT, USDC, and ARB, amounted to nearly $50 million.

Radiant Capital acknowledged the issue on X (formerly Twitter), stating, "We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum," and assured users they were working with blockchain security teams SEAL911, Hypernative, ZeroShadow, and Chainalysis to investigate the breach.

How the Attack Happened

According to Web3 security firm De.Fi, the attackers managed to exploit Radiant's smart contracts through the 'transferFrom' function, allowing them to drain user funds. Radiant operates using a multi-signature (multisig) wallet system, requiring 11 signers to authorize any protocol upgrades. The attackers somehow obtained three of these private keys, which gave them enough control to modify the smart contracts and carry out the attack.

While the exact method by which the private keys were compromised remains unclear, some experts in the Ethereum security community have speculated that it may have resulted from a front-end attack. This type of exploit could have deceived legitimate key-holders into interacting with a malicious interface, thereby granting the attacker access to the protocol.

Radiant’s response included pausing its markets on Ethereum and the layer-2 network Base while urging users to revoke their smart contract permissions as a safety measure. The platform also directed users to the Revoke.Cash service to check if they were at risk.

Not the First Incident

This latest exploit isn't the first time Radiant Capital has been targeted. Earlier in January, the protocol lost $4.5 million in a separate flash loan-based attack on Arbitrum due to a bug in its smart contracts. The recurrent breaches underline the vulnerabilities in DeFi systems, where even protocols designed to be capital-efficient and secure are regularly targeted by sophisticated hackers.

The Broader Impact

Radiant Capital operates as a decentralized autonomous organization (DAO) and describes its mission as unifying fragmented liquidity across Web3's various money markets into one seamless, omnichain platform. Despite its ambitious goals, repeated security incidents could undermine confidence in Radiant and similar DeFi projects. The need for more robust security frameworks is evident as hackers continuously exploit weak points in decentralized systems.

This breach, resulting in such a significant financial loss, highlights the risks for users engaging with DeFi platforms. Although Radiant and its team are working to address the issue, the full extent of the damage—both financial and reputational—is still unfolding.

Conclusion

The $50 million exploit on Radiant Capital has rattled the DeFi community once again, raising serious concerns about the security of blockchain protocols and the safeguarding of user funds. With two major hacks in less than a year, Radiant faces an uphill battle to restore trust. The incident serves as a reminder of the critical need for constant vigilance and improved security mechanisms in the rapidly evolving world of decentralized finance.

This story is still developing, and Radiant Capital has yet to provide a detailed explanation of how the attackers obtained access to the private keys. Until the investigation concludes, users are advised to stay alert and take appropriate measures to protect their assets.