The lending protocol Radiant Capital, supported by Binance Labs, has been hacked, resulting in a loss of over $50 million. Hackers gained access to the private keys of three out of the 11 signatures of the multisig wallet and modified the smart contracts, allowing them to withdraw funds. The attack affected both the BNB Chain and Arbitrum networks.
We are aware of an issue with the Radiant Lending markets on Binance Chain and Arbitrum. We are working with SEAL911, Hypernative, ZeroShadow & Chainalysis and will provide an update as soon as possible. Markets on Base and Mainnet are paused until further notice.
— Radiant Capital (@RDNTCapital) October 16, 2024
Loss Breakdown
According to Ancilia, the total loss exceeded $50 million.
How the Hack Happened?
“We noticed multiple transfers from users’ accounts through the transferFrom function via contract 0xd50cf00b6e600dd036ba8ef475677d816d6c4281. Please revoke permissions as soon as possible. The new smart contract implementation had vulnerable functions,” said Ancilia experts.
The transferFrom exploit uses a vulnerability in the smart contract that allows attackers to transfer tokens from the victim’s account to their wallets. Typically, this requires prior approval from the victim for interaction with a fraudulent address. The backdoor contract was deployed on BNB Chain and Arbitrum around 20:09 (MSK) on October 16, 2024.
4/ thanks for the update from replies. Seems like Arbitrum contract was hacked, too:https://t.co/E7kLLavJ7C
— Ancilia, Inc. (@AnciliaInc) October 16, 2024
The total lost is > $50M now.
Ancilia’s Mistake
Ancilia accidentally published a link to a tool for stealing funds from cryptocurrency wallets in a tweet from a fake Radiant Capital account, which sparked widespread attention in the crypto community. A user named Spreek pointed out this incident, after which the tweet was deleted.
For fuck's sake, if you are a 'trusted' security account, you need to absolutely make sure to never do this pic.twitter.com/2jrpN7P00L
— Spreek (@spreekaway) October 16, 2024
Signature Breach and Community Response
De.Fi, a company specializing in the security of DeFi protocols, reported that the hackers gained access to the private keys of three out of 11 signatures in the multisig wallet governing Radiant Capital. This was enough to modify the smart contracts and withdraw funds from the platform. The total losses amounted to $58 million.
🚨~$58,000,000 Exploit Alert🚨
— De.Fi Antivirus Web3 🛡️ (@De_FiSecurity) October 16, 2024
Radiant Capital contracts were exploited on BSC & ARB chains with the 'transferFrom' function, which allowed to drain users' funds, namely $USDC $WBNB $ETH and others
⚠️Revoke approvals ASAP👇
0xd50cf00b6e600dd036ba8ef475677d816d6c4281 pic.twitter.com/oUHyshwEmL
Binance’s Reaction and RDNT Token Price Impact
In July 2023, Binance Labs, the venture arm of the largest cryptocurrency exchange Binance, invested $10 million in Radiant Capital. The platform was also launched on Binance Launchpool. However, following the hack, the RDNT token lost 10% of its value over the last 24 hours.
Radiant Capital is a cross-chain protocol for borrowing and lending cryptocurrencies. In January 2024, the project was already targeted in an attack, resulting in a theft of $4.5 million.
General Crypto Industry Losses
It’s worth noting that in the third quarter of 2024, the cryptocurrency industry lost $753 million due to 155 incidents, including hacks, exploits, and fraudulent schemes. Incidents like the attack on Radiant Capital highlight the need for enhanced security in decentralized financial platforms.
Cryptol – your source for the latest news on cryptocurrencies, information technology, and decentralized solutions. Stay informed about the latest trends in the digital world.