Radiant Capital Suffers $50 Million Loss Following Cyberattack
Radiant Capital has lost over $50 million in a cyberattack that compromised its blockchain contracts, highlighting the vulnerabilities in decentralized finance systems.
Blockchain lending protocol Radiant Capital has reported a significant loss of over $50 million due to a recent cyberattack, as confirmed by security experts and blockchain data.
An attacker managed to gain control of Radiant Capital's blockchain contracts by acquiring three of the private keys required to control the protocol.
The exploit, as reported by Web3 security firm De.Fi, involved using the transferFrom function on the BSC & ARB chains, which enabled the attacker to drain various user funds, notably $USDC, $WBNB, $ETH, and others.
Radiant operates with a multi-signature wallet managed by 11 signers. The attacker successfully acquired three of these signers' private keys, allowing them sufficient authority to upgrade the smart contracts of the platform.
Radiant Capital’s suite of tools allows users to borrow, lend, and bridge cryptocurrencies across different blockchains. This incident marks the second exploit targeting the protocol this year, with a previous incident in January resulting in a loss of $4.5 million due to a bug in its smart contracts.
Details regarding how the private keys were compromised during Wednesday's attack remain unclear. Members from an Ethereum security group speculated that the assault might have originated from a compromised front-end, suggesting that legitimate key holders may have interacted with a malware-infected protocol.
In its response to the exploit, Radiant acknowledged the issue and mentioned it is collaborating with SEAL911, Hypernative, ZeroShadow, and Chainalysis, stating, "We are working with experts to resolve the issue and will provide an update soon."
This situation continues to unfold as Radiant Capital strives to restore its service and ensure user safety.