Radiant Capital, a decentralized finance (DeFi) lender, reported a significant security breach across multiple blockchain networks, resulting in substantial financial losses. On Wednesday, unidentified attackers exploited vulnerabilities in Radiant’s blockchain contracts on both the Binance Smart Chain (BSC) and Arbitrum platforms.
This breach allowed the perpetrators to siphon off digital assets, including USD Coin (USDC), Wrapped BNB (WBNB), and Ethereum (ETH), totaling over $50 million.
USDC, WBNB, ETH Vanish in $50M Radiant Capital Cyberattack
In a recent report by web3 security startup Ancilia, the attack involved exploiting the ‘transferFrom’ function in the blockchain contracts. Through this vulnerability the attackers were able to perform unauthorized transactions from users accounts leading to the direct theft of USDC, WBNB, and ETH from Radiant’s liquidity pools.
The firm, however, stated that the exploitation of this function could have been prevented by the implementation of more security measures together with regular audits of contract changes.
In addition, revelations show that out of the eleven private keys used for protection and enhancement of the Radiant protocols, three had been tampered with. Security experts are investigating how the keys were obtained, suspecting a phishing attack on key holders or a compromised interface.
Security Measures and Community Response
As a result of the breach, all the lending operations on the Binance Chain and Arbitrum markets initiated by Radiant Capital have been suspended. The organization has partnered with blockchain security companies, SEAL911 and Hypernative, to combat the issues and prevent other future cases.
Radiant has also called on its users to delete questionable approvals on their profiles and temporarily suspended new transactions.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
— Radiant Capital (@RDNTCapital) October 16, 2024
The community response has been one of worry since similar incidents have occurred in the DeFi sector over the past few months. The loss at Radiant Capital poses a question about the effectiveness of existing measures to protect user’s assets.
Moreover, experts suggest that multi-signature wallets, although used by Radiant Capital, require real-time monitoring to prevent unauthorized access. Likewise, it increases support for the higher measures and enhance the protection against such ETH, WBNB, and USDC losses.
With higher regulatory attention towards the growing crypto hacks, Ilya Lichtenstein received a proposed 5 years imprisonment from the US prosecutors. This is for planning the 2016 hack of the Bitfinex exchange, where $6 billion was stolen. Lichtenstein pleaded guilty to charges of money laundering alongside his wife, Heather Morgan, who is facing an 18-month imprisonment.
Disclaimer: The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
Leave a Reply