Lending protocol Radiant Capital was reportedly hit with a cyberattack that targeted its contracts on BNB Chain and Arbitrum. The incident resulted in the loss of over $50 million from its DeFi platform, with over $32 million drained from Arbitrum and around $18 million from BNB Chain.
The platform has suffered two exploits this year, with over $55 million drained.
The exploit was first discovered by several security experts. Ancilia, a Web3 cybersecurity service entity, said they noticed multiple transfers were unusually initiated from users’ accounts through a Radiant Capital’s contract.
#ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user’s account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had…
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
Hacking Everywhere
The project later confirmed four of its contracts were exploited and urged users to revoke approval for these contracts to prevent additional unauthorized transfers. It also temporarily suspended markets on Base and Mainnet at the time of confirmation.
Radiant Capital said they were working with SEAL911, Hypernative, ZeroShadow and Chainalysis to fix the issue. There are no further updates from the project at press time.
“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice,” the team said.
According to initial analysis, the exploit was initiated via a backdoor contract that allowed the attacker to access and drain funds from Radiant Capital’s lending pools. This included various tokens like Wrapped BNB (WBNB), Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).
Smashing Through Security
The attacker managed to acquire 3 of the 11 multisig approval private keys, a number sufficient to authorize a transfer of control over Radiant’s lending pool to their own address. Following this, they were able to withdraw the funds.
That raises concerns about Radiant Capital’s setup of low multisig approval threshold since MultiSig wallet typically requires multiple approvals for transactions.
According to a recent update linked to the hack, Ancilia, which were among the first to report the incident, accidentally shared a link to a malicious wallet drainer amid attempts to help users affected by the Radiant Capital exploit.
The mistake, which led to more funds stolen, was quickly exposed by the community members. Ancilia is facing backlash due to lack of security practices, especially when users are trying to prevent further losses.
Second Attack This Year
RDNT, Radiant Capital’s native token, experienced a 9% decline following the exploit. At the time of writing, the cryptocurrency is trading at around $0.066, per CoinGecko. Its market cap also plunges from $84 million to $75.8 million within the day.
This is the second attack targeting Radiant Capital. The protocol suffered the first exploit in January, resulting in approximately $4.5 million worth of Ethereum stolen. The hacker reportedly used a flash loan method to manipulate the liquidity index of the Radiant Capital protocol and drain funds.
Following the hack, Radiant Capital temporarily halted its lending and borrowing markets as a precautionary measure. The stolen funds were reportedly moved to a wallet that remained inactive for some time.
The project has since faced challenges in maintaining its total value locked (TVL). It lost nearly 37% of its TVL shortly after the January attack, and although it managed some recovery by March, it has since lost approximately 75% of its TVL year-to-date due to ongoing vulnerabilities and market conditions.
The DeFi ecosystem reported a number of exploits this year, with total losses exceeding $1.2 billion. However, compared to previous years, large-scale exploits are on decline. For hackers, it is still easy to make money with crypto hacks.
At the start of January 2024, Orbit Chain lost around $80 million due to hackers raiding its multi-signature wallet. Prisma Finance was exploited in March, leading to losses of approximately $10 million.
Source: https://blockonomi.com/radiant-capital-hit-by-50m-blockchain-security-breach/