TLDR:
- Radiant Capital suffered a $50-58M crypto hack targeting developer wallets
- Attack used advanced malware to compromise hardware wallets
- FBI and cybersecurity teams are working to recover stolen funds
- Radiant is enhancing security with stricter verification processes
- Users advised to revoke approvals for tokens associated with Radiant
Radiant Capital, a decentralized finance (DeFi) platform, has fallen victim to a sophisticated cyber attack resulting in the theft of approximately $50 million in cryptocurrency.
The incident, which occurred on October 16, 2024, targeted the hardware wallets of core developers using advanced malware injection techniques.
The attackers managed to compromise the wallets of three core developers, manipulating the front-end transaction verification process while executing malicious transactions in the background.
This breach went undetected during routine checks by both Radiant Capital’s internal team and external security audits from organizations like SEAL911 and Hypernative.
The hack took place during a standard multi-signature adjustment process, which is typically a secure operation intended to adapt to changing market conditions. T
he attackers exploited vulnerabilities in the DAO’s blockchain contracts on Binance Smart Chain (BSC) and Arbitrum, draining assets from liquidity pools. The stolen funds include USDC, WBNB, and ETH.
In response to the breach, Radiant Capital has taken swift action by enlisting the help of U.S. law enforcement, including the FBI. The company is actively collaborating with cybersecurity teams to freeze the stolen assets and trace the attackers. Efforts are underway to analyze the digital traces left by the hackers and recover the funds.
Radiant Capital has also implemented immediate security enhancements to prevent future breaches. These measures include more stringent multi-layer signature verifications and the use of independent devices to confirm transaction data before approval. The DAO has introduced new cold wallet addresses using fresh, uncompromised devices to eliminate vulnerabilities.
To further strengthen security, Radiant Capital has reduced the number of signers for both Admin and DAO multisigs to seven and raised the signing threshold to four. This change requires nearly 60% approval for any transaction to proceed. Additional safes will undergo similar upgrades in the near future.
The organization is also implementing an extra verification step by cross-checking transaction data through Etherscan’s input data decoder
. This added layer of scrutiny aims to enhance accuracy and safeguard against potential errors. Radiant Capital expects to resume activity on the Base and Ethereum markets within a few days, operating under a new suite of contracts with enhanced security measures.
In light of the incident, security experts are advising users to take immediate action by revoking any existing approvals for their tokens associated with Radiant Capital. The address to revoke approvals is 0xd50cf00b6e600dd036ba8ef475677d816d6c4281, and users are urged to act swiftly to protect their remaining funds from further unauthorized access.
This is not the first time Radiant Capital has faced security issues. Earlier, the company experienced a hack resulting in a loss of 1,900 ETH, valued at approximately $4.5 million. That incident exploited a time window when a new market was activated in a lending platform forked from the popular Compound and Aave protocols.
Source: https://blockonomi.com/fbi-assists-in-radiant-capital-crypto-hack-investigation/