30s Summary

Radiant Capital, a DeFi platform, reported a cyberattack on October 16 where over $50 million in digital assets were stolen from BNB Chain and Arbitrum networks. The hackers inserted advanced malware into the devices of three developers and carried out unnoticeable malicious transactions. The breach occurred during a multisignature emissions adjustment process via replacing authorizations with a bad transaction. Cybersecurity firm Hacken reported that such exploits accounted for 70% of all stolen crypto funds in Q3, amounting to $316 million.

Full Article

Radiant Capital has shared details about the attacks on October 16, during which more than $50 million worth of digital assets were swiped from BNB Chain and Arbitrum networks. Apparently, the attackers managed to hack into the devices of three long-time developers.

These cybercriminals were smart, managing to get access to the devices by inserting some pretty advanced malware that they then used to carry out dodgy transactions. What made this tricky to spot was that everything looked normal on the Safe{Wallet} (previously known as Gnosis Safe), while the malicious transactions were quietly being carried out behind the scenes.

For those not in the know, Radiant Capital is a decentralized finance (DeFi) platform that lets people earn interest and borrow assets across various blockchain networks. It’s like a market which operates across different chains, allowing transactions on several lending markets including Ethereum, BNB, and Arbitrum.

So, how did the attack unfold? It all happened during a regular process known as a multisignature emissions adjustment – essentially a bit of routine maintenance to adapt to changing market conditions.

Multisignature is a safety measure used by most Web3 protocols, which means multiple authorizations are needed to approve a transaction. The attackers intercepted these authorizations and sneakily replaced them with a bad transaction. When the Safe Wallet noticed something was wrong and showed an error message, users were prompted to try again, giving the attackers a chance to collect all the authorized signatures they needed.

Although this kind of glitch can crop up for a variety of reasons, it didn’t immediately raise any alarms. Ultimately, this series of events led to the attackers stealing three valid signatures.

Trickily enough, these transactions still looked legit, meaning the attack was tough to notice. Not even the manual checks could spot it. It wasn’t until several external security teams had a look that the breach was confirmed.

Adding insult to injury, the thieves also exploited open approvals to withdraw money from user’s accounts, and some other Radiant core developers might have had their devices hacked too. Users have been urged to revoke approvals on all chains to prevent any more issues from happening.

In a somewhat startling revelation, cybersecurity company Hacken reported that these types of access control exploits were behind $316 million worth of lost funds in the third quarter alone. That’s a whopping 70% of all stolen crypto funds during this period.

Source: Cointelegraph