In an unfortunate event, the lending protocol known as Radiant Capital has allegedly fallen victim to a cyberattack that compromised its contracts on both the BNB Chain and Arbitrum. The breach resulted in over $50 million being siphoned off, with in excess of $32 million drained from Arbitrum and approximately $18 million from the BNB Chain.
The platform has suffered two exploits this year, with over $55 million drained.
The breach was first pinpointed by various security professionals. According to Ancilia, a company specializing in Web3 cybersecurity, unusual transfers were detected from user accounts through a contract owned by Radiant Capital.
#ancilia_alerts It seems like something happen with @RDNTCapital We observed several 'transferFrom' actions being executed from users' accounts via contract address 0xd50cf00b6e600dd036ba8ef475677d816d6c4281 on the BSC. Users are advised to revoke their approval immediately. The recent update appears to have...
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
Hacking Everywhere
Following the discovery, Radiant Capital confirmed that four of its contracts had been exploited, prompting them to instruct users to revoke approvals for these contracts to prevent further illicit transfers. As a precaution, the project suspended operations on Base and Mainnet at the time of the breach acknowledgment.
Radiant Capital has stated they are actively collaborating with SEAL911, Hypernative, ZeroShadow, and Chainalysis to resolve the issue. There are no new updates from the project at the present moment.
“We're working to address issues affecting Radiant's lending markets on both the Binance Chain and Arbitrum, in collaboration with SEAL911, Hypernative, ZeroShadow, and Chainalysis. An update will be provided as soon as possible. Operations on Base and Mainnet are paused for now,” stated the team.
Initial investigations suggest the hacker used a backdoor contract to access funds in Radiant Capital's lending pools, affecting several tokens including Wrapped BNB (WBNB), Wrapped Ether (WETH), USD Coin (USDC), and Tether (USDT).
Smashing Through Security
The exploiter was able to secure 3 out of the 11 multisignature approval private keys, a sufficient number to transfer control of Radiant’s lending pool funds to their own account, following which they withdrew the assets.
This incident raises questions regarding Radiant Capital’s decision to set a low approval threshold for multisignature wallets, which typically require multiple endorsements for any transaction.
A recent follow-up on the hack reveals that Ancilia, who were among the first to highlight the issue, mistakenly disseminated a link leading to a harmful wallet drainer while trying to assist Radiant Capital users.
This error was quickly discovered by community members, leading to further fund losses. Ancilia faces criticism for their inadequate security practices amid ongoing efforts by users to prevent further damage.
Second Attack This Year
Radiant Capital’s native cryptocurrency, RDNT, experienced a 9% decline soon after the breach. Currently, as per CoinGecko, it's valued at around $0.066, with its market capitalization falling from $84 million to $75.8 million.
This marks the second time Radiant Capital has been targeted by attackers. The protocol experienced its first breach back in January, which resulted in the theft of approximately $4.5 million worth of Ethereum. On that occasion, the attacker used a flash loan strategy to manipulate Radiant Capital's liquidity index and withdraw funds.
Following the hacking incident, Radiant Capital took the precautionary step of temporarily shutting down its lending and borrowing functionalities. The stolen funds were reportedly transferred to a wallet that remained dormant for a certain period.
Since then, the project has struggled to maintain its total value locked (TVL), suffering a decrease of nearly 37% after the initial breach in January. Despite some recovery by March, approximately 75% of its TVL has been lost year-to-date due to ongoing vulnerabilities and market pressures.
This year, the DeFi sector witnessed a series of breaches, with overall losses topping $1.2 billion. However, there has been a noticeable reduction in large-scale exploits compared to previous years. For cybercriminals, hacking cryptocurrency systems remains a lucrative endeavor.
At the beginning of January 2024, Orbit Chain fell victim to hackers, losing roughly $80 million because its multi-signature wallet was compromised. Also, in March, Prisma Finance suffered a loss of about $10 million due to exploitation.
