Close Menu
    Ethereum

    Radiant Capital halts lending after exploit

    By No Comments3 Mins Read
    HI Top Hacks So Far, hacker, digital code, crime, criminal, cybercrime, cyber attack, scam

    30s Summary

    Radiant Capital, a cross-chain lending service, suspended operations following a cybersecurity breach resulting in a loss of over $50 million on BNB Chain and Arbitrum. The attack exploited Radiant Capital contracts on BSC & ARB chains via ‘transferFrom’ function, draining user funds. Two separate cybersecurity firms estimate the damage around $50 to $58 million. The attack involved theft of several signers’ private keys, gaining control over smart contracts. The incident underlines the vulnerability of current security measures in the face of increasingly sophisticated web3-based attacks.

    Full Article

    Radiant Capital, a cross-chain lending service, recently had to put a pause on its operations. Why? They were hit with a massive cybersecurity breach on BNB Chain and Arbitrum that resulted in a loss of over $50 million, based on Radiant’s report and the findings of two cybersecurity experts.

    What exactly happened? Well, radiant Capital contracts were taken advantage of on BSC & ARB chains, using the ‘transferFrom’ function. This led to the draining of user funds, encompassing USDC, WBNB, and ETH among others, according to a post by De.Fi Antivirus, a Web3 cybersecurity firm.

    Just how much was lost? Around $58 million according to De.Fi. But, another cybersecurity firm, Ancilia Inc., estimates the damage to be closer to the $50 million mark.

    Radiant acknowledged the issue, stating they were aware of a problem with the Radiant Lending markets on Binance Chain and Arbitrum. They assured they were working with SEAL911, Hypernative, ZeroShadow, and Chainalysis to resolve the issue. As a result, Radiant paused markets on Base and Mainnet until further clarity is achieved.

    How did this go down? The bad guy supposedly got hold of several signers’ private keys, which led them to control of several smart contracts. Pop Punk, co-founder of token launch platform g8keep, likened the scenario to a school bully stealing lunch money. He alerted users to revoke all approvals, underlining losses in tens of millions so far.

    Just to put things in perspective, around $316 million, or almost 70% of total funds stolen in crypto hacks on the third quarter of 2024, happened due to access control mechanism exploits. Despite multisigs being a popular way to secure Web3 protocols, they could create single points of failure that can be exploited by attackers.

    A move beyond the current security measures isn’t just a suggestion, it’s a necessity to retain user trust in blockchain technology, as highlighted by Sreeram Kannan, founder of restaking protocol EigenLayer.

    Source: Cointelegraph

    Related Posts