Yesterday, lending platform Radiant Capital suffered a loss of over $50 million worth of crypto when the project’s multisig wallet was compromised.
The incident offers a stark reminder of the importance of key management in the industry, and the potential for damage when signer addresses are compromised.
According to blockchain security firm SlowMist, private keys to three of 11 addresses were compromised in order to “transfer ownership of the LendingPoolAddressesProvider contract to a malicious contract controlled by the attacker.” This was then used to drain lending markets on two networks: Arbitrum and BNB Chain.
Read more: Three DeFi hacks net $10 million in 48 hours despite ‘renaissance moment’
Crypto auditor Ancilia Inc. alerted the community, instructing users to revoke token approvals to the affected contracts, and adding updates as the losses mounted.
Unfortunately, the security experts were also reportedly duped into sharing a wallet drainer link from a spoofed account, ‘Radiarnt Capital.’
Radiant Capital’s official X (formerly Twitter) account acknowledged the incident approximately two hours later, as well as confirming the list of compromised contracts. In the meantime, regular marketing material was published and screenshots emerged of a team member assuming users had fallen victim to a “phising” (sic.) attack.
The stolen funds — $19 million and $32 million worth of BNB and ETH respectively — are currently held in attacker addresses on BNB Chain and Arbitrum. Radiant Capital previously lost $4.5 million to a well-known bug in January of this year.
Wider threat
The news underlined the decentralized finance (DeFi) sector’s reliance on multisig wallets to secure crypto worth billions of dollars.
L2BEAT researcher donnoh.eth pointed out the sheer scale of funds secured across the sector, with the threshold for each multisig displayed alongside the value held within.
Read more: Blast L2 hack prompts debate over centralization of Ethereum rollups
The figures show that just two compromised signatures could lead to losses of $676 million on Starknet. A total of $1.756 billion is secured by just three signatures apiece across Blast (by far the best value-for-key for potential hackers), Frax, Taiko, and Kinto.
Four-signature thresholds secure $1.197 billion in total between Linea, Metis and, Loopring. Finally, $1.44 billion Mantle has the highest threshold, but with 13 possible signers come more opportunities for would-be spear phishing targets.
Multisig wallets are a common security feature for crypto users, especially projects that manage funds as a team or for making critical upgrades to their platforms. An established threshold of signatures is required to send transactions, with no single address able to do so alone.
Read more: DeFi app Delta Prime loses $6M after being warned of Lazarus mole
However, multisigs represent a ‘honeypot’ target for black hats, with extraordinarily large sums extracted on occasion.
In July, Indian crypto exchange WazirX lost $230 million after two signer addresses were compromised, and a further two were likely tricked into signing a malicious transaction. In March 2022, the now infamous Ronin Bridge attack saw over $600 million stolen, which went unnoticed for almost a week.
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
Source: https://protos.com/radiant-capitals-50m-crypto-hack-underlines-defis-multisig-dependence/