Radiant Capital’s Arbitrum and BNB Chain Instances Suffer a $51M Hack Attack

Decentralized lending protocol Radiant Capital suffered a hacker attack. Lost $50M in Crypto Assets. Hackers exploited a vulnerability in the protocol’s multi-signature wallet private keys, allowing control of its smart contracts.

The vulnerability affected Radiant Capital’s BNB and Arbitrum instances, costing hackers millions of dollars in assetsincluding Ethereum, USDC and Wrapped BNB (WBNB).

Radiant loses $51 million for allegedly exploiting cryptocurrencies

Blockchain security firm Ancilia Inc. has disclosed a hack against leading cross-chain lending protocol Radiant Capital.

Attackers reportedly exploited a vulnerability in the protocol’s TransferFrom multi-signature wallet system.

This allowed them to gain unauthorized access to user accounts and withdraw millions of dollars in ETH, USDT, BNB and USDC.

according to data According to Arkham Intelligence, the breach began on the protocol’s Arbitrum instance on Wednesday before moving onto the BNB chain.

Radiant uses a multi-signature wallet system called TransferFrom to secure and control its smart contracts. The vulnerability exploits the transferFrom function of the Radiant Capital smart contract to leak the private key of its multi-signature wallet.

As a result, hackers gained unauthorized access to multiple user accounts and withdrew funds to another account. They reportedly moved the coins from a Radiant-controlled wallet to an address starting with 0x0629b, which is said to belong to the hackers.

This address holds more than $32 million in Arbitrum tokens and approximately $18 million in BNB chain assets. Most of the assets are Ethereum derivatives wstETH and weETH.

The wallet’s BNB balance currently shows over $5 million in crypto assets. At the same time, its German bank account programme Token balance is $51 millionits holdings have increased by 2,619,512% since its inception.

Security Concerns and Radiant Capital’s Response

In response to the latest breach, Radiant Capital suspended its base and mainnet markets. It also revealed that it is working with blockchain security companies Chainaanalysis, Hypernative, SEAL911 and ZeroShadow to investigate the incident.

Furthermore, the agreement states that it authorizes US$10 million in funding to compensate the victim for his losses. It advised users to cancel all Radiant contract addresses to avoid further exploitation.

Tony Ke, director of security research at Fuzzland, has warn Users should not interact with these contracts until all potential threats have been addressed. Ko also promised that his company would work with Radiant’s team to investigate the matter and explore possible measures to recover the lost funds..

Recent hacks have raised concerns about the security of multi-signature wallet systems.

The exact cause of the vulnerability remains to be determined. Some have speculated that this could be due to a front-end leak or a phishing scam, This results in the private key holder unknowingly interacting with malware.

Industry experts criticized Radiant’s security measures as inadequate. Polygon Labs chief security officer Mudit Gupta described the incident as a “key management failure.” According to him, Radiant Capital’s multi-signature wallet has 11 signers, but Only three signatures are needed to execute transactions.

The vulnerability had a significant impact on the price of Radiant Capital’s native token, RDNT. The price of RDNT has fallen by more than 11% in the past 24 hours and is currently trading at $0.06429.

At the same time, this is not Radiant Capital’s first breach. In January this year, the lending agreement suffered a flash loan attack. Lost approximately 1,900 ETH, worth $4.5 million.

Our Blog

Receive the latest news, updates and offers


Receive the latest news, updates and offers

This will close in 20 seconds