Serious security issues for Radiant Capital: the new hack

Radiant Capital recently suffered a severe security breach following a hack, with a loss of over 50 million dollars. Specifically, the hackers compromised three crucial private keys, leading to one of the biggest blockchain hacks of the year.

Let’s see all the details in this article. 

The blockchain platform Radiant still under hack: second exploit in 2024

As anticipated, Radiant Capital, a blockchain-based lending platform, experienced a devastating cyber hack that resulted in the loss of over 50 million dollars.

This incident marks the second exploit significant for the platform during 2024. Thus raising concerns about the security of its smart contracts and the management of private keys.

On Wednesday, security experts confirmed that a malicious user managed to gain control of three of the eleven private keys necessary to manage the Radiant Capital protocol. 

We remind you that these keys are essential for updating the smart contracts that regulate the functioning of the platform. 

The Radiant protocol is built on a structure called a multi-signature wallet, where each update requires the approval of a certain number of signatories. In this case, unauthorized access to three keys was sufficient to take control of the funds.

The attack was conducted on the Binance Smart Chain (BSC) and Arbitrum blockchains, using a function called “transferFrom”, which allowed the attackers to transfer users’ funds. 

According to the Web3 security company De.Fi, which disclosed information about the exploit via X (formerly Twitter), the attack stole significant criptovalute such as USDC, WBNB, and ETH.

Unfortunately, this hack is not an isolated case for Radiant Capital. Already in January 2024, the platform had suffered another security breach, which had caused a loss of 4.5 million dollars. 

That incident had been attributed to a bug in Radiant’s smart contracts, demonstrating that, despite the security measures taken, the platform remains vulnerable to new threats.

The recurrence of attacks of this magnitude raises serious questions about Radiant’s ability to protect its users and their funds. 

As a result, investor confidence, a crucial element for any blockchain project, risks wavering if immediate and decisive measures are not adopted.

The problem of private keys

As explained above, private keys are a central element for security in blockchains. These, in fact, allow owners to sign transactions and update contracts. 

In the case of Radiant, the attack has raised numerous hypotheses about how the attackers managed to gain access to three of the necessary keys. Some security experts have suggested that the origin of the attack might lie in a compromised front-end. 

In other words, the legitimate key holders might have been tricked into interacting with an interface infected by malware.

In any case, the uncertainty about how the keys were compromised has made the situation even more complex. 

At the moment, Radiant has not disclosed specific details on how the attack was conducted, limiting itself to confirming the exploit with an official message on X, stating:

“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum.” 

Furthermore, after the attack, Radiant has suspended the markets on Base and Mainnet until further notice, working alongside security companies such as SEAL911, Hypernative, ZeroShadow, and Chainalysis to resolve the situation. 

The platform has encouraged users to revoke the permissions of their smart contracts through an application called revoke.cash. This helps to disconnect wallets from compromised smart contracts.

The implications for the future of Radiant Capital 

The recent exploit on Radiant Capital raises fundamental questions about the reliability of blockchain platforms and their security mechanisms. 

In a context where decentralized finance (DeFi) continues to grow in popularity, incidents like these highlight the structural challenges that need to be addressed.

Radiant is defined as a platform that aims to “unify the billions of fragmented liquidity in Web3 money markets under a single secure, easy-to-use, and capital-efficient currency.” 

However, its recent vulnerability brings with it a significant challenge to this mission. Without a secure system that ensures the protection of private keys and user assets, the promise of a secure and efficient platform remains distant.

Cyber attacks in the blockchain world are unfortunately becoming more frequent. In the case of Radiant, the repetition of breaches in such a short period of time represents a wake-up call not only for the platform itself but for the entire DeFi sector. 

It is therefore essential that platforms like Radiant implement more advanced and transparent security measures to safeguard users’ funds and maintain trust in decentralized markets.

Source: https://en.cryptonomist.ch/2024/10/17/gravi-problemi-di-sicurezza-per-radiant-capital-la-perdita-di-50-milioni-di-dollari-in-un-nuovo-hack/