Radiant Capital was hacked on Wednesday, resulting in over $50 million in losses.
Several blockchain security companies have reported that the exploit occurred due to an apparent cyberattack targeting the platform’s smart contracts on both the Binance and Arbitrum networks.
Committed multisign
The incident was first spotted by blockchain security firm Ancilia Inc., which reported suspicious activity on a Radiant Capital smart contract on the BNB chain at 1:35 PM ET in a post X .
According to Ancilia, several on-chain transactions showed that hackers drained at least $18 million of Radiant into the BNB network. The attack soon spread to their liquidity pools on the Ethereum Arbitrum Layer 2 network, where more assets were compromised.
Web3 security firm De.Fi explained that bad actors gained control by compromising multi-signature, which requires the approval of multiple signers to execute transactions. The attacker was able to obtain the private keys of 3 of the 11 signers securing the Radiant wallet. This gave them enough access to update the platform’s smart contracts and transfer ownership.
Hacken reported that funds were drained from various trading groups on Radiant, including those holding popular cryptocurrencies such as USDC, USDT, wrapped Bitcoin (wBTC), wrapped Ethereum (wETH), Binance Coin (wBNB), and others.
Spot On Chain revealed that the protocol was mined for $53 million worth of crypto assets. The hacker has since converted the stolen funds into native tokens, with 12,835 ETH (worth $33.56 million) and 32,113 BNB (worth $19.35 million) in two wallet addresses.
Radiant capital response
The DeFi platform confirmed the incident in an X post, stating that it was aware of suspicious activity affecting its lending markets on Binance Chain and Arbitrum. It responded by suspending its markets on Ethereum and the Layer 2 Base network “until further notice” while it investigated the breach.
“We are aware of an issue with the radiating loan markets on Binance Chain and Arbitrum.”
The announcement also mentioned that Radiant is working with several Web3 security partners, including SEAL911, Hypernative, ZeroShadow, and Chainalysis, to resolve the situation and prevent further damage. It has also urged users to revoke all permissions from the smart contracts that power its protocol.
Meanwhile, this is the second exploit the protocol has faced this year. In January 2024, the lending platform lost $4.5 million in an unrelated hack caused by a vulnerability in its smart contracts.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!