Highlights:
- Radiant Capital lost over $50 million in the recent exploit of its liquidity pools on Binance Smart Chain and Arbitrum.
- The hacker compromised three private keys, gaining control over multiple signers.
- Protocol’s native token, RDNT, fell 9% following the news.
Blockchain lending protocol Radiant Capital suffered losses of over $50 million in an exploit on Wednesday, according to Web3 cybersecurity firm De.Fi Antivirus. Radiant is managed by a multi-signature, or “multisig,” wallet with 11 signers.
The attacker reportedly acquired three of these signers’ private keys, gaining control of multiple smart contracts. This allowed them to withdraw substantial assets from the platform’s liquidity pools on Binance Smart Chain (BSC) and Arbitrum.
De.Fi Antivirus stated:
“Radiant Capital contracts were exploited on BSC & ARB chains with the ‘transferFrom’ function, which allowed to drain users’ funds, namely $USDC $WBNB $ETH and others.”
The hacker reportedly uses a TransferFrom function, which permits one account to transfer tokens from another account to a third party. For this to occur, the victim must authorize a fraudulent wallet address. Ancilia Inc., a Web3 security company, has advised users to promptly revoke any approvals granted to Radiant Capital to safeguard their funds from further unauthorized access.
🚨~$58,000,000 Exploit Alert🚨
Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others
⚠️Revoke approvals ASAP👇
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwEmL— De.Fi Antivirus Web3 🛡️ (@De_FiSecurity) October 16, 2024
De.Fi reported that the exploit drained approximately $58 million. This aligns with estimates from cybersecurity firm Ancilia Inc., which estimated losses at around $50 million, according to another post on X.
#ancilia_alerts It seems like something happen with @RDNTCapital contract on BSC. We have noticed several transferFrom user's account through the contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke your approval ASAP. It seems like the new implementation had…
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
Private Key Compromise Unclear in Radiant Attack; Investigation Underway
At the time of reporting, the method of private key compromise in Wednesday’s attack was unclear. Some members of an Ethereum security group on Telegram speculated that the attack may have resulted from a compromised front-end, leading legitimate Radiant key holders to unintentionally interact with malware.
Radiant confirmed the exploit in a post on its official X account but did not disclose specific details. The platform halted its lending markets after the hack.
Radiant said:
“We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.”
The hacker transferred wrapped BNB, ETH, USDC, and USDT to a wallet starting with 0x0629b. This wallet now contains over $5 million in BNB and has a total value of $51 million, as per DeBank. Currently, the hacker holds over $32 million in Arbitrum-based assets and about $18 million in tokens on the BNB Chain.
Radiant Protocol Targeted Twice in 2024
Security firm Hacken observed that the malicious contract utilized in the attack was deployed 14 days prior. The hacker had attempted to execute the exploit unsuccessfully six days before the successful attack.
🧠 Malicious Contract Preparation:
The malicious contract, used as the implementation for the proxy upgrade, was deployed 14 days ago:
🔗 https://t.co/VUeUTldhVwThis suggests the attacker may have planned the exploit for over two weeks, preparing carefully for the attack.
— Hacken🇺🇦 (@hackenclub) October 16, 2024
This attack represents the second exploit Radiant has experienced in 2024. The protocol previously lost $4.5 million in a flash loan exploit in January, resulting in a nearly 40% decrease in its total value locked shortly thereafter.
RDNT Token Falls After Hack
The DeFi protocol’s native token, RDNT, dropped 9% following the news. At the time of writing, it was trading at $0.066.
