Radiant Capital, a decentralized finance (DeFi) lender, reported a significant security breach across multiple blockchain networks, resulting in substantial financial losses. On Wednesday, unidentified attackers exploited vulnerabilities in Radiant’s blockchain contracts on both the Binance Smart Chain (BSC) and Arbitrum platforms.
This breach allowed the perpetrators to siphon off digital assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ethereum (ETH), totaling over $50 million.
USDC, WBNB, ETH Vanish in $50M Radiant Capital Cyberattack
According to web3 security startup Ancilia, the attack targeted the ‘transferFrom’ function within the blockchain contracts. This vulnerability allowed the attackers to initiate unauthorized transactions from user accounts, which led to the direct theft of USDC, WBNB, and ETH from Radiant’s liquidity pools.
The firm, however, noted that the exploitation of this function could have been mitigated with more security measures and timely audits of contract changes.
Additionally, reports indicate that three of the eleven private keys responsible for securing and upgrading Radiant’s protocols were compromised. The security experts are investigating how these keys were accessed, with initial theories suggesting a possible phishing attack against key holders or a malware-infected interface used by the holders.
Security Measures and Community Response
In response to the breach, Radiant Capital has paused all operations on its Binance Chain and Arbitrum lending markets. The organization is collaborating with blockchain security firms, including SEAL911 and Hypernative, to address the vulnerabilities and prevent future incidents.
Radiant has also urged its users to revoke suspicious approvals on their accounts and temporarily halted new transactions.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
— Radiant Capital (@RDNTCapital) October 16, 2024
The community reaction has been one of concern, as similar exploits have plagued the DeFi space in recent months. The loss at Radiant Capital raises questions about the efficacy of current security practices in safeguarding user funds.
Moreover, experts suggest that multi-signature wallets, although used by Radiant Capital, require stricter controls and real-time monitoring to prevent unauthorized access. Similarly, adopting more advanced measures and regular third-party audits will boost defenses against such ETH, WBNB, and USDC losses.
Following increased regulatory scrutiny on the rising crypto hacks, Ilya Lichtenstein faced a proposed 5-year prison sentence from US prosecutors. This is for orchestrating the 2016 Bitfinex exchange hack, which stole $6 billion. Lichtenstein and his wife, Heather Morgan, who faces an 18-month sentence, have pleaded guilty to charges related to money laundering.
Ronny Mugendi
Ronny Mugendi is a seasoned crypto journalist with four years of professional experience, having contributed significantly to various media outlets on cryptocurrency trends and technologies. With over 4000 published articles across various media outlets, he aims to inform, educate and introduce more people to the Blockchain and DeFi world. Outside of his journalism career, Ronny enjoys the thrill of bike riding, exploring new trails and landscapes.
Disclaimer: The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
✓ Share: