Radiant Capital has released a detailed analysis of the October 16 exploit that resulted in the loss of more than $50 million in user funds.
According to the autopsy, the attacker used highly advanced malware to poison the transactions, allowing them to steal funds during a routine multi-signature process.
Attack methodology Common errors exploited
It all started with the hacker who compromised the hard wallets belonging to three of the protocol’s main developers and injected them with malware that mimicked legitimate transactions. When developers signed what they believed to be routine emission adjustments, the malware executed unauthorized transactions in the background.
Radiant Capital reiterated that its collaborators followed standard operating procedures to the letter in the fateful process. They simulated each transaction for accuracy on the full-stack Web3 infrastructure platform, Tenderly, while subjecting them to individual review at each signature stage.
Despite these multiple layers of verification, front-end checks showed no visible signs of anomalies even when malware was introduced into the protocol’s systems.
What also stood out in the company’s assessment was how the attacker took advantage of common transaction errors to execute the hack. They used wallet shipments, often caused by fluctuating gas prices or network congestion, as cover to collect private keys while maintaining the appearance of normality.
The perpetrator then gained control of some smart contracts and eventually siphoned off millions of dollars in cryptocurrencies, including USDC, wrapped BNB (wBNB), and Ethereum (ETH).
The actual amount stolen varies between $50 million and $58 million, depending on which source reports it. However, the decentralized finance (DeFi) platform has indicated the lower figure in its accounting of the incident.
The FBI was tapped to help recover the stolen funds
In the report, the cross-chain lender said it is working closely with US law enforcement, including the FBI, as well as cybersecurity firms SEAL911 and ZeroShadow to track down the stolen crypto.
Also, as a precaution, it advised users to revoke approvals from all chains, including Arbitrum, BSC, and Base. This step is a response to the exploiter capitalizing on open approvals to drain funds from accounts.
Radiant Capital has also created new cold wallets and adjusted signature thresholds to improve platform security. It has also introduced a mandatory 72-hour delay for all contract updates and property transfers. It is intended to give the community sufficient time to verify transactions before final execution.
However, given the level of sophistication of the breach, the firm has admitted that even these measures may not have prevented the attack.
DeFi holdings have grown at an alarming rate, and a couple of recent surveys paint a grim picture. According to PeckShield, there were more than 20 hacks in September, leading to losses of more than $120 million.
Additionally, another on-chain security company, Hacken, announced that more than $440 million stolen from crypto platforms in the third quarter of 2024 was lost forever.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!