Radiant Capital, a decentralized finance (DeFi) lending protocol, has suffered a significant loss of over $50 million due to a cyberattack that exploited vulnerabilities in its blockchain contracts. This incident marks the second exploit for the platform this year, raising concerns about security in the rapidly evolving DeFi landscape.
Key Takeaways
- Radiant Capital lost over $50 million in a cyberattack on its blockchain contracts.
- The exploit involved the theft of private keys from a multi-signature wallet.
- This is the second major exploit for Radiant Capital in 2024, following a $4.5 million loss in January.
- Security experts are investigating the potential sources of the breach, including possible phishing attacks.
Overview of The Attack
On Wednesday, Radiant Capital's blockchain contracts were compromised, leading to the theft of funds from users on both the Binance Smart Chain (BSC) and Arbitrum networks. Security experts reported that the attacker gained access to three of the private keys controlling the protocol's multi-signature wallet, which consists of 11 signers. This breach allowed the hacker to upgrade the platform's smart contracts and execute unauthorized transactions.
The exploit utilized the 'transferFrom' function, enabling the attacker to drain various cryptocurrencies, including USDC, WBNB, and ETH, from user accounts. The total losses have been estimated at around $51.5 million, with significant amounts siphoned from both BSC and Arbitrum instances.
Previous Exploits
This incident is not the first for Radiant Capital. Earlier in January 2024, the protocol experienced a separate hack that resulted in a loss of $4.5 million due to a bug in its smart contracts. The repeated targeting of Radiant raises questions about the security measures in place and the overall vulnerability of DeFi platforms.
Investigating The Breach
As the investigation unfolds, security experts are exploring how the private keys were compromised. Speculations suggest that the attack may have originated from a compromised front-end, where legitimate key-holders inadvertently interacted with a malware-infected protocol. The platform has paused its markets on Base and Mainnet while collaborating with security firms like SEAL911, Hypernative, ZeroShadow, and Chainalysis to address the issue.
User Advisory
In light of the exploit, users are advised to revoke any permissions granted to Radiant Capital contracts to safeguard their funds. Security experts recommend exercising caution when interacting with DeFi platforms, especially in the wake of such significant breaches.
Conclusion
The recent exploit of Radiant Capital underscores the ongoing challenges faced by DeFi protocols in maintaining security and protecting user assets. As the industry continues to grow, the need for robust security measures and user awareness becomes increasingly critical. The situation remains fluid, and updates from Radiant Capital are anticipated as the investigation progresses.
Sources
