Overview of the Hack on Radiant Capital
On Wednesday, Radiant Capital, a blockchain protocol known for its cross-chain lending capabilities and backed by Binance, faced a significant security breach. Attackers managed to steal over $50 million in various cryptocurrencies, raising alarms within the crypto community.
Details of the Attack
According to the Web3 security firm De.Fi Antivirus, the attackers gained control of three out of the eleven private keys required for updates to the protocol. This breach allowed them to modify smart contracts on two major networks: Arbitrum and Binance Smart Chain (BSC).
The hackers exploited a vulnerability labeled ‘transferFrom,’ which enabled them to directly transfer tokens from user accounts into their own wallets. The stolen assets included popular cryptocurrencies such as USDC, ETH, and BNB.
De.Fi Antivirus provided a warning on social media platforms regarding the exploit, urging users to revoke their approvals to prevent further unauthorized access to their funds.
Immediate Response and Actions
After discovering the hack, Radiant Capital took swift action to mitigate the damage by temporarily suspending its lending operations on both the BNB Chain and Arbitrum platforms. The team stated that they are collaborating with several security firms, including SEAL911, Hypernative, ZeroShadow, and Chainalysis, to investigate the breach and implement necessary measures. Meanwhile, operations on the Base and Mainnet are also paused until a security resolution is reached.
Analysis of Stolen Assets
Follow-up investigations revealed that the hacker converted the stolen cryptocurrencies into approximately 12,835 ETH, worth around $33.6 million, and 32,113 BNB, valued at $19.4 million. This indicates a well-planned operation, showcasing how rapidly stolen assets can be liquidated in the crypto market.
Radiant Capital’s History of Security Breaches
This incident marks the second time Radiant Capital has encountered a security breach within the year. In January, the platform lost $4.5 million due to a different exploit linked to a smart contract flaw. De.Fi Antivirus noted that the recent attack is distinctly different, as it involved gaining access to key signers, enabling the hackers to transfer ownership and upgrade contracts.
Context of Increasing Cybersecurity Threats in Crypto
The breach at Radiant Capital is part of a broader trend in the cryptocurrency space, where attacks on various platforms have surged. In September 2024 alone, attackers were reported to have stolen over $120 million across multiple crypto platforms. Data from PeckShield highlighted more than 20 incidents affecting both centralized and decentralized systems, with significant losses recorded from platforms like BingX, Penpie, and Indodax, racking up a combined total of over $90 million in losses.